verwijderen van het delta holmes spyware

[grijze haren]

Hoe kan ik het delta holmes virus afdoende van mijn computer verwijderen? Althans ik vermoed dat dat de virus is. Ik heb diverse pogingen al gedaan maar niets lukt afdoende. Ik heb hitman (30 dagen versie)geprobeert, die haalt een heleboel onduidelijke dingen weg maar niet afdoende. Ik gebruik firefox. Er blijven ongevraagde (spam) reclame boodschappen verschijnen. AVG als virusscanner (gratis versie) doet er niets aan.

Van mijn mailprogramma kon ik niets meer ontvangen en verzenden, daar heb ik van mijn serviceprovider een nieuw wachtwoord gekregen waarna het mailprogramma weer werkte.

Ik hoop dat jullie mij verder kunnen helpen.

[kape]

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[grijze haren]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Gebruiker at 2014-03-21 21:47:27

Microsoft Windows 7 Ultimate Service Pack 1

System drive C: has 25 GB (25%) free of 100 GB

Total RAM: 3326 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:47:32, on 21-3-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16521)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Windows\System32\WTMKM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\EmvSmartCardReader\BePCSC.exe

C:\Program Files\AVG\AVG2014\avgui.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wlrmdr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\AVG\AVG2014\avgcsrvx.exe

C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Gebruiker\Desktop\RSIT(1).exe

C:\Windows\system32\DllHost.exe

C:\Program Files\trend micro\Gebruiker.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: (no name) - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - (no file)

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [bePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: D-Link SharePort Plus Helper - Unknown owner - C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe

O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files\WinZipper\winzipersvc.exe

--

End of file - 10538 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\HP Photo Creations Communicator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default

prefs.js - "browser.startup.homepage" - "about:home"

"avg@toolbar"=C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292

"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

"quick_start@gmail.com"=C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\quick_start@gmail.com

"ext@MediaViewV1alpha310.net"=C:\Program Files\MediaViewV1\MediaViewV1alpha310\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.77 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]

"Description"=

"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin]

"Description"=FromDocToPDF Plugin

"Path"=C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]

"Description"=Office Live Update v1.5

"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Nero.com/KM]

"Description"=

"Path"=C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nokia.com/EnablerPlugin]

"Description"=Nokia Suite Enabler Plugin

"Path"=C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]

"Description"=A component of your photo software powered by RocketLife

"Path"=C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

NPOFF12.DLL

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

QuickTimePlugin.class

C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\

maps@ovi.com

quick_start@gmail.com

{2d3fbcf7-be69-4433-8858-c621a8d0e58d}

{5384767E-00D9-40E9-B72F-9CC39D655D6F}

{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\searchplugins\

sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-19 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-19 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

{95B7759C-8C7F-4BF1-B163-73684A933233}

{EEE6C35B-6118-11DC-9C72-001320C79847} -

{c66a678d-5e6c-4af9-8f57-c6192f42cf74}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]

"NBAgent"=C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-04-28 1406248]

"MacrokeyManager"=C:\Windows\system32\WTMKM.exe [2010-06-14 6259432]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"BePCSC"=C:\Program Files\EmvSmartCardReader\BePCSC.exe [2007-05-03 27136]

"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-01-22 4962320]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-02-06 43848]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-10-06 59240]

"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2014-03-21 2544664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"=C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-01-02 1199576]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EZ VHS Converter Monitor.lnk]

C:\PROGRA~1\ION\EZVIDE~1\MEDIAT~1.EXE [2009-05-12 737280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]

C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2006-09-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.5 BD Edition.lnk]

C:\PROGRA~1\COMMON~1\PANASO~1\PHOTOF~1\AUTOST~1.EXE [2011-08-09 183992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=0

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoResolveTrack"=1

"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"msacm.siren"=sirenacm.dll

"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*

.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-03-21 13:24:17 ----A---- C:\Windows\system32\drivers\hitmanpro37.sys

2014-03-21 12:32:13 ----D---- C:\ProgramData\AVG Secure Search

2014-03-18 19:12:42 ----D---- C:\rsit

2014-03-18 19:12:42 ----D---- C:\Program Files\trend micro

2014-03-18 13:57:13 ----D---- C:\Program Files\HitmanPro

2014-03-18 13:55:36 ----D---- C:\ProgramData\HitmanPro

2014-03-18 12:54:32 ----D---- C:\sh4ldr

2014-03-16 16:45:37 ----A---- C:\Windows\system32\wwansvc.dll

2014-03-16 16:45:32 ----A---- C:\Windows\system32\qedit.dll

2014-03-16 16:45:27 ----A---- C:\Windows\system32\iernonce.dll

2014-03-16 16:45:27 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-03-16 16:45:26 ----A---- C:\Windows\system32\wininet.dll

2014-03-16 16:45:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-16 16:45:26 ----A---- C:\Windows\system32\jsproxy.dll

2014-03-16 16:45:26 ----A---- C:\Windows\system32\jscript9diag.dll

2014-03-16 16:45:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-03-16 16:45:26 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-03-16 16:45:26 ----A---- C:\Windows\system32\ieapfltr.dll

2014-03-16 16:45:22 ----A---- C:\Windows\system32\ieUnatt.exe

2014-03-16 16:45:22 ----A---- C:\Windows\system32\ieui.dll

2014-03-16 16:45:22 ----A---- C:\Windows\system32\iertutil.dll

2014-03-16 16:45:21 ----A---- C:\Windows\system32\mshtml.dll

2014-03-16 16:45:21 ----A---- C:\Windows\system32\jscript9.dll

2014-03-16 16:45:20 ----A---- C:\Windows\system32\urlmon.dll

2014-03-16 16:45:20 ----A---- C:\Windows\system32\msfeeds.dll

2014-03-16 16:45:19 ----A---- C:\Windows\system32\msrating.dll

2014-03-16 16:45:19 ----A---- C:\Windows\system32\iesetup.dll

2014-03-16 16:45:19 ----A---- C:\Windows\system32\ieframe.dll

2014-03-16 16:45:19 ----A---- C:\Windows\system32\ie4uinit.exe

2014-03-16 16:45:12 ----A---- C:\Windows\system32\win32k.sys

2014-03-16 16:45:07 ----A---- C:\Windows\system32\WindowsCodecs.dll

2014-03-16 16:44:35 ----A---- C:\Windows\system32\wer.dll

2014-03-16 16:29:43 ----D---- C:\Program Files\MediaViewV1

2014-03-04 11:41:40 ----D---- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-02-27 19:28:35 ----D---- C:\Program Files\Enigma Software Group

2014-02-27 19:27:45 ----D---- C:\Windows\455F074C814E4520B69B5584BD90400C.TMP

2014-02-27 19:27:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of files/folders modified in the last 1 month======

2014-03-21 21:47:25 ----D---- C:\Windows\Prefetch

2014-03-21 21:44:19 ----D---- C:\Windows\Temp

2014-03-21 19:26:23 ----D---- C:\Program Files\WinZipper

2014-03-21 17:08:55 ----D---- C:\ProgramData\MFAData

2014-03-21 16:18:02 ----D---- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst

2014-03-21 13:24:25 ----D---- C:\Windows\System32

2014-03-21 13:24:17 ----D---- C:\Windows\system32\drivers

2014-03-21 13:21:54 ----D---- C:\Windows\system32\config

2014-03-21 13:19:49 ----RD---- C:\Program Files

2014-03-21 13:19:49 ----HD---- C:\ProgramData

2014-03-21 12:31:55 ----D---- C:\Program Files\AVG Secure Search

2014-03-18 14:35:54 ----D---- C:\Windows\Tasks

2014-03-18 14:35:54 ----D---- C:\Windows\system32\Tasks

2014-03-18 13:23:57 ----D---- C:\Windows\Minidump

2014-03-18 13:22:56 ----D---- C:\Windows

2014-03-18 12:54:43 ----SHD---- C:\Windows\Installer

2014-03-18 12:54:34 ----HD---- C:\Config.Msi

2014-03-18 12:54:16 ----SHD---- C:\System Volume Information

2014-03-18 11:12:21 ----D---- C:\Users\Gebruiker\AppData\Roaming\HpUpdate

2014-03-16 18:01:32 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-03-16 18:00:13 ----D---- C:\Windows\winsxs

2014-03-16 17:58:55 ----D---- C:\Program Files\Microsoft Silverlight

2014-03-16 17:56:37 ----D---- C:\Program Files\Internet Explorer

2014-03-16 17:55:24 ----D---- C:\ProgramData\Microsoft Help

2014-03-16 17:47:06 ----D---- C:\Windows\system32\MRT

2014-03-16 17:47:01 ----A---- C:\Windows\system32\MRT.exe

2014-03-16 16:44:57 ----D---- C:\Windows\system32\catroot

2014-03-16 16:44:25 ----D---- C:\Windows\system32\catroot2

2014-03-04 11:42:57 ----D---- C:\Program Files\iTunes

2014-03-04 11:41:41 ----D---- C:\Program Files\iPod

2014-03-04 11:36:56 ----D---- C:\Program Files\QuickTime

2014-02-27 21:49:56 ----D---- C:\Program Files\Windows Doctor

2014-02-27 20:48:20 ----D---- C:\Windows\system32\wdi

2014-02-27 19:27:44 ----D---- C:\Program Files\Common Files

2014-02-26 20:52:26 ----D---- C:\Windows\system32\wbem

2014-02-26 20:51:03 ----D---- C:\Windows\AppCompat

2014-02-26 20:51:03 ----D---- C:\ProgramData\Tablet

2014-02-26 20:51:03 ----D---- C:\ProgramData\HP

2014-02-26 20:51:03 ----D---- C:\Program Files\Common Files\AVG Secure Search

2014-02-26 20:51:03 ----D---- C:\Program Files\Bonjour

2014-02-26 20:51:02 ----D---- C:\Windows\system32\DriverStore

2014-02-26 20:51:02 ----D---- C:\Windows\system32\CodeIntegrity

2014-02-26 20:51:02 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-11-25 149272]

R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-10-01 102712]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-10 27448]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-27 691696]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]

R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2013-11-25 120600]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 210712]

R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-01-19 22808]

R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-10-31 176952]

R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2014-03-21 42272]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]

R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 15384]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [2014-03-21 30976]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]

R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]

R3 sxuptp;SXUPTP Driver; C:\Windows\system32\DRIVERS\sxuptp.sys [2011-03-24 256072]

R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2010-02-25 25216]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-09-19 10088]

R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [2009-08-20 6144]

S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 APL531;35mm Film Scanner; C:\Windows\System32\Drivers\FILMSCAN.sys [2006-08-01 580992]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]

S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 19984]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]

S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2013-01-23 18560]

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2013-01-23 23168]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]

S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-08-16 16472]

S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-08-16 11104]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]

S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2010-03-12 81920]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]

S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]

S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2013-01-23 8192]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-12-13 45056]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]

S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 28160]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2013-01-23 8192]

S3 VCR2PC;VCR2PC Analog Capture; C:\Windows\system32\DRIVERS\p140_ion.sys [2011-02-21 278016]

S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 176128]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-02-12 43336]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-01-22 3788816]

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 D-Link SharePort Plus Helper;D-Link SharePort Plus Helper; C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe [2011-03-25 40960]

R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2014-03-18 106248]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 20992]

R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2012-07-13 769432]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2010-08-19 247152]

R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-01-09 770432]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2014-01-28 1731896]

R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-03-21 1771032]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-29 116648]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16 257928]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 13080]

S3 CGVPNCliSrvc;CyberGhost VPN Client; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-02-02 2413704]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-29 116648]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]

S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2014-02-21 553288]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-14 118896]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]

S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

S4 ADExchange;ArcSoft Exchange Service; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-07-08 44064]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]

S4 EyeTV Netstream;EyeTV Netstream; C:\Program Files\Elgato\EyeTV Netstream\EyeTVNetstreamSvc.exe [2010-09-13 399944]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 Seagate Dashboard Services;Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-07-02 14528]

S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]

-----------------EOF-----------------

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {4c60e5ab-5c68-4c59-abaa-885010b24b32};c
 {CCC7A320-B3CA-4199-B1A6-9F516DD69829};c
 {95B7759C-8C7F-4BF1-B163-73684A933233};c
 {EEE6C35B-6118-11DC-9C72-001320C79847};c
 {c66a678d-5e6c-4af9-8f57-c6192f42cf74};c
 {F274614C-63F8-47D5-A4D1-FBDDE494F8D1};c
 C:\Program Files\MediaViewV1;fs
 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\[email="maps@ovi.com"]maps@ovi.com[/email];fs
 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\[email="quick_start@gmail.com"]quick_start@gmail.com[/email];fs
 C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\searchplugins\sweetim.xml;f
 C:\Windows\455F074C814E4520B69B5584BD90400C.TMP;f
  emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[grijze haren]

het ziet ernaar uit dat jullie oplossing werkt, hartstikke bedankt!!!!!! Ik begrijp niet hoe jullie het doen door middel van cijfertjes en letters, het is akra kradabra voor mij! nogmaals bedankt kan ik weer een beetje kleur in mijn haar krijgen.

[kape]

Zou je toch nog even het gevraagde logje - ter controle - willen plaatsen. Mogelijk is er nog een volgende stapje nodig ... waarmee je nog méér kleur in je haar kan krijgen

[grijze haren]

sorry, ik had niet in de gaten dat het nog niet is afgerond; hierbij het gevraagte::

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Gebruiker on zo 23-03-2014 at 14:52:42,73.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

23-3-2014 14:54:32 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\Program Files\WinZip deleted successfully

C:\PROGRA~2\BoostSoftware deleted successfully

C:\PROGRA~2\CorelDRAW Graphics Suite X5 deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\ZoomBrowser deleted successfully

C:\PROGRA~2\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted successfully

C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully

C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted successfully

C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully

C:\Users\Gebruiker\AppData\Roaming\HpUpdate deleted successfully

C:\Users\Gebruiker\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\Gebruiker\AppData\Roaming\WinZipper deleted successfully

C:\Users\Gebruiker\AppData\Local\Downloaded Installations deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2788594329-228751132-1850303638-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2788594329-228751132-1850303638-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winzipersvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5 deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.5 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default

---- Lines Search removed from prefs.js ----

user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SE

---- Lines mindspark removed from prefs.js ----

user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");

---- Lines ask.com removed from prefs.js ----

user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.swee

---- Lines crossrider removed from prefs.js ----

user_pref("extensions.crossrider.bic", "14407ee7df564f6904a49ca23aab656f");

---- Lines Sweet removed from prefs.js ----

user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

user_pref("sweetim.toolbar.dialogs.0.enable", "true");

user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");

user_pref("sweetim.toolbar.dialogs.0.height", "335");

user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff_1_6.html");

user_pref("sweetim.toolbar.dialogs.0.width", "761");

user_pref("sweetim.toolbar.dialogs.1.enable", "true");

user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");

user_pref("sweetim.toolbar.dialogs.1.height", "300");

user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");

user_pref("sweetim.toolbar.dialogs.1.width", "500");

user_pref("sweetim.toolbar.dialogs.2.enable", "true");

user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");

user_pref("sweetim.toolbar.dialogs.2.height", "150");

user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");

user_pref("sweetim.toolbar.dialogs.2.width", "530");

user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.

user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.mode.debug", "false");

user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.0.enable", "true");

user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.1.enable", "false");

user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");

user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

user_pref("sweetim.toolbar.scripts.2.callback", "");

user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

user_pref("sweetim.toolbar.scripts.2.enable", "false");

user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");

user_pref("sweetim.toolbar.search.history", "nuon%20cv%20ketel%20serviceabbonementen,daalderop");

user_pref("sweetim.toolbar.search.history.capacity", "10");

user_pref("sweetim.toolbar.searchguard.enable", "false");

user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

user_pref("sweetim.toolbar.simapp_id", "{95D9147C-92B8-4ABC-9F0E-5D24D45AEA5F}");

user_pref("sweetim.toolbar.version", "1.6.0.3");

user_pref("sweetim.toolbar.Visibility.enable", "true");

user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- FireFox user.js and prefs.js backups ----

user_23-03-2014_1507_.backup

prefs_23-03-2014_1507_.backup

ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Thunderbird\Profiles\4qevzeob.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_23-03-2014_1507_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} not found

C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found

C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} not found

C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found

C:\Program Files\MediaViewV1 deleted

C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\maps@ovi.com deleted

C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\quick_start@gmail.com deleted

C:\Program Files\FromDocToPDF_65 deleted

C:\PROGRA~2\eSellerate deleted

C:\Users\Gebruiker\daemonprocess.txt deleted

C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted

C:\Program Files\jZip deleted

C:\Program Files\Common Files\337 deleted

C:\Program Files\MyFree Codec deleted

C:\Program Files\FromDocToPDF_65EI deleted

C:\Program Files\Microsoft Research deleted

C:\Users\Gebruiker\AppData\Roaming\ZoomBrowser EX deleted

C:\Users\Gebruiker\AppData\Roaming\Smiley.ico deleted

C:\Users\Gebruiker\AppData\Roaming\ParetoLogic deleted

C:\Users\Gebruiker\AppData\Roaming\DriverCure deleted

C:\Users\Gebruiker\AppData\Roaming\systweak deleted

C:\PROGRA~2\AVG Security Toolbar deleted

C:\PROGRA~2\boost_interprocess deleted

C:\PROGRA~2\ParetoLogic deleted

C:\PROGRA~2\Uniblue\DriverScanner deleted

C:\PROGRA~2\Uniblue deleted

C:\PROGRA~2\AVG Secure Search deleted

C:\Users\Gebruiker\AppData\Local\AVG Secure Search deleted

C:\Users\Gebruiker\AppData\Local\jZip deleted

C:\Users\Gebruiker\AppData\Local\AVG Security Toolbar deleted

C:\Users\Gebruiker\AppData\Local\SwvUpdater deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper deleted

C:\Users\Gebruiker\AppData\LocalLow\AVG Secure Search deleted

C:\Users\Gebruiker\AppData\LocalLow\FromDocToPDF_65EI deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\Windows\system32\tasks\Desk 365 RunAsStdUser deleted

C:\Windows\system32\roboot.exe deleted

C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\SweetPacksToolbarData deleted

C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted

"C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\searchplugins\sweetim.xml" deleted

"C:\ProgramData\lrilldgvqakdbly" deleted

"C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\searchplugins\sweetim.xml" deleted

"C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.exe" deleted

"C:\Program Files\WinZipper\eshellctx.dll" deleted

"C:\Program Files\WinZipper\eshellctx.dll" deleted

"C:\Program Files\AVG Secure Search\vprot.exe" deleted

"C:\Program Files\AVG Secure Search\vprot.exe" deleted

"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll" deleted

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll" deleted

"C:\Windows\455F074C814E4520B69B5584BD90400C.TMP" deleted

"C:\Program Files\WinZipper" not deleted

"C:\Program Files\WinZipper" not deleted

"C:\Program Files\AVG Secure Search" deleted

"C:\Program Files\AVG Secure Search" deleted

"C:\Program Files\Common Files\AVG Secure Search" deleted

"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted

"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5" deleted

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-03-18 12:22:56 B09DE593A932B0E4BDC5B10857D15104 416740445 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

2014-03-18 12:55:18 45922155C9628E11441AA869C6287BB7 10372136 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\BackupSetup.exe

====== Java Cache =====

====== C:\Windows\system32 =====

2014-03-18 13:04:19 DE064E74D537A93F2D5C9A28BDA3F9CB 18700 ----a-w- C:\Windows\System32\.crusader

2014-03-16 17:14:24 84F221BC06D95DDBC5335BC22C9B5C15 4196 ----a-w- C:\Windows\System32\registerbestand-user-outlook-oud-16-3-2014.reg

2014-03-16 15:45:37 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll

2014-03-16 15:45:32 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\System32\qedit.dll

2014-03-16 15:45:27 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\System32\iernonce.dll

2014-03-16 15:45:27 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-16 15:45:26 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\System32\wininet.dll

2014-03-16 15:45:26 69C9F0607AF94C7162BBD25E222D4E0E 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-16 15:45:26 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-16 15:45:26 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\System32\ieapfltr.dll

2014-03-16 15:45:26 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-16 15:45:26 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-16 15:45:26 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\System32\jsproxy.dll

2014-03-16 15:45:22 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\System32\ieui.dll

2014-03-16 15:45:22 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-16 15:45:22 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\System32\iertutil.dll

2014-03-16 15:45:21 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-16 15:45:21 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\System32\mshtml.dll

2014-03-16 15:45:20 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\System32\msfeeds.dll

2014-03-16 15:45:20 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-16 15:45:20 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\System32\urlmon.dll

2014-03-16 15:45:19 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-16 15:45:19 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\System32\msrating.dll

2014-03-16 15:45:19 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-16 15:45:19 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\System32\ieframe.dll

2014-03-16 15:45:19 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe

2014-03-16 15:45:12 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

2014-03-16 15:45:07 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-03-16 15:44:35 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

2014-03-18 11:54:36 57C031BB1AF60444692FB158E8FED151 3356 ----a-w- C:\Windows\system32\Tasks\SpyHunter4Startup

2014-02-25 11:32:34 5FAF13AFB7B0C40522FD80B667BD9A8B 3878 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater

2014-02-25 11:32:34 06823A36430EF18DA738B9DB74DE30FF 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-03-18 18:12:42 -------- d-----w- C:\Program Files\trend micro

2014-03-18 12:57:13 -------- d-----w- C:\Program Files\HitmanPro

2014-02-27 18:28:35 -------- d-----w- C:\Program Files\Enigma Software Group

2014-02-27 18:27:44 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

======= C: =====

====== C:\Users\Gebruiker\AppData\Roaming ======

2014-03-18 11:54:33 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2014-03-18 11:25:34 17F336C0A13DEFDF33CC99DDB94D7437 45056 --sha-w- C:\Users\Gebruiker\AppData\Roaming\Thumbs.db

====== C:\Users\Gebruiker ======

2014-03-21 15:02:00 6463A4FA57AEE1597C26EC75DFD911D2 2836400 ----a-w- C:\Users\Gebruiker\Desktop\ib2013_win_setup(1).exe

2014-03-18 18:12:00 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Gebruiker\Desktop\RSIT.exe

2014-03-18 12:55:36 -------- d-----w- C:\ProgramData\HitmanPro

2014-03-18 12:51:06 609B83259466F78EC2014119B22100F8 930952 ----a-w- C:\Users\Gebruiker\Desktop\cbsidlm-cbsi183-HitmanPro_3_32bit-ORG-10895604.exe

2014-03-18 11:53:19 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Gebruiker\Desktop\SpyHunter-Installer(1).exe

2014-03-16 15:38:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-03-16 15:29:50 B78BCAFE70A9730B7E112053DAB3DC2C 468 --sha-r- C:\ProgramData\ntuser.pol

2014-03-04 10:44:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-03-04 10:41:40 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

====== C: exe-files ==

2014-03-21 21:17:23 17DCAF65BC7D86CBF56BA2E461BD886B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2788594329-228751132-1850303638-1000\$IV9RN4E.exe

2014-03-21 20:47:08 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\$Recycle.Bin\S-1-5-21-2788594329-228751132-1850303638-1000\$RV9RN4E.exe

2014-03-21 15:02:00 6463A4FA57AEE1597C26EC75DFD911D2 2836400 ----a-w- C:\Users\Gebruiker\Desktop\ib2013_win_setup(1).exe

2014-03-21 11:30:23 1B2261DC4D131B2C699386D2100A599C 5071896 ----a-w- C:\Windows\Temp\{EEF2CA7A-60BA-466E-B5D8-8349CDD2A555}.exe

2014-03-18 18:12:42 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe

2014-03-18 18:12:00 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Gebruiker\Desktop\RSIT.exe

2014-03-18 13:29:34 19F3566DDD9CA00AB14B8F6B7E2D51DA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2788594329-228751132-1850303638-1000\$IVEPOFP.exe

2014-03-18 12:57:14 FB3FDE59AEF5573A53B8BF301AD00DC6 106248 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe

2014-03-18 12:55:18 45922155C9628E11441AA869C6287BB7 10372136 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\BackupSetup.exe

2014-03-18 12:52:39 609B83259466F78EC2014119B22100F8 930952 ----a-w- C:\$Recycle.Bin\S-1-5-21-2788594329-228751132-1850303638-1000\$RVEPOFP.exe

2014-03-18 12:51:06 609B83259466F78EC2014119B22100F8 930952 ----a-w- C:\Users\Gebruiker\Desktop\cbsidlm-cbsi183-HitmanPro_3_32bit-ORG-10895604.exe

2014-03-18 11:54:33 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconF7A21AF7.exe

2014-03-18 11:54:33 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconD7F16134.exe

2014-03-18 11:54:33 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconCF33A0CE.exe

2014-03-18 11:53:19 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Gebruiker\Desktop\SpyHunter-Installer(1).exe

2014-03-16 15:45:26 6744457C09B9B8176CC3ECC2D0EE6580 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-16 15:45:26 3B3EBF6E3C12DFDC6B29CBAC2F5519CC 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-16 15:45:22 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-16 15:45:19 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-03-16 15:45:19 35523AF349702302EBC08D0D83661A78 208896 ----a-w- C:\Windows\System32\ie4uinit.exe

2014-03-16 15:45:17 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

=== C: other files ==

2014-03-18 11:54:43 FE2223105C443BE7FD931EE34C0B2264 6434176 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4.com

2014-03-16 15:45:12 204689EC38738BE7C07F79B745733747 2349056 ----a-w- C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2788594329-228751132-1850303638-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun "

"NBAgent"="C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart"

"MacrokeyManager"="WTMKM.exe"

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"BePCSC"="C:\Program Files\EmvSmartCardReader\BePCSC.exe"

"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "

"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="C:\Users\Gebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKCU"

"command"="C:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

"backup"="C:\\Windows\\pss\\Adobe Gamma Loader.exe.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

"backup"="C:\\Windows\\pss\\Adobe Gamma Loader.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EZ VHS Converter Monitor.lnk]

"backup"="C:\\Windows\\pss\\EZ VHS Converter Monitor.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\ION\\EZVIDE~1\\MEDIAT~1.EXE "

"item"="EZ VHS Converter Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]

"backup"="C:\\Windows\\pss\\LUMIX Simple Viewer.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\PANASO~1\\LUMIXS~1\\PHLEAU~1.EXE "

"item"="LUMIX Simple Viewer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.5 BD Edition.lnk]

"backup"="C:\\Windows\\pss\\PHOTOfunSTUDIO 6.5 BD Edition.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\COMMON~1\\PANASO~1\\PHOTOF~1\\AUTOST~1.EXE -e \"C:\\Program Files\\Panasonic\\PHOTOfunSTUDIO 6.5 BD\\PHOTOfunSTUDIO.exe\""

"item"="PHOTOfunSTUDIO 6.5 BD Edition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

"backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr"

"item"="OneNote 2007 Schermopname en Snel starten"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"Spotify Web Helper"="\"C:\\Users\\Gebruiker\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

"Uploader"="C:\\Program Files\\Seagate\\Seagate Dashboard 2.0\\Seagate.Dashboard.Uploader.exe"

"KiesPreload"="C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload"

"iCloudServices"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"

"NokiaSuite.exe"="C:\\Program Files\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"ATICustomerCare"="\"C:\\Program Files\\ATI\\ATICustomerCare\\ATICustomerCare.exe\""

"ArcSoft Connection Service"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"Info Center"="C:\\Program Files\\PCPitstop\\Info Center\\InfoCenter.exe"

"DBAgent"="\"C:\\Program Files\\Seagate\\Seagate Dashboard 2.0\\DBAgent.exe\" /WinStart"

"SmartMon"="C:\\Program Files\\EmvSmartCardReader\\SmartMON.exe"

"KiesTrayAgent"="C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe"

"vProt"="\"C:\\Program Files\\AVG Secure Search\\vprot.exe\""

"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

==== Startup Folders ======================

2014-02-04 19:18:49 2076 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16-03-2014 18:01]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29-08-2012 10:59]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29-08-2012 10:59]

C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\ProgramData\HP Photo Creations\Communicator.exe [20-09-2011 10:11]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\system32\tasks\ArcSoft Connect Daemon" [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe]

"C:\Windows\system32\tasks\Gebruiker" [C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe]

"C:\Windows\system32\tasks\Gebruiker DBAgent 2 0" ["C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe"]

"C:\Windows\system32\tasks\Gebruiker Local Autobackup 5 4" [C:\Program Files\Nero\Nero 10\Nero BackItUp\NBCore.exe]

"C:\Windows\system32\tasks\Gebruiker NBAgent 5 4" ["C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe"]

"C:\Windows\system32\tasks\Gebruiker1" [C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe]

"C:\Windows\system32\tasks\Gebruiker1 Merge" ["C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe"]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]

"C:\Windows\system32\tasks\HP-Online updateprogramma" [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]

"C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe]

"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\system32\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"]

"C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files\TuneUp Utilities 2013\OneClick.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"ext@MediaViewV1alpha310.net"="C:\Program Files\MediaViewV1\MediaViewV1alpha310\ff" []

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02-01-2013 19:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\GEBRUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default

- Undetermined - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\maps@ovi.com

- Widevine Media Optimizer - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}

- EPUBReader - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

- DownloadHelper - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

- Undetermined - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default\extensions\quick_start@gmail.com

- Undetermined - C:\Program Files\MediaViewV1\MediaViewV1alpha310\ff

- Widevine Media Optimizer - %ProfilePath%\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}

- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

AppDir: C:\Program Files\Mozilla Firefox

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\f9ead0iq.default

95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash

5596E40701BE8A4AEC399F57DBCE289E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5

87FCE1D38F135B923EEC502825B5C7F6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5

5A2AF08FEF626D3825AA7923B0A9DFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5

B033D1486EAD65BE7857114DFAFD8429 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5

DA632EC5CCC16F0B0FAC9BB21C10B2C3 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5

49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update

01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U45

F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

A847F61BACFA2C4E3E0B0F9431BB5245 - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin

F4D52B252DA08B647F2BD5379191A741 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer

AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ibccgkdkihdcijjkajflfipopfclkbcp - C:\Program Files\MediaViewV1\MediaViewV1alpha310\ch\MediaViewV1alpha310.crx[]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]

YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AVG Safe Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

AVG Do Not Track - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\quick_start@gmail.com deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaViewV1alpha310.net deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ibccgkdkihdcijjkajflfipopfclkbcp deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SupTab deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Gebruiker\AppData\Local\Mozilla\Firefox\Profiles\f9ead0iq.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=957 folders=403 277708746 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\WinZipper" not found

"C:\Program Files\WinZipper" not found

==== EOF on zo 23-03-2014 at 15:27:43,52 ======================

[kape]

Dat heeft inderdaad flink wat rotzooi van de PC gehaald ... maar er is nog meer mogelijk !

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

• Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
  

[grijze haren]

[ATTACH]30921[/ATTACH]

AdwCleaner[S0].txt

[kape]

Oeps ... AdwCleaner heeft de besmette bestanden ook nog een pakje lichter gemaakt. Nu kunnen we aan het échte opruimen beginnen:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings
  

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”.

Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”.

Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.