Ongeldige installatiekopie + UTubeNoAds1.8

[zakenmanhenk]

Beste mensen,

Sinds ongeveer een week is het mij opgevallen dat er woorden onderstreept zijn in mijn webbrowser, en er soms random advertenties oppoppen. Bij Chrome Extensies staat dan ook "UTubeNoAds1.8" en "Geinstalleerd door bedrijfsbeleid" en kan het dus ook niet disablen of verwijderen. Als reactie hierop heb ik;

- Verwijderen en installeren van Chrome

- MalwareBytes Anti-Malware

- HitmanPro

- Adwcleaner

- Opschonen van cookies en verwijderen van dingen die ik niet nodig heb

- Avira Antivirus

- SuperAntiSpyware

- Daarna nog een systeemherstel naar 27 februari

Allemaal heeft het niet geholpen, en heeft het zelfs een nieuw probleem gegeven: Bij het opstarten van veel dingen geeft het aan een "Ongeldige installatiekopie" te zijn. Sommige dingen starten dan wel op, maar sommige ook niet.

Alvast bedankt, logje van HijackThis hieronder:

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 20:56:39, on 16-3-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

FIREFOX: 9.0.1 (nl)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe

C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Users\Jan\Music\Downloads\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

R3 - URLSearchHook: File Bulldog Toolbar - {1393c215-0520-410e-ab29-3badab478ec4} - C:\Program Files\filebulldogtb\filebulldogDx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: DDeealExpressS - {86D0B9F7-0E6D-33B5-873A-9A03D5D7EEB9} - C:\ProgramData\DDeealExpressS\q7.dll

O2 - BHO: UTubeNoAds - {B3C29BB5-EAE3-8A4B-4277-99BFE4EC54EB} - C:\ProgramData\UTubeNoAds\ae.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [File Bulldog Anti-phishing Domain Advisor] "C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe

O4 - HKCU\..\Run: [TeamSpeak 3 Client] "C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe"

O4 - HKCU\..\Run: [Tiny download manager] "C:\Users\Jan\AppData\Local\DM\TinyDM.exe" /M

O4 - HKCU\..\Run: [F.lux] "C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing)

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - MSN Games - Free Online Games

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~2\wincle~1\wincle~1.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe

O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: RzKLService - Razer Inc. - C:\Program Files\Razer\Razer Game Booster\RzKLService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--

End of file - 14301 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

R3 - URLSearchHook: File Bulldog Toolbar - {1393c215-0520-410e-ab29-3badab478ec4} - C:\Program Files\filebulldogtb\filebulldogDx.dll

O2 - BHO: DDeealExpressS - {86D0B9F7-0E6D-33B5-873A-9A03D5D7EEB9} - C:\ProgramData\DDeealExpressS\q7.dll

O2 - BHO: UTubeNoAds - {B3C29BB5-EAE3-8A4B-4277-99BFE4EC54EB} - C:\ProgramData\UTubeNoAds\ae.dll

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [File Bulldog Anti-phishing Domain Advisor] "C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe"

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing)

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronica, Auto's, Mode, Verzamelobjecten, Coupons en Meer | eBay (file missing) (HKCU)

O20 - AppInit_DLLs: c:\progra~2\wincle~1\wincle~1.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[zakenmanhenk]

Bedankt voor je reactie, ik heb gedaan wat je zei!

Hier de log van RSIT

Logfile of random's system information tool 1.09 (written by random/random)

Run by Jan at 2014-03-17 13:52:06

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 383 GB (41%) free of 932 GB

Total RAM: 3063 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:52:17, on 17-3-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16521)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe

C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Jan\Music\Downloads\RSIT.exe

C:\Program Files\trend micro\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe

O4 - HKCU\..\Run: [TeamSpeak 3 Client] "C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe"

O4 - HKCU\..\Run: [Tiny download manager] "C:\Users\Jan\AppData\Local\DM\TinyDM.exe" /M

O4 - HKCU\..\Run: [F.lux] "C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - MSN Games - Free Online Games

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe

O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: McAfee Peer Distribution Service (RumorServer) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: RzKLService - Razer Inc. - C:\Program Files\Razer\Razer Game Booster\RzKLService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--

End of file - 12487 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

prefs.js - "extensions.enabledItems" - "ffxtlbr@babylon.com:1.1.3, battlefieldheroespatcher@ea.com:4.0.53.0, engine@conduit.com:3.3.3.2, {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0, it-IT@dictionaries.addons.mozilla.org:3.2, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, {942cd1d4-9cc1-4d31-876a-ea8f489f7a59}:3.3.2.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5, {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}:3.3.3.2, {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.18"

prefs.js - "keyword.URL" - "http://search.filebulldog.com/results/1/vmn/___userguid___?q="

"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"=C:\Program Files\Common Files\McAfee\SystemCore

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"=C:\Program Files\McAfee\SiteAdvisor Enterprise\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.77 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1]

"Description"=

"Path"=C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ahnlab.com/asp/npmkd25aos]

"Description"=AhnLab Online Security

"Path"=C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@gamersfirst.com/LiveLauncher]

"Description"=GamersFirst LIVE! Web Launcher

"Path"=C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]

"Description"=Office Live Update v1.5

"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]

"Description"=Nexon Game Controller

"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]

"Description"=This plugin detects and launches Pando Media Booster

"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIBitCometAgent.xpt

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

np-mswmp.dll

npBitCometAgent.dll

npijjiautoinstallpluginff.dll

npmkd25aos.xpt

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\

BearShareWebSearch.xml

bing.xml

bolcom-nl.xml

filebulldogtb.xml

google.xml

marktplaats-nl.xml

wikipedia-nl.xml

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\extensions\

staged

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\searchplugins\

BearShareWebSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2009-10-02 284696]

"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-08-04 7703072]

"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]

"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]

"snpstd3"=C:\Windows\vsnpstd3.exe [2005-09-05 339968]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [2012-05-04 476736]

""= []

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-08-16 152392]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2014-02-26 3814736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"=C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2012-11-25 1193176]

"Easy Driver Pro"=C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe []

"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2012-10-26 3093624]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]

"Dxtory Update Checker 2.0"=C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe [2010-10-17 93696]

"TeamSpeak 3 Client"=C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe [2013-10-24 9547240]

"Tiny download manager"=C:\Users\Jan\AppData\Local\DM\TinyDM.exe /M []

"F.lux"=C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-16 1016712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"msacm.siren"=sirenacm.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.XFR1"=xfcodec.dll

"VIDC.FPS1"=frapsvid.dll

"MSVideo8"=VfWWDM32.dll

"VIDC.IV41"=IR41_32.AX

"vidc.x264"=C:\PROGRA~1\x264vfw\x264vfw.dll

"vidc.xtor"=DxtoryCodec.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave5"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux1"=wdmaud.drv

"wave6"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer6"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2014-03-17 13:52:06 ----D---- C:\rsit

2014-03-17 13:52:06 ----D---- C:\Program Files\trend micro

2014-03-16 15:52:33 ----A---- C:\Windows\system32\iernonce.dll

2014-03-16 15:52:33 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-03-16 15:52:33 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-03-16 15:52:32 ----A---- C:\Windows\system32\jsproxy.dll

2014-03-16 15:52:30 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-16 15:52:30 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-03-16 15:52:29 ----A---- C:\Windows\system32\jscript9diag.dll

2014-03-16 15:52:29 ----A---- C:\Windows\system32\ieapfltr.dll

2014-03-16 15:52:28 ----A---- C:\Windows\system32\wininet.dll

2014-03-16 15:52:27 ----A---- C:\Windows\system32\ieui.dll

2014-03-16 15:52:26 ----A---- C:\Windows\system32\ieUnatt.exe

2014-03-16 15:52:25 ----A---- C:\Windows\system32\jscript9.dll

2014-03-16 15:52:25 ----A---- C:\Windows\system32\iertutil.dll

2014-03-16 15:52:24 ----A---- C:\Windows\system32\mshtml.dll

2014-03-16 15:52:23 ----A---- C:\Windows\system32\urlmon.dll

2014-03-16 15:52:22 ----A---- C:\Windows\system32\msfeeds.dll

2014-03-16 15:52:19 ----A---- C:\Windows\system32\msrating.dll

2014-03-16 15:52:19 ----A---- C:\Windows\system32\ie4uinit.exe

2014-03-16 15:52:18 ----A---- C:\Windows\system32\iesetup.dll

2014-03-16 15:52:18 ----A---- C:\Windows\system32\ieframe.dll

2014-03-16 15:51:29 ----A---- C:\Windows\system32\WindowsCodecs.dll

2014-03-16 15:51:25 ----A---- C:\Windows\system32\wer.dll

2014-03-16 15:49:25 ----A---- C:\Windows\system32\qedit.dll

2014-03-16 15:49:23 ----A---- C:\Windows\system32\wwansvc.dll

2014-03-16 15:49:21 ----A---- C:\Windows\system32\win32k.sys

2014-03-15 23:49:27 ----D---- C:\Program Files\Rockstar Games

2014-03-14 15:51:57 ----D---- C:\ProgramData\Avira

2014-03-14 13:46:22 ----D---- C:\Program Files\HitmanPro

2014-03-14 13:45:56 ----D---- C:\ProgramData\HitmanPro

2014-03-14 13:37:08 ----D---- C:\AdwCleaner

2014-03-12 18:53:10 ----D---- C:\Users\Jan\AppData\Roaming\Malwarebytes

2014-03-12 18:52:48 ----D---- C:\ProgramData\Malwarebytes

2014-03-12 18:52:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2014-03-07 15:19:06 ----D---- C:\ProgramData\CoUUPExxtensiona

2014-02-27 14:00:22 ----D---- C:\Program Files\LogMeIn Hamachi

2014-02-21 17:29:51 ----D---- C:\DirectX9.0c

2014-02-21 17:29:49 ----D---- C:\Program Files\Shining Rock Software LLC

2014-02-19 14:02:59 ----D---- C:\ProgramData\Tunngle

2014-02-13 23:34:44 ----A---- C:\Windows\system32\vbscript.dll

2014-02-13 23:24:14 ----A---- C:\Windows\system32\msxml3r.dll

2014-02-13 23:24:14 ----A---- C:\Windows\system32\msxml3.dll

2014-02-13 23:23:50 ----A---- C:\Windows\system32\d3d10warp.dll

2014-02-13 23:23:50 ----A---- C:\Windows\system32\d2d1.dll

2014-02-13 23:23:40 ----A---- C:\Windows\system32\RMActivate_isv.exe

2014-02-13 23:23:40 ----A---- C:\Windows\system32\RMActivate.exe

2014-02-13 23:23:39 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-13 23:23:36 ----A---- C:\Windows\system32\secproc_isv.dll

2014-02-13 23:23:36 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2014-02-13 23:23:34 ----A---- C:\Windows\system32\secproc.dll

2014-02-13 23:23:33 ----A---- C:\Windows\system32\msdrm.dll

2014-02-13 23:23:30 ----A---- C:\Windows\system32\secproc_ssp.dll

2014-02-13 23:23:29 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2014-02-06 17:27:48 ----D---- C:\Users\Jan\AppData\Roaming\Nidhogg

2014-02-06 17:27:32 ----D---- C:\Program Files\Nidhogg

2014-01-31 13:14:04 ----D---- C:\ProgramData\UTubeNoAds

2014-01-31 13:14:03 ----D---- C:\ProgramData\ekgkagjbglcemcollhkmhodfmdneojpa

2014-01-29 20:04:27 ----A---- C:\Windows\system32\javaws.exe

2014-01-29 20:04:23 ----A---- C:\Windows\system32\WindowsAccessBridge.dll

2014-01-29 20:04:23 ----A---- C:\Windows\system32\javaw.exe

2014-01-29 20:04:22 ----A---- C:\Windows\system32\java.exe

2014-01-15 21:35:55 ----D---- C:\Users\Jan\AppData\Roaming\Music Editor Free

2014-01-15 21:35:45 ----A---- C:\Windows\system32\NCTWMAFile2.dll

2014-01-15 21:35:45 ----A---- C:\Windows\system32\NCTTextToAudio2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioVisualization2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioTransform2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioRecord2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioInformation2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioFile2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioEditor2.dll

2014-01-15 21:35:44 ----A---- C:\Windows\system32\NCTAudioCDGrabber2.dll

2014-01-15 21:35:43 ----D---- C:\Program Files\Music Editor Free

2014-01-15 21:35:43 ----A---- C:\Windows\system32\msvcr70.dll

2014-01-15 21:31:05 ----D---- C:\ConvertedMedia

2014-01-15 21:29:22 ----A---- C:\Windows\system32\tak_deco_lib.dll

2014-01-15 21:29:22 ----A---- C:\Windows\system32\dsfTAKSource.dll

2014-01-15 21:29:22 ----A---- C:\Windows\system32\bass_tta.dll

2014-01-15 21:29:22 ----A---- C:\Windows\system32\bass_ofr.dll

2014-01-15 21:29:22 ----A---- C:\Windows\system32\bass_mpc.dll

2014-01-15 21:29:22 ----A---- C:\Windows\system32\bass_ape.dll

2014-01-15 21:29:21 ----A---- C:\Windows\system32\Registration.ini

2014-01-15 21:29:21 ----A---- C:\Windows\system32\bass_wv.dll

2014-01-15 21:29:21 ----A---- C:\Windows\system32\bass_flac.dll

2014-01-15 21:29:20 ----A---- C:\Windows\system32\OptimFROG.dll

2014-01-15 21:29:20 ----A---- C:\Windows\system32\bass_alac.dll

2014-01-15 21:29:20 ----A---- C:\Windows\system32\bass.dll

2014-01-15 21:29:19 ----A---- C:\Windows\system32\bass_aac.dll

2014-01-15 21:29:15 ----A---- C:\Windows\system32\t3odm.dll

2014-01-15 21:29:14 ----D---- C:\Program Files\MP3 Converter

2014-01-15 21:22:07 ----D---- C:\Users\Jan\AppData\Roaming\Free WAV to MP3 Converter

2014-01-15 21:08:47 ----D---- C:\Program Files\Free WAV to MP3 Converter

2014-01-15 18:39:16 ----D---- C:\Users\Jan\AppData\Roaming\Audacity

2014-01-15 18:38:51 ----D---- C:\Program Files\Audacity

2014-01-15 13:26:21 ----A---- C:\Windows\system32\drivers\netio.sys

2014-01-15 13:26:18 ----A---- C:\Windows\system32\drivers\usbehci.sys

2014-01-15 13:26:17 ----A---- C:\Windows\system32\drivers\usbport.sys

2014-01-15 13:26:17 ----A---- C:\Windows\system32\drivers\usbhub.sys

2014-01-15 13:26:17 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2014-01-15 13:26:16 ----A---- C:\Windows\system32\drivers\usbd.sys

2014-01-15 13:26:15 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2014-01-15 13:26:15 ----A---- C:\Windows\system32\drivers\usbohci.sys

2013-12-31 12:38:40 ----D---- C:\ProgramData\DDeealExpressS

2013-12-31 12:38:31 ----D---- C:\ProgramData\e1b3be76b17c7983

2013-12-28 01:26:05 ----D---- C:\Program Files\Common Files\Microsoft Games

2013-12-27 23:08:42 ----D---- C:\Program Files\Age of Empires II HD The Forgotten

2013-12-27 22:44:07 ----D---- C:\ProgramData\Winclean performap

======List of files/folders modified in the last 3 months======

2014-03-17 13:52:07 ----D---- C:\Windows\Temp

2014-03-17 13:52:06 ----RD---- C:\Program Files

2014-03-17 13:46:55 ----D---- C:\Users\Jan\AppData\Roaming\Skype

2014-03-17 13:46:39 ----D---- C:\Users\Jan\AppData\Roaming\TS3Client

2014-03-17 13:44:01 ----D---- C:\Windows\winsxs

2014-03-17 13:43:03 ----D---- C:\Windows\system32\config

2014-03-17 13:41:42 ----D---- C:\Windows\System32

2014-03-17 13:41:40 ----D---- C:\Program Files\Internet Explorer

2014-03-17 13:41:34 ----D---- C:\Program Files\Microsoft Silverlight

2014-03-16 22:29:13 ----SHD---- C:\System Volume Information

2014-03-16 20:56:25 ----D---- C:\Windows\system32\Tasks

2014-03-16 16:52:05 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-03-16 15:51:45 ----D---- C:\Windows\system32\catroot

2014-03-16 15:51:44 ----D---- C:\Windows\system32\catroot2

2014-03-16 15:47:18 ----SHD---- C:\Windows\Installer

2014-03-16 15:40:54 ----D---- C:\Windows\Tasks

2014-03-16 15:40:54 ----D---- C:\Windows\system32\wfp

2014-03-16 15:40:54 ----D---- C:\Program Files\ConduitEngine

2014-03-16 15:40:50 ----D---- C:\Windows\system32\wbem

2014-03-16 15:40:50 ----D---- C:\Windows

2014-03-16 15:39:34 ----D---- C:\Windows\system32\DriverStore

2014-03-16 15:39:34 ----D---- C:\Windows\system32\drivers

2014-03-16 15:39:33 ----D---- C:\Windows\system32\CodeIntegrity

2014-03-16 15:39:33 ----D---- C:\Windows\Microsoft.NET

2014-03-16 15:39:22 ----D---- C:\Windows\inf

2014-03-16 15:39:19 ----D---- C:\Windows\AppCompat

2014-03-16 15:39:19 ----D---- C:\Users\Jan\AppData\Roaming\Tunngle

2014-03-16 15:39:18 ----D---- C:\Users\Jan\AppData\Roaming\DealPly

2014-03-16 15:39:15 ----HD---- C:\ProgramData

2014-03-16 15:39:15 ----D---- C:\ProgramData\Tarma Installer

2014-03-16 15:39:14 ----D---- C:\ProgramData\MagniPic

2014-03-16 15:39:14 ----D---- C:\ProgramData\InstallMate

2014-03-16 15:39:14 ----D---- C:\ProgramData\DAEMON Tools Lite

2014-03-16 15:39:14 ----D---- C:\Program Files\Yontoo

2014-03-16 15:39:14 ----D---- C:\Program Files\Windows iLivid Toolbar

2014-03-16 15:39:14 ----D---- C:\Program Files\ToggleDU

2014-03-16 15:39:14 ----D---- C:\Program Files\Steam

2014-03-16 15:39:12 ----D---- C:\Program Files\InnoGames_International

2014-03-16 15:39:12 ----D---- C:\Program Files\iLivid

2014-03-16 15:39:12 ----D---- C:\Program Files\FrostWire 5

2014-03-16 15:39:12 ----D---- C:\Program Files\Free Offers from Freeze.com

2014-03-16 15:39:12 ----D---- C:\Program Files\FoxTabVideoConverter

2014-03-16 15:39:12 ----D---- C:\Program Files\DealPly

2014-03-16 15:39:12 ----D---- C:\Program Files\Conduit

2014-03-16 15:39:12 ----D---- C:\Program Files\Common Files\Steam

2014-03-16 15:39:12 ----D---- C:\Program Files\Common Files\Plasmoo

2014-03-16 15:39:12 ----D---- C:\Program Files\Common Files\DVDVideoSoft

2014-03-16 15:39:12 ----D---- C:\Program Files\Common Files

2014-03-16 15:39:11 ----D---- C:\Program Files\BearShare Applications

2014-03-16 15:39:11 ----D---- C:\Program Files\AVS4YOU

2014-03-16 15:39:11 ----D---- C:\Program Files\Ask.com

2014-03-16 15:38:40 ----D---- C:\Windows\registration

2014-03-16 15:38:27 ----D---- C:\Windows\system32\wdi

2014-03-16 15:34:46 ----SD---- C:\ProgramData\Microsoft

2014-03-14 13:44:42 ----D---- C:\Windows\Prefetch

2014-03-13 15:48:28 ----D---- C:\Windows\tracing

2014-02-21 17:29:52 ----SD---- C:\Users\Jan\AppData\Roaming\Microsoft

2014-02-20 12:55:26 ----D---- C:\Program Files\osu!

2014-02-19 15:17:37 ----D---- C:\Windows\rescache

2014-02-19 14:03:03 ----D---- C:\Program Files\Tunngle

2014-02-14 16:56:10 ----RSD---- C:\Windows\assembly

2014-02-13 23:38:51 ----D---- C:\Windows\system32\MRT

2014-02-13 23:35:37 ----A---- C:\Windows\system32\MRT.exe

2014-02-13 23:34:05 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-02-13 23:33:00 ----D---- C:\Windows\system32\nl-NL

2014-02-06 17:27:43 ----D---- C:\ProgramData\Steam

2014-01-31 13:14:03 ----HD---- C:\Windows\system32\GroupPolicy

2014-01-29 20:04:37 ----D---- C:\ProgramData\Oracle

2014-01-29 20:04:22 ----D---- C:\Program Files\Java

2014-01-20 16:02:54 ----D---- C:\Program Files\Origin

2014-01-15 22:49:54 ----D---- C:\ProgramData\Microsoft Help

2014-01-15 21:29:26 ----RSD---- C:\Windows\Fonts

2013-12-28 02:13:05 ----D---- C:\Program Files\Microsoft Games

2013-12-28 01:26:08 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-02 432664]

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2012-02-22 464304]

R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2012-02-22 169608]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]

R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-08 242240]

R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 64912]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2012-02-22 180848]

R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2012-02-22 59456]

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2012-02-22 340920]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2013-02-18 149352]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]

S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]

S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []

S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []

S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]

S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]

S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []

S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2012-02-22 121544]

S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []

S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2012-02-22 87656]

S3 Mkd2kfNt;Mkd2kfNt; C:\Windows\system32\drivers\Mkd2kfNt.sys [2009-10-13 133632]

S3 Mkd2Nadr;Mkd2Nadr; C:\Windows\system32\drivers\Mkd2Nadr.sys [2009-07-13 79360]

S3 netr28u;Sweex Wireless USB Adapter Driver; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-03 746496]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2005-10-13 8701824]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]

S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys []

S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2014-02-26 1678672]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-02-26 375056]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service; C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-05-12 324928]

R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-02-13 166288]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-02-13 161632]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2012-02-22 151880]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-05-04 291328]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-11 75064]

R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]

R2 RumorServer;McAfee Peer Distribution Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2012-05-04 291328]

R2 RzKLService;RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [2013-09-18 106472]

R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-14 1956136]

R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-08-16 553288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]

S2 def8540c;Winclean performap; c:\progra~2\wincle~1\WincleanperformapSvc.dll [2013-12-27 177488]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-08 135664]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-08-01 72704]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16 257928]

S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-08 46528]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-08 135664]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]

S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-03-31 3534776]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-02-20 569024]

S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2013-11-06 758224]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  Tiny download manager;s
 C:\Users\Jan\AppData\Local\DM;fs
 C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers;fs
 C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml;f
 C:\Program Files\Mozilla Firefox\searchplugins\filebulldogtb.xml;f
 C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\searchplugins\BearShareWebSearch.xml;f
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 ""=-;r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "Tiny download manager"=-;r
 C:\ProgramData\CoUUPExxtensiona;fs
 C:\Users\Jan\AppData\Roaming\Nidhogg;v
 C:\Program Files\Nidhogg;v
 C:\ProgramData\UTubeNoAds;fs
 C:\ProgramData\ekgkagjbglcemcollhkmhodfmdneojpa;fs
 C:\ProgramData\DDeealExpressS;fs
 C:\ProgramData\e1b3be76b17c7983;fs
 C:\Program Files\ConduitEngine;fs
 C:\Users\Jan\AppData\Roaming\Tunngle;fs
 C:\Users\Jan\AppData\Roaming\DealPly;fs
 C:\ProgramData\Tarma Installer
 C:\ProgramData\MagniPic;fs
 C:\ProgramData\InstallMate;fs
 C:\Program Files\Yontoo;fs
 C:\Program Files\Windows iLivid Toolbar;fs
 C:\Program Files\ToggleDU;fs
 C:\Program Files\iLivid;fs
 C:\Program Files\Free Offers from Freeze.com;fs
 C:\Program Files\FoxTabVideoConverter;fs
 C:\Program Files\DealPly;fs
 C:\Program Files\Conduit;fs
 C:\Program Files\Common Files\Plasmoo;v
 C:\Program Files\Common Files\DVDVideoSoft;fs
 C:\Program Files\BearShare Applications;fs
 C:\Program Files\Ask.com;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[zakenmanhenk]

Het duurde zeker een tijd, maar hier is de log!

Het probleem van "Ongeldige installatiekopie" is nu weg, UTubeNoAds1.8 is er nog steeds en sommige programma's kan ik nog niet opstarten.

Echt bedankt voor de hulp!

Log:

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Jan on ma 17-03-2014 at 20:58:36,85.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jan\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

17-3-2014 21:04:05 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\Fighters deleted successfully

C:\Program Files\GRETECH deleted successfully

C:\Program Files\HitmanPro deleted successfully

C:\Program Files\MSXML 4.0 deleted successfully

C:\Users\Jan\AppData\Roaming\Ekvyil deleted successfully

C:\Users\Jan\AppData\Roaming\Feby deleted successfully

C:\Users\Jan\AppData\Local\kpn deleted successfully

C:\Users\Jan\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1ED61C20-ACA1-4145-BEB7-0F8E08B1221B} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{49561995-A11F-E333-1DCC-3F8283838AF8} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF5F9A41-807B-4CB2-AB0F-80EC55F82228} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.aflt", "orgnl");

user_pref("extensions.BabylonToolbar.bbDpng", 12);

user_pref("extensions.BabylonToolbar.cntry", "NL");

user_pref("extensions.BabylonToolbar.firstRun", false);

user_pref("extensions.BabylonToolbar.hdrMd5", "B79ED5A006876866420989FE52C6C2CD");

user_pref("extensions.BabylonToolbar.lastActv", "20");

user_pref("extensions.BabylonToolbar.lastDP", 12);

user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");

user_pref("extensions.BabylonToolbar.lastVrsnTs", "");

user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");

user_pref("extensions.BabylonToolbar.newTab", true);

user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb");

user_pref("extensions.BabylonToolbar.propectorlck", 59676617);

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extensions.BabylonToolbar.ptch_0717", true);

user_pref("extensions.BabylonToolbar.smplGrp", "free");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119586");

user_pref("extensions.BabylonToolbar_i.hardId", "14ecef7c0000000000004061862da25b");

user_pref("extensions.BabylonToolbar_i.id", "14ecef7c0000000000004061862da25b");

user_pref("extensions.BabylonToolbar_i.instlDay", "15744");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=119586&babsrc=NT_ss&mntrId=14ecef7c0000000000004061862da25b");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:42:07");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119586");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.id", "14ecef7c0000000000004061862da25b");

user_pref("extensions.BabylonToolbar_i.hardId", "14ecef7c0000000000004061862da25b");

user_pref("extensions.BabylonToolbar_i.instlDay", "15744");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:42:07");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- FireFox user.js and prefs.js backups ----

user_17-03-2014_2114_.backup

prefs_17-03-2014_2114_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Tiny download manager"=-

==== Deleting Files \ Folders ======================

C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers not found

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\extensions\ffxtlbr@funmoods.com not found

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\extensions\toolbar@ask.com not found

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\extensions\plugin@yontoo.com.xpi not found

C:\Users\Jan\AppData\Local\DM deleted

C:\ProgramData\CoUUPExxtensiona deleted

C:\ProgramData\UTubeNoAds deleted

C:\ProgramData\ekgkagjbglcemcollhkmhodfmdneojpa deleted

C:\ProgramData\DDeealExpressS deleted

C:\ProgramData\e1b3be76b17c7983 deleted

C:\Program Files\ConduitEngine deleted

C:\Users\Jan\AppData\Roaming\Tunngle deleted

C:\Users\Jan\AppData\Roaming\DealPly deleted

C:\ProgramData\MagniPic deleted

C:\ProgramData\InstallMate deleted

C:\Program Files\Yontoo deleted

C:\Program Files\Windows iLivid Toolbar deleted

C:\Program Files\ToggleDU deleted

C:\Program Files\iLivid deleted

C:\Program Files\Free Offers from Freeze.com deleted

C:\Program Files\FoxTabVideoConverter deleted

C:\Program Files\DealPly deleted

C:\Program Files\Conduit deleted

C:\Program Files\Common Files\DVDVideoSoft deleted

C:\Program Files\BearShare Applications deleted

C:\Program Files\Ask.com deleted

C:\Users\Jan\AppData\LocalLow\{86D0B9F7-0E6D-33B5-873A-9A03D5D7EEB9} deleted

C:\Users\Jan\AppData\LocalLow\{B3C29BB5-EAE3-8A4B-4277-99BFE4EC54EB} deleted

C:\Users\Jan\AppData\LocalLow\{EED27E11-EF48-1D74-08EB-F5A895EC6651} deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{792E7854-5A8E-AB62-E13D-C4BF63950B7E} deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{86D0B9F7-0E6D-33B5-873A-9A03D5D7EEB9} deleted

C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml deleted

C:\Program Files\filebulldogtb deleted

C:\Program Files\Common Files\Plasmoo deleted

C:\found.000 deleted

C:\Users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk deleted

C:\Users\Jan\AppData\Roaming\RSBot Accounts.ini deleted

C:\Users\Jan\AppData\Roaming\RSBot_Accounts.ini deleted

C:\Users\Jan\AppData\Local\CRE deleted

C:\Users\Jan\AppData\Local\BearShare deleted

C:\Users\Jan\AppData\Local\Bundled software uninstaller deleted

C:\Users\Jan\AppData\Local\Conduit deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic deleted

C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly deleted

C:\Windows\System32\Tasks\DealPly deleted

C:\Windows\System32\Tasks\DealPlyUpdate deleted

C:\Users\Jan\AppData\LocalLow\bearsharemediabartb deleted

C:\Users\Jan\AppData\LocalLow\filebulldogtb deleted

C:\Users\Jan\AppData\LocalLow\searchqutoolbar deleted

C:\Users\Jan\AppData\LocalLow\AskToolbar deleted

C:\Users\Jan\AppData\LocalLow\Conduit deleted

C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted

C:\Windows\system32\tasks\Funmoods deleted

C:\user.js deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\searchplugins\BearShareWebSearch.xml deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\Invalidprefs.js deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\jetpack deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\extensions\staged deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\CT2088433 deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\CT2304157 deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\CT2536842 deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\CT2832595 deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\bearsharemediabartb deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\filebulldogtb deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

C:\Users\Jan\Music\Downloads\FastDownload (1).exe deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\conduit deleted

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default\conduitCommon deleted

"C:\Program Files\Mozilla Firefox\searchplugins\filebulldogtb.xml" deleted

"C:\Users\Jan\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted

"C:\Programdata\Windows\dumd.dat" deleted

"C:\Programdata\Windows\xdor.dat" deleted

"C:\Programdata\Windows" deleted

==== Files Found In C:\Users\Jan\AppData\Roaming\Nidhogg ======================

2014-03-01 21:32:13 17 ----a-w- C5B1300BDBA3EE5C64048D7D8B9A0B4A C:\Users\Jan\AppData\Roaming\Nidhogg\prefs.txt

2014-03-16 20:33:44 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\Jan\AppData\Roaming\Nidhogg\playerachievementcache.dat

2014-03-16 20:33:44 7901 ----a-w- 9C4D53527773DDFB730CE3B29B6326EC C:\Users\Jan\AppData\Roaming\Nidhogg\console.log

==== Folders Found In C:\Program Files\Nidhogg ======================

2014-02-06 16:27:37 d-----w- C:\Program Files\Nidhogg\Nidhogg OST

==== Files Found In C:\Program Files\Nidhogg ======================

2014-01-13 19:05:48 1133635 ----a-w- 51E3D4D8EBF45EDA09D4A75885F75F3B C:\Program Files\Nidhogg\music_Forest_Synth3.ogg

2014-01-13 19:05:48 1142053 ----a-w- 1160756BDAA5576C16B2148B4041F2B3 C:\Program Files\Nidhogg\music_Forest_Synth2.ogg

2014-01-13 19:05:48 1173934 ----a-w- 97D60A676E454855C37E5BA5442AF1AA C:\Program Files\Nidhogg\music_Clouds_SynthsPart1.ogg

2014-01-13 19:05:48 1188130 ----a-w- FBF25E3EDE038305E5B9308221E32BFB C:\Program Files\Nidhogg\music_Forest_Synth1.ogg

2014-01-13 19:05:48 1205651 ----a-w- 90E00A50790DF8FFE7F4F4FB7C8F1C37 C:\Program Files\Nidhogg\music_Forest_Drums.ogg

2014-01-13 19:05:48 1228925 ----a-w- 67769BCAD9EE5AF3E93FFB7B8F508146 C:\Program Files\Nidhogg\sfxFireBackground.ogg

2014-01-13 19:05:48 1299 ----a-w- 86B9F911904059C2B6D48A85352A0539 C:\Program Files\Nidhogg\credits.txt

2014-01-13 19:05:48 1327603 ----a-w- 9DABCFD32ECFFBC2E61B0E5A1F364A55 C:\Program Files\Nidhogg\music_CastleTitle.ogg

2014-01-13 19:05:48 1333037 ----a-w- 991D6389095B190F8FA24590AE8C3A46 C:\Program Files\Nidhogg\music_Clouds_SynthsPart3.ogg

2014-01-13 19:05:48 1347336 ----a-w- 82AEA83AD7D0BA354405809A40B31797 C:\Program Files\Nidhogg\music_Clouds_Drums.ogg

2014-01-13 19:05:48 1349493 ----a-w- E827ECF08107315770C2428C705BED7F C:\Program Files\Nidhogg\music_Clouds_SynthsPart4.ogg

2014-01-13 19:05:48 1388268 ----a-w- 314CD2454E9845310077E8ED997FF6F1 C:\Program Files\Nidhogg\music_Clouds_SynthsPart2.ogg

2014-01-13 19:05:48 140154 ----a-w- 21CCC0A80EAD443DA6925991EE39B972 C:\Program Files\Nidhogg\sfxChandelier1.ogg

2014-01-13 19:05:48 1422917 ----a-w- 8E958093A498F36E1101D151F6063048 C:\Program Files\Nidhogg\music_Castle_Synth1.ogg

2014-01-13 19:05:48 15085456 ----a-w- 3B468B0423D421084CAEF13B95001319 C:\Program Files\Nidhogg\data.win

2014-01-13 19:05:48 151157 ----a-w- 9258A591519A1F68B4BDB2EA7C2D53DC C:\Program Files\Nidhogg\sfxChandelier3.ogg

2014-01-13 19:05:48 1598553 ----a-w- 3F53DDEFF0526A4E91DE9C3382D20831 C:\Program Files\Nidhogg\music_Castle_Synth2.ogg

2014-01-13 19:05:48 1681796 ----a-w- CF79498408798DCEAE7E3F29394ED9AA C:\Program Files\Nidhogg\music_Castle_Drms2.ogg

2014-01-13 19:05:48 1743125 ----a-w- 741CC0971E3489EC8555D067D9A2610E C:\Program Files\Nidhogg\music_Castle_Drms1.ogg

2014-01-13 19:05:48 1998168 ----a-w- 86E39E9161C3D930D93822F1563C280D C:\Program Files\Nidhogg\D3DX9_43.dll

2014-01-13 19:05:48 207806 ----a-w- 23AE82403ADF68CE07B0F2516BC10ED1 C:\Program Files\Nidhogg\sfxEdgeOfCenter.ogg

2014-01-13 19:05:48 2100 ----a-w- 79B5424566DCEA932499D7F6EBDA6B2E C:\Program Files\Nidhogg\steam_api.ini

2014-01-13 19:05:48 279552 ----a-w- 41B0699189B6361E1C7BE00DFC687DD6 C:\Program Files\Nidhogg\SteamSimpleNet.dll

2014-01-13 19:05:48 2817024 ----a-w- 0E48DD4595CAAD402F901D514C247268 C:\Program Files\Nidhogg\Nidhogg.exe

2014-01-13 19:05:48 451031 ----a-w- 99F723611B09BCC7085B5B7EEFFCB3C6 C:\Program Files\Nidhogg\music_Mines_Synth1.ogg

2014-01-13 19:05:48 472591 ----a-w- B6F4A350EFB3FA3F79417707148B84E0 C:\Program Files\Nidhogg\sfxWind.ogg

2014-01-13 19:05:48 51 ----a-w- 79F5067D3311633E06F75DC8A185752D C:\Program Files\Nidhogg\match.txt

2014-01-13 19:05:48 55845 ----a-w- 5DB140B365B231A0FB53E6C22F6B0529 C:\Program Files\Nidhogg\sfxChandelier2.ogg

2014-01-13 19:05:48 632965 ----a-w- 9B44EEB1A9B25F4D2834B1BF401DB5C8 C:\Program Files\Nidhogg\music_CloudsTitle.ogg

2014-01-13 19:05:48 711363 ----a-w- DBA870E20225C1E06C30D3C9349FDAC4 C:\Program Files\Nidhogg\music_Mines_Synth2.ogg

2014-01-13 19:05:48 720052 ----a-w- 92548C2A9FDF3B7F3A28ABDEC2AD0E0F C:\Program Files\Nidhogg\music_Mines_Synth4Part3.ogg

2014-01-13 19:05:48 730104 ----a-w- AD585DB41AD6C7171C59701268F73BD1 C:\Program Files\Nidhogg\music_Mines_Synth4Part2.ogg

2014-01-13 19:05:48 786827 ----a-w- 9297D71A6583C64CE15A41C5C354D7B3 C:\Program Files\Nidhogg\music_Mines_MechanicalLayer.ogg

2014-01-13 19:05:48 822788 ----a-w- 8F43E58119E049FAE1C09216807007F8 C:\Program Files\Nidhogg\steam_api.dll

2014-01-13 19:05:48 861473 ----a-w- BFDAC1C793F951D2A316D1B8B8E9F168 C:\Program Files\Nidhogg\music_Mines_BasicDrums.ogg

2014-01-13 19:05:48 8646 ----a-w- 84C7DC208B6F0FFEF43E8D1CBC986BD8 C:\Program Files\Nidhogg\sfxChainSqueak1.ogg

2014-01-13 19:05:48 952663 ----a-w- FACD1CBB4A6728BAD1105A0076AE79A0 C:\Program Files\Nidhogg\music_WildsTitle.ogg

2014-01-13 19:05:48 956277 ----a-w- 7AF69D573F09B8BD779A0C4E8820E806 C:\Program Files\Nidhogg\music_MinesTitle.ogg

2014-01-13 19:05:48 997971 ----a-w- 6DC49B8C533B51F580ED89C99D415738 C:\Program Files\Nidhogg\music_Mines_Drums4Part2.ogg

2014-02-06 16:27:21 1192137 ----a-w- BB3BE925CBB18A8A2512F7369A137518 C:\Program Files\Nidhogg\unins000.exe

2014-02-06 16:27:39 12259 ----a-w- 4B4A362835C4750D7097D24C6ADD96AF C:\Program Files\Nidhogg\unins000.dat

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Jan\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2014-03-16 14:52:33 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\System32\iernonce.dll

2014-03-16 14:52:33 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-16 14:52:33 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-16 14:52:32 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\System32\jsproxy.dll

2014-03-16 14:52:30 69C9F0607AF94C7162BBD25E222D4E0E 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-16 14:52:30 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-16 14:52:29 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\System32\ieapfltr.dll

2014-03-16 14:52:29 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-16 14:52:28 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\System32\wininet.dll

2014-03-16 14:52:27 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\System32\ieui.dll

2014-03-16 14:52:26 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-16 14:52:25 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-16 14:52:25 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\System32\iertutil.dll

2014-03-16 14:52:24 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\System32\mshtml.dll

2014-03-16 14:52:23 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\System32\urlmon.dll

2014-03-16 14:52:22 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\System32\msfeeds.dll

2014-03-16 14:52:22 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-16 14:52:20 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-16 14:52:19 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\System32\msrating.dll

2014-03-16 14:52:19 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe

2014-03-16 14:52:18 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-16 14:52:18 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\System32\ieframe.dll

2014-03-16 14:51:29 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-16 14:51:25 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll

2014-03-16 14:49:25 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\System32\qedit.dll

2014-03-16 14:49:23 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll

2014-03-16 14:49:21 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

2014-03-16 19:56:25 B802DE1C507FD89D28C1D5B2F05B337F 3140 ----a-w- C:\Windows\system32\Tasks\{F023E972-7CE7-4CBF-AD26-E96CC8BE8255}

2014-03-16 15:24:41 286C5CA39D52D916C963962DE2BE5CB9 3310 ----a-w- C:\Windows\system32\Tasks\{0B486371-B45E-4504-830E-61362B00EDD7}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-03-17 12:52:06 -------- d-----w- C:\Program Files\trend micro

2014-03-15 22:49:27 -------- d-----w- C:\Program Files\Rockstar Games

2014-02-21 16:29:49 -------- d-----w- C:\Program Files\Shining Rock Software LLC

======= C: =====

====== C:\Users\Jan\AppData\Roaming ======

2014-02-21 16:29:52 -------- d-----w- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shining Rock Software LLC

====== C:\Users\Jan ======

2014-03-15 22:49:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

2014-03-14 14:51:57 -------- d-----w- C:\ProgramData\Avira

2014-03-14 12:45:56 -------- d-----w- C:\ProgramData\HitmanPro

2014-02-19 13:02:59 -------- d-----w- C:\ProgramData\Tunngle

====== C: exe-files ==

2014-03-17 20:01:07 ED94A9592FCF68D297FF77D5A9992098 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1641444121-2350807400-106936331-1000\$I1PTRY8.exe

2014-03-17 19:57:38 2ED2319F3DE13495AAA49B70A1467055 1285120 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1641444121-2350807400-106936331-1000\$R1PTRY8.exe

2014-03-17 12:51:09 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Jan\Music\Downloads\RSIT.exe

2014-03-16 15:29:30 E7697A085336F974A4A6102A51223960 14405632 ----a-w- C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe

2014-03-16 15:29:28 B01BA38C120B8B1F5963E6B47FF12A1E 118736 ----a-w- C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe

2014-03-16 15:28:09 ED190C2AD7A777D17F38C78EEDEBBCA2 126976 ----a-w- C:\Documents and Settings\Jan\Desktop\San andreas\GTA Sa\GTA san andres\Install.exe

2014-03-16 15:28:09 B01BA38C120B8B1F5963E6B47FF12A1E 118736 ----a-w- C:\Documents and Settings\Jan\Desktop\San andreas\GTA Sa\GTA san andres\setup.exe

2014-03-16 15:28:08 C83F75FB7A42D6C0108A997054A23F6F 472576 ----a-w- C:\Documents and Settings\Jan\Desktop\San andreas\GTA Sa\GTA san andres\DirectX\dxsetup.exe

2014-03-16 15:26:39 9385CC7904CADD76F1CDD8B0F25027B5 528384 ----a-w- C:\Documents and Settings\Jan\Desktop\San andreas\GTA Sa\GTA san andres\Bin\demo32.exe

2014-03-16 15:21:29 B01BA38C120B8B1F5963E6B47FF12A1E 118736 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1641444121-2350807400-106936331-1000\$RW0CF2H\setup.exe

2014-03-16 14:52:18 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-03-16 14:52:16 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

=== C: other files ==

2014-03-16 14:49:21 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

2014-03-15 22:40:09 BD78B17968C91F6C61E5CE516D8646DE 5868922 ----a-w- C:\Users\Jan\Desktop\San andreas\GTA Sa\Crack No-CD (By Squall89).zip

2014-03-15 22:40:09 BD78B17968C91F6C61E5CE516D8646DE 5868922 ----a-w- C:\Documents and Settings\Jan\Desktop\San andreas\GTA Sa\Crack No-CD (By Squall89).zip

2014-03-15 22:40:09 46F255CAC21CFDB7B153974321FB5A20 4976792 ----a-w- C:\Users\Jan\Desktop\San andreas\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip

2014-03-15 22:40:09 46F255CAC21CFDB7B153974321FB5A20 4976792 ----a-w- C:\Documents and Settings\Jan\Desktop\San andreas\GTA Sa\Alcohol 120% 1.9.2 + Crack.zip

2014-03-15 19:06:08 C10E20FCB710BB1EC6034DDB681262D8 1444127 ----a-w- C:\Users\Jan\AppData\Local\Temp\CProgram FilesOpera\skin\standard_skin.zip

2014-03-15 19:06:08 C10E20FCB710BB1EC6034DDB681262D8 1444127 ----a-w- C:\Documents and Settings\Jan\AppData\Local\Temp\CProgram FilesOpera\skin\standard_skin.zip

2014-03-15 19:06:08 4A72C050936BF35B374C817924DB9F0E 241062 ----a-w- C:\Users\Jan\AppData\Local\Temp\CProgram FilesOpera\locale\en\en.zip

2014-03-15 19:06:08 4A72C050936BF35B374C817924DB9F0E 241062 ----a-w- C:\Documents and Settings\Jan\AppData\Local\Temp\CProgram FilesOpera\locale\en\en.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Easy Driver Pro"="C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe"

"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

"Dxtory Update Checker 2.0"="C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe"

"TeamSpeak 3 Client"="C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe"

"F.lux"="C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

"snpstd3"="C:\Windows\vsnpstd3.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Easy Driver Pro"="C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe"

"Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

"Dxtory Update Checker 2.0"="C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe"

"TeamSpeak 3 Client"="C:\Users\Jan\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe"

"F.lux"="C:\Users\Jan\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

==== Startup Folders ======================

2011-08-01 13:33:30 1343 ----a-w- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

2010-07-22 12:50:24 1856 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16-03-2014 16:52]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08-12-2009 15:13]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08-12-2009 15:13]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-JanvR-PC-Jan" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe]

"C:\Windows\system32\tasks\Raidcall_EN" [C:\Program Files\RaidCall\raidcall.exe]

"C:\Windows\system32\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe]

"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{26A4878C-DE45-4B9B-B8E4-EB377E8208DC}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\system32\tasks\{22075A11-BD66-452D-BCB5-74DDA150727F}" ["c:\program files\mozilla firefox\firefox.exe"]

"C:\Windows\system32\tasks\{7755AD09-2F2B-4386-A1A6-A8763036845A}" [C:\Program Files\Skype\\Phone\Skype.exe]

"C:\Windows\system32\tasks\{AA4E2FD6-A79F-4F8B-B0D2-6AE4D7AC457C}" [C:\Program Files\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe]

"C:\Windows\system32\tasks\{DE1EA742-A292-4F13-A752-3600C7DECBF6}" [C:\Program Files\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe]

"C:\Windows\system32\tasks\{FEC9013F-F92F-4A7D-AD84-D1B084A896AA}" [C:\Program Files\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor Enterprise" [30-08-2012 20:29]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{1266764D-FC4F-4FA7-B63B-884D53B1680F}"="C:\Users\Jan\AppData\Roaming\NetAssistant" [19-01-2011 17:40]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat

270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

36FBE76F4F51396B0F70FC95CD7481D2 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin

DAD55CEF682EAE6FA7B4C9487563A496 - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director

3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1F0D662B7BE2AB2D3A7E2C6A44A02BC1 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller

0AF5E73EBB4B49ECA597F4EDAF2C252B - C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll - ijji Auto Install Plugin for Mozilla

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

F9391E9A3B016E1C9D96DAAEE7EF794F - C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll - AhnLab Online Security

0D083ADC189ABC679629A704AEBDC8A1 - C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll - AhnLab MyKeyDefense 2.5

8D08320F818920DBAB90919AC256A0E6 - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll - BitCometAgent

99F97C9FE748C37528C338A423577FCB - C:\Users\Jan\AppData\Roaming\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\Opera\program\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\Opera\program\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\Opera\program\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\Opera\program\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\Opera\program\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

99F97C9FE748C37528C338A423577FCB - c:\program files\mozilla firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\Jan\AppData\Local\funmoods.crx[]

cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Jan\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]

cjpglkicenollcignonpgiafdgfeehoj - C:\Users\Jan\AppData\Local\funmoods-speeddial.crx[]

dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx[]

niapdbllcanepiiimjjndipklodoedlc - C:\Users\Jan\AppData\Local\Temp\YontooLayers.crx[]

pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files\1ClickDownload\oneclickdownloader10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\Jan\AppData\Local\funmoods.crx[]

cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Jan\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]

cjpglkicenollcignonpgiafdgfeehoj - C:\Users\Jan\AppData\Local\funmoods-speeddial.crx[]

Google Drive - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

LoL Stream Browser - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp

Avira Browser Safety - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk

AdBlock - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

Funmoods - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

WiseConvert - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm

Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

"Backup.Old.Start Page"="http://nl.ask.com/?l=dis&o=14200"

"Default_Page_URL"="http://www.aldi.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

"Backup.Old.Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{4268920C-7320-4A99-A148-3CC41F7DAE20} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1393C215-0520-410E-AB29-3BADAB478EC4} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1393C215-0520-410E-AB29-3BADAB478EC4} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{667077BD-1E84-0C58-23C9-1DD8AE2AC24C} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{667077BD-1E84-0C58-23C9-1DD8AE2AC24C} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{1393C215-0520-410E-AB29-3BADAB478EC4} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{667077BD-1E84-0C58-23C9-1DD8AE2AC24C} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_USERS\S-1-5-21-1641444121-2350807400-106936331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MagniPic deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{16782E9C-E344-47BD-A045-B9BA79870632} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1CD67F8D-7CF5-0122-E351-868771DA03C9} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B48D06DA-461F-4559-A7B2-0E3D6F6E242C} deleted successfully

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Bulldog Anti-phishing Domain Advisor deleted successfully

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{25F259ED-12F6-429F-5783-527C3E2F8586} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C6E49138-C2CF-5337-D358-0734FD33EFB4} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Jan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\hx6j7ong.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3283 folders=636 289553157 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Jan\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Jan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\LLXKDTKZ\www.clitgames.com" not found

==== EOF on ma 17-03-2014 at 21:30:38,75 ======================

[kape]

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  C:\Windows\system32\Tasks\{F023E972-7CE7-4CBF-AD26-E96CC8BE8255};fs
 C:\Windows\system32\Tasks\{0B486371-B45E-4504-830E-61362B00EDD7};fs
 C:\Users\Jan\AppData\Local\funmoods-speeddial.crx;f
 Edidfaijmhpefkbnobdcepampbncgejp;chr
 autoclean;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[zakenmanhenk]

Ik heb nu geen last meer van de effecten van UTubeNoAds1.8 . Dus geen onderstreepte dingen meer, geen reclames. Hij staat er nog wel als extensie tussen en kan deze nog niet uitschakelen of verwijderen, maar het schijnt geen werkend iets meer te zijn

Logje:

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Jan on di 18-03-2014 at 16:07:26,09.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jan\Music\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-17-203038.log 51049 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\Jan\AppData\Local\funmoods-speeddial.crx" not found

C:\Windows\system32\Tasks\{F023E972-7CE7-4CBF-AD26-E96CC8BE8255} deleted

C:\Windows\system32\Tasks\{0B486371-B45E-4504-830E-61362B00EDD7} deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor Enterprise" [30-08-2012 20:29]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{1266764D-FC4F-4FA7-B63B-884D53B1680F}"="C:\Users\Jan\AppData\Roaming\NetAssistant" [19-01-2011 17:40]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\hx6j7ong.default

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat

270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

36FBE76F4F51396B0F70FC95CD7481D2 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin

DAD55CEF682EAE6FA7B4C9487563A496 - C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director

3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1F0D662B7BE2AB2D3A7E2C6A44A02BC1 - C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller

0AF5E73EBB4B49ECA597F4EDAF2C252B - C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll - ijji Auto Install Plugin for Mozilla

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

F9391E9A3B016E1C9D96DAAEE7EF794F - C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll - AhnLab Online Security

0D083ADC189ABC679629A704AEBDC8A1 - C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll - AhnLab MyKeyDefense 2.5

8D08320F818920DBAB90919AC256A0E6 - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll - BitCometAgent

99F97C9FE748C37528C338A423577FCB - C:\Users\Jan\AppData\Roaming\Mozilla\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

69AA47F09AA281C7D3C7716CA7E283B4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

380F9A643A149B9030142E7171EFA91B - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\Opera\program\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\Opera\program\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\Opera\program\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\Opera\program\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\Opera\program\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

99F97C9FE748C37528C338A423577FCB - c:\program files\mozilla firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

Google Drive - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

LoL Stream Browser - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp

Avira Browser Safety - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk

AdBlock - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp deleted successfully

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edidfaijmhpefkbnobdcepampbncgejp_0.localstorage deleted successfully

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edidfaijmhpefkbnobdcepampbncgejp_0.localstorage-journal deleted successfully

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\edidfaijmhpefkbnobdcepampbncgejp deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

"Backup.Old.Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

"Backup.Old.Start Page"="http://search.filebulldog.com/vmn/6C05CC5D73135A28C0F4A8513234C0D6"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{4268920C-7320-4A99-A148-3CC41F7DAE20} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\hx6j7ong.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3333 folders=645 289730036 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Jan\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Jan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on di 18-03-2014 at 16:28:16,13 ======================

[kape]

In welke browser staat hij nog als extensie ?

[zakenmanhenk]

Chrome

Verder is er nog 1 programma dat niet op wil starten, maar een reïnstall zou moeten werken hoop ik, anders meld ik het wel.

UTubeNoAds1.8 geeft geen enkel teken meer van leven, geen reclames/onderlijnde dingen meer. Wel staat hij nog tussen de extensies

[kape]

Erg raar ... want volgens de logjes is daar geen UTubeNoAds1.8 meer te zien (zie hieronder):

Google Drive - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

LoL Stream Browser - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp

Avira Browser Safety - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk

AdBlock - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Indien je hem echt wil verwijderen, kunnen we Chrome wel in zijn oorspronkelijke toestand herstellen. Maar dan moet je ook alle andere - correcte - plugins en extensies weer opnieuw installeren. Make your choice ?