Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
mar
hoi.
als ik soms op site klik krijg ik vaak deze site waar ik niet om gevraagt heb.wat is dit.
xxxx://serve.bannersdontwork.com/serve?size=800x600&ch=games
gr Mar
Hoi
Adwcleaner loopt steeds vast
hier zijn de logjes
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.08.08.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
hansenmarjo :: HANSENMARJO-PC
Bescherming: Ingeschakeld
10-8-2013 17:23:28
mbam-log-2013-08-10 (17-23-28).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 219852
Verstreken tijd: 4 minuut/minuten, 10 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 1
C:\Users\hansenmarjo\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 1
C:\Users\hansenmarjo\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by hansenmarjo at 2013-08-10 18:39:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 124 GB (65%) free of 191 GB
Total RAM: 6048 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:14, on 10-8-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\trend micro\hansenmarjo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12670 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Windows\system32\FBAgent.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe”
C:\Windows\System32\spoolsv.exe
taskeng.exe {6F1510C7-A2B7-4FCB-A78E-7EB94B2CBEB0}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe”
“d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe”
“d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 1940
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe”
“C:\Windows\system32\Dwm.exe”
“taskhost.exe”
“C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe” /TUStart /pid:1100
“C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe”
“d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\ASUS\Splendid\ACMON.exe”
C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {48ECE5CD-5216-4AB2-BB7E-5CFC0135A94F}
“C:\Program Files\ASUS\P4G\BatteryLife.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe”
ATKOSD.exe
“C:\Windows\AsScrPro.exe”
KBFiltr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe”
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
“C:\Windows\System32\igfxtray.exe”
“C:\Windows\System32\hkcmd.exe”
“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”
“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe” /SF3
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
“C:\Program Files\Synaptics\SynTP\SynTPHelper.exe”
“D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
“C:\Program Files\Microsoft Office\Office14\GROOVE.EXE” /TrayOnly
“C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”
“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”
“C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe” /S
“C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe”
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
“C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE”
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=gpu-process –channel=“3880.0.827947213\1253824326” –supports-dual-gpus=false –gpu-driver-bug-workarounds=0,9,20 –gpu-vendor-id=0x8086 –gpu-device-id=0x0116 –gpu-driver-vendor=“Intel Corporation” –gpu-driver-version=8.15.10.2559 –ignored=“ –type=renderer ” /prefetch:822062411
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ –extension-process –renderer-print-preview –enable-threaded-compositing –disable-html-notifications –channel=“3880.2.1531164187\1133191292” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ –extension-process –renderer-print-preview –enable-threaded-compositing –disable-html-notifications –channel=“3880.3.1935907428\327275604” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ –extension-process –renderer-print-preview –enable-threaded-compositing –disable-html-notifications –channel=“3880.4.1110615453\1312015595” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=plugin –plugin-path=“C:\Users\hansenmarjo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.578_0\npbrowserext.dll” –lang=nl –channel=“3880.5.1928869905\1246064551” /prefetch:-390060480
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ –renderer-print-preview –enable-threaded-compositing –disable-html-notifications –channel=“3880.7.1610593276\660152483” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ –renderer-print-preview –enable-threaded-compositing –disable-html-notifications –channel=“3880.8.1697953818\1177068699” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=ppapi –channel=“3880.12.2062180464\1200195732” –lang=nl –ignored=“ –type=renderer ” /prefetch:-632637702
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”
“C:\Users\hansenmarjo\Desktop\RSITx64.exe”
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
IB Updater - C:\Program Files\IB Updater\Extension64.dll
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
AC-Pro - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
IB Updater - C:\Program Files\IB Updater\Extension32.dll
Incredibar.com Helper Object - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“AmIcoSinglun64”=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
“SynAsusAcpi”=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
“RtHDVBg”=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
“BCSSync”=C:\Program Files\Microsoft Office\Office14\BCSSync.exe
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“DAEMON Tools Lite”=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
“OfficeSyncProcess”=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
“Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
“ASUSPRP”=C:\Program Files (x86)\ASUS\APRP\APRP.EXE
“SonicMasterTray”=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
“ATKOSD2”=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
“ATKMEDIA”=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
“HControlUser”=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
“Wireless Console 3”=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
“ASUSWebStorage”=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
C:\Users\hansenmarjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft SharePoint Workspace.lnk - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveAutoRun”=0
“NoDriveTypeAutoRun”=145
“NoDrives”=0
“NoDrives”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-08-10 17:33:38 —-D—- C:\Program Files (x86)\ESET
2013-08-10 16:54:27 —-A—- C:\AdwCleaner.txt
2013-08-10 16:38:40 —-A—- C:\AdwCleaner.txt
2013-07-22 21:55:00 —-D—- C:\ProgramData\JollyBear
2013-07-14 14:01:23 —-D—- C:\rsit
2013-07-14 14:01:23 —-D—- C:\Program Files\trend micro
======List of files/folders modified in the last 1 month======
2013-08-10 18:39:14 —-D—- C:\Windows\Prefetch
2013-08-10 18:31:14 —-D—- C:\Users\hansenmarjo\AppData\Roaming\Skype
2013-08-10 17:52:12 —-D—- C:\Windows\temp
2013-08-10 17:33:38 —-RD—- C:\Program Files (x86)
2013-08-10 17:31:03 —-D—- C:\Windows\system32\config
2013-08-10 17:22:58 —-A—- C:\Windows\SYSWOW64\log.txt
2013-08-10 17:21:41 —-HD—- C:\ASUS.DAT
2013-08-10 17:20:54 —-A—- C:\Windows\SYSWOW64\acovcnt.exe
2013-08-08 18:33:42 —-D—- C:\Windows\system32\catroot2
2013-08-06 18:07:33 —-SHD—- C:\System Volume Information
2013-07-23 12:00:56 —-D—- C:\Windows\system32\drivers
2013-07-23 12:00:28 —-D—- C:\Windows\system32\drivers\UMDF
2013-07-23 12:00:27 —-D—- C:\Windows\System32
2013-07-22 21:55:00 —-D—- C:\ProgramData
2013-07-21 23:26:10 —-D—- C:\Windows\inf
2013-07-21 23:26:10 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-07-15 09:22:44 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-14 14:01:23 —-RD—- C:\Program Files
2013-07-13 22:39:30 —-SHD—- C:\Windows\Installer
2013-07-13 22:39:11 —-D—- C:\ProgramData\Skype
2013-07-13 22:39:10 —-RD—- C:\Program Files (x86)\Skype
2013-07-11 22:16:52 —-RSD—- C:\Windows\assembly
2013-07-11 22:16:52 —-D—- C:\Windows\Microsoft.NET
2013-07-11 21:24:46 —-D—- C:\Users\hansenmarjo\AppData\Roaming\ERS Game Studios
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S3 a3sd04u8;a3sd04u8; C:\Windows\system32\drivers\a3sd04u8.sys
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 MBAMScheduler;MBAMScheduler; d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
ik hoop dat jullie voldoende infomatie hebben
gr Mar
Hallo,
Download de
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met JRT
(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
Dubbelklik op JRT.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
De tool zal vervolgens het systeem scannen.
De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
Als de scan gereed is zal er een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch worden geopend.
Post de inhoud van deze log in je volgende bericht.
Gr.Ben
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.2 (08.11.2013:1)
OS: Windows 7 Home Premium x64
Ran by hansenmarjo on zo 11-08-2013 at 14:25:06,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Successfully repaired: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: HKEY_CLASSES_ROOT\esrv.incredibaresrvc
Successfully deleted: HKEY_CLASSES_ROOT\esrv.incredibaresrvc.1
Successfully deleted: HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: HKEY_CLASSES_ROOT\AppID\autocompletepro.dll
Successfully deleted: HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: HKEY_CURRENT_USER\Software\browsermngr
Successfully deleted: HKEY_CURRENT_USER\Software\conduit
Successfully deleted: HKEY_CURRENT_USER\Software\im
Successfully deleted: HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: HKEY_CURRENT_USER\Software\installcore
Successfully deleted: HKEY_CURRENT_USER\Software\softonic
Successfully deleted: HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: HKEY_CURRENT_USER\Software\AppDataLow\software\giant savings
Successfully deleted: HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: HKEY_LOCAL_MACHINE\Software\browsermngr
Successfully deleted: HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: HKEY_LOCAL_MACHINE\Software\ib updater
Successfully deleted: HKEY_LOCAL_MACHINE\Software\incredibar.com
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj.1
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\i
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\incredibar.dskbnd
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\incredibar.dskbnd.1
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\incredibar.incredibarhlpr
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\incredibar.incredibarhlpr.1
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\incredibarapp.appcore
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\incredibarapp.appcore.1
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Classes\suggestmeyes.suggestmeyesbho.1
Failed to delete: HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
~~~ Files
Successfully deleted: “C:\Windows\syswow64\authuitu.dll”
~~~ Folders
Successfully deleted: “C:\ProgramData\babylon”
Successfully deleted: “C:\ProgramData\browser manager”
Successfully deleted: “C:\Users\hansenmarjo\AppData\Roaming\drivercure”
Successfully deleted: “C:\Users\hansenmarjo\AppData\Roaming\software informer”
Successfully deleted: “C:\Users\hansenmarjo\appdata\local\giant savings”
Successfully deleted: “C:\Users\hansenmarjo\appdata\locallow\babylontoolbar”
Successfully deleted: “C:\Users\hansenmarjo\appdata\locallow\conduit”
Successfully deleted: “C:\Program Files (x86)\autocompletepro”
Successfully deleted: “C:\Program Files (x86)\daemon tools toolbar”
Successfully deleted: “C:\Program Files (x86)\incredibar.com”
Successfully deleted: “C:\Program Files (x86)\software informer”
Successfully deleted: “C:\Users\hansenmarjo\AppData\Roaming\microsoft\windows\start menu\programs\free ride games”
Successfully deleted: “C:\Windows\syswow64\arfc”
Successfully deleted: “C:\Windows\syswow64\jmdp”
Successfully deleted: “C:\Windows\syswow64\wnlt”
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0005C5E6-CDA7-44F9-94B9-86DF57F7685C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0075B713-AA13-4A06-9F00-D6E24C5E8040}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{00A94F75-03B4-4AB9-B94A-0F7B3D904E00}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{01007C81-4A5B-41E3-A96B-089FE3E7FEA8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{02752650-6E74-4C89-964D-7988CCBE30DF}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{02D8C0CB-ADA2-463A-820F-FF7F51F85F8B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{04B448AD-1BC2-42EC-BA25-088E02BA25EE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{066376B0-2113-4EBC-8375-1E39638883CD}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{06F356C0-D7AE-4868-8E06-F909047B9613}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0702121D-9BA9-487B-AE22-3B07978E066D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{07F428A6-B354-41F4-873B-1281F7A5A72E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0862CB50-1132-4B21-AC69-1794A7C67AA6}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{08660194-8FA8-4612-9A07-7CBE5CAC29D5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{08F64D54-E8F6-475F-83DC-D6FD448006E6}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{09785D9B-8704-44B3-A3ED-8FC9D04926D9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0A181257-445B-4AE6-A560-FA3C8E24112F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0B77E28D-6456-4BB8-9412-216A99D24BA5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0BA0CE03-385B-4731-8110-86F5A12339C3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0BC0CA35-F4A2-49BE-97DC-1D549C05CF68}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0C0B684C-D155-45B9-A867-2CDDDAD6E2FD}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0C7F0056-1462-4063-A591-A98D72D5A148}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0CE43732-B465-4010-A326-E81CBC4A7730}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0D893F88-B699-4A85-A93E-FC75DE3B62A6}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0E381CC2-B620-4CA6-BBC8-4C7E611F1FB8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0E56AD85-4ED9-44A9-A934-E1A2BBAEE21D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0EC2E21C-D569-4744-862D-935DC9E6F362}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0F28B2D3-08C6-48EA-B065-D8CECEE46F71}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0FAF47F5-5D82-4B32-B39F-0550FC951CB3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0FC04F4A-C469-4A41-B29E-3ED9B5DDAEA9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0FD2E74A-88B7-49D9-B79D-F0645DB39B97}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{0FD49DF8-F402-46EB-B7B3-BDA5578D9823}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{10394EB0-5B8E-42F2-B04D-30A74C131CF8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{10F1625A-34FD-48E2-AB0B-A9E9C1EAF85F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{11026BF4-44D1-4D7A-A3E9-F7AB2D419EF3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1121C48E-6906-47C2-BFC2-F705C6F89625}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{11C3E78F-00DA-441D-BE62-271D41A97C6A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1329F235-A38B-4EBA-A15D-2E5F22197363}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{13D686C6-BE2B-4C95-B8FB-917721EC8106}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{13F499D1-B11A-4170-ADA4-9A540DB17879}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{16D2F10C-975D-46AE-8F0F-40CFAC0A5C4A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{16DBFD85-31AA-4768-98B3-375F150EC03D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{17597A50-854B-40AE-A319-6FFC216AC539}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{17C26A6B-C1CD-484C-9BF5-B5237F99B5BC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{18036937-68E4-4385-8B9C-B1659E618C1D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1B34DFE0-353B-41A9-B85B-84A218DBC1BE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1C4AAF7D-519D-4DF7-BC6C-FA4A780511EB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1CCCA735-FA4A-4C8C-8ED4-7F89B9E4BC9E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1D8DFEF2-FC09-402F-B554-8BCF30D63870}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1DF4A478-83A3-4409-9626-F86DAEBF5C71}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1E551970-8209-4502-8139-56C5853CE8FF}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1F7ECEED-DBD9-45BE-BF6E-FF11844A471F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{1FBEA5BB-9E7F-4057-AFA6-EA106D0E922A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{20B7525C-1916-4F14-8E56-834913B4E5E6}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{23362367-ED3B-4553-8991-CE9615A51EB5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{242E2551-EB33-4555-97BE-89E432A6C21E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{249514B6-2FE2-44E6-A4C1-EB6490171F96}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{24B69222-5D61-4F9E-A81D-BA84F1AD7F05}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{25372092-BA78-41E5-B489-1C9E666DBF7D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{25DC1CD8-4171-4ED9-89D2-5ACDC668B175}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2654066F-A688-488E-8B1E-B523C155E29D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{26B4F253-F322-4148-A494-E0EE1731C3EF}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{276DC081-421A-4E77-B034-4747479A70E8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{294D7C00-38DC-4B2D-965D-2BFA5121D74D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2A066179-3BF3-4B16-AB9C-C400D976598F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2A30FBA1-E6D7-42DA-9D17-9C4F17101E96}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2A607541-FD9C-4672-B1F2-E5BBC7CD8B06}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2BF53653-211F-4380-B48D-7D0CA509E103}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2CC43C3A-8C4E-450D-A182-C45E13194A15}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2E84BA08-2B6A-4667-A84F-06B24EA99022}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{2F9B596D-EA55-40C6-9B5C-E3A38469C1B1}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{30AC9D4D-DD58-48F6-942E-F64D5F788BF3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3117C77B-4BC6-43EE-BA40-239EC55B255A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{316A01A8-E855-4DCE-A963-F7FB46831BDB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{31CFA33B-AFF5-4F6B-B7BA-C466E38804A5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3267F2BD-3659-4E05-9E40-3073FAFFA128}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{32CD53F0-0216-432B-892D-F2C3C5105974}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3421DEFA-2D1C-47BA-BC8E-1135956F7C03}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{34DF79DA-7E97-4535-BB02-303EC7F35065}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{35FDFB49-75F2-4E5D-A813-0CD7AA6C8387}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{36835693-F5FF-406E-951A-354CE75CB752}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{36BFD980-5A6C-4989-A31F-09B8216709CC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{37B1D836-1E7F-4DE0-9F2B-6271221469E3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{38324FF7-C946-4293-8088-E863A713E1DC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3851BFF5-DDAA-440D-9E3F-7EFDE901882D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{38923D63-E6B2-4F7E-B450-97B61E3217CF}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{392CFA2D-2D51-4D59-A8F5-ECFF369C382F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3BCBC39C-2CE1-4FC4-AD47-53E9D9672362}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3CCB29E4-7790-442D-91BB-0711B0918193}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3D1B3808-5BE2-4D6C-B8E6-AD401E60D291}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3DCACE84-6100-457E-975B-9A29ECB34A7E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3E4AE337-FFF2-4B6D-8EF4-0D729FC5CFF2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3E732926-7E93-40CC-ADD3-392C2D6537C5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3E827BF8-55E0-4593-B3DA-E91E97ACCCC3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{3F224B99-23FD-492F-AB76-96D34C7DF982}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4071DC3B-3607-4208-950B-5BBEE7F86167}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{408874F6-ABE2-42ED-B7EE-75EC7C1C8CD2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{411BCBB0-5F90-4A2F-A677-79E7B8C99B48}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{413578F1-385C-48B8-A73E-A3F9773F8379}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{41AF8750-3CAF-48B1-A34A-19A94A1DEF41}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{429032D4-6EBD-4219-9195-C45B17FF4C59}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{42EA8464-6571-4AFE-8A09-187760F76C26}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{43643D6C-F524-45DF-A5D7-15B20E765CBB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{43E44E7F-E58E-4002-A124-D709903ABE6E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{43F5E03E-1919-40E8-A8B1-B9AC85B0FB52}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{45E32754-1E99-40FF-8CEE-65608649EEE8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{45ED57D4-AF3C-43C1-8B9B-B27CE59B56E3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{46237010-38C4-456E-B480-9231872DBBDB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4747BC16-C510-42D1-BD5E-0CB6A3F25654}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{483147F1-EA97-4CA4-A55C-F7814D94AB85}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{484E1833-62A3-476E-A5E7-4869910F6703}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{48C1158F-ECAF-4D49-A246-84C01F1E04D3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{49320C13-4EAD-4977-9932-0D0FE5626941}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{49591998-F5E3-4453-8397-8BD707A05C7B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{498E9402-1C42-47C4-B191-534EFEDDB39E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4991C2F9-49CA-4FCA-AEC5-254175FAB247}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{49D8DD67-3B8E-4F86-B95A-F1FF4A1796FA}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4A4A6203-461A-4045-86AA-FC5B6D7E5084}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4BA6330B-7EB6-4F18-8CD0-FA1A3F06C8E0}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4C327027-D24C-4F09-9B8C-67971B107870}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4C371CF4-6D3D-4747-9B59-D802B3450100}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4D03AA5C-6C7C-4381-8608-E8E72A2BDC7A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4D06168C-8BD5-4B11-B051-E1F70A7918E5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4D109753-DC37-4DFB-9EE8-4F2A84C15CDE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4D3BF7BA-19B0-43AD-A5A9-9978DFE6DB32}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{4FE4C847-C367-423F-8F1C-CAFEA39729D1}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{51A8ED58-3CD9-4D27-8964-5BD1E03EDBB9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{531A7672-F246-43E8-BDD5-34E376B90A2B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{54177B1E-217C-41BE-9D98-DE5554C79B7E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{55EC42C4-C46B-4807-8104-9BAC68703057}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{57394E9B-8AF8-4C5E-8BC0-DB908CEFE74A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{57B4A902-EEFD-43D8-B040-E81924A59D81}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{5876DE1C-3A81-4062-8894-C02CC6836639}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{58A24D72-A040-42DB-B4B7-539540188B49}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{58EF6748-20EA-499D-81B5-E460D3D8FE81}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{58F0FF22-FC79-41BE-9329-9DBA65539E7D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{591F6BF7-E47D-4798-8812-48E6047D66D8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{5BE05D16-8394-4DE2-BAC8-58D01A606500}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{5CFA0E4F-2F48-4E36-8775-49FF319602CA}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{5E36F4E5-87A9-4711-8A7E-6799A259D9C9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{5E73F6D7-662B-4FFC-BF0B-A4B2CAEC0A8C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{5F016139-2716-4C21-9D89-51C5C2F80906}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{60D2B39B-9125-4DCA-B6D3-2B8412FC6A13}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{610CA6A0-26E7-4453-81DD-6A4391620D67}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6172F725-91DD-49DE-8399-08442D30FC30}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6182CEDE-4B96-4A6E-9701-8026A0AE90D2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{622F3690-4219-4B5D-8CF8-036555D53F27}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{62D9B260-F673-495D-9939-ABDFE0494ED2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{63739D65-0FED-4760-9189-1D4DB70E45FB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{63840337-0F5E-4C3C-9204-5FB1EA7645EB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{63ED910E-FBF9-4BB5-9B1D-B90DF3319FDA}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{64EB2014-4961-4546-BFE2-D2E220BB8D8B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{658BA2D9-CF2E-400E-86C2-DA2487715A08}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{65D7A8DF-84B8-405D-A2F4-9B75337CF070}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{66D21548-8FFA-41D6-90AA-D6B6B9FC4905}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{66F9C5A9-63BE-476E-9B9A-92B8C7F1859B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{671BDF89-40DE-4086-8A71-1DD7E09A61C4}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{677141CE-A3AF-4107-BACB-C2333BC4AE42}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{696D0391-B88E-43A2-AC3E-6974E54CB78B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{69C8D1E5-94FD-4517-949C-0F29DFF7DF29}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6AF315E3-5C54-4BFB-81F5-1B0762704B64}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6B0C0A3D-E554-4401-8C77-1FDF396F4787}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6CA2F98F-C456-460A-BF50-2AC5C0EC54DD}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6D66743D-8188-4705-9BE0-15E56A4DBDD4}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6E29814C-D6E4-43FF-BE55-E4944244FF20}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{6FFE8123-05C7-4E85-B36B-4B35A6EDD158}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{732ECDF9-6812-4D24-907C-4088A6803ED7}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{749B2FE5-67C6-4720-AC20-4DCE27D50E07}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{74F02C41-084A-4875-8E1A-792C02542C93}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{75AAE347-3ACA-4BEB-8900-49C4DA87949A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7620116A-2D80-4AA6-986F-76522F604007}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{77748FFA-B21A-4CA3-A3C0-25D801787F21}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{77D553F5-5357-4ECA-992D-3471F48D950A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{783B62AD-4D98-41D7-904F-7CC069928C33}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{794BC8E1-815B-4EBF-B9E9-C87E5BEA73F4}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{79B6E0F0-3DCF-4995-9AE1-A4F0232454A7}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{79D36DBD-725E-4004-9F5F-3DC94A4A4A71}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7B156F06-5F4E-44D5-AA45-8D89730F4383}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7B3B96BD-845C-453B-89A6-8EB8C5599795}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7B5A4615-935C-4EF6-9AFC-34298CDB043C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7B7229E4-B4BB-4916-889B-728451AD728B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7CA58AB2-491B-47E1-B37F-5A2D59707A48}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7CBDA6BE-DEE2-4F1E-A3A2-BA81323D0D28}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7EEC08EF-6CA1-442B-9085-3240387F577E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{7F91850E-4AF8-4147-A79F-3FE05C00DE61}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{80011625-87C0-4F25-8B73-10774569D190}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8008B572-A391-4D61-8AFC-C83897BEE28B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{80172AA7-2149-45B7-9078-A513CE63BCF2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{80CA3D77-9FF6-4587-A88E-77F83CAA79BE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{80FCCFF1-7216-40F2-B1CC-BFB5BD5672D4}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{80FE28DD-176D-4BF1-BB74-CFD1A375B0BC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{83BAF8B7-2C86-461B-825A-B112484EC454}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{84099E3B-FB7E-49DE-BAC5-7E898A2BC24C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8420712D-15B3-42BD-B738-CB7BD029C392}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{84909DA9-13DB-4E67-AC51-FE044542A9F2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{850EAA52-BD7D-4D20-B370-7D047D01B249}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{86711D48-A368-4BB6-BD95-FE234FCE49BC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{86998FB1-4B76-464E-9A55-991CEAF5C0C9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{86C92707-B518-49D8-B508-B8DED4FC2CDF}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{86EF8B4E-CF88-4863-B5EF-C67DF314D359}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{879B64C8-AE3B-4D19-A7DC-A8B9754514DC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{88938F14-4511-429D-96CA-EC09239F2E82}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{88D5837D-FDF6-4F9F-971F-E9712F569893}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8B147087-6C90-4B86-975B-E9327B5B7D14}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8BADAEB7-9F43-4C9A-A86A-8652B6972F47}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8C058F0D-B689-4484-AB2E-BA42B6D4979F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8C17697F-28FE-472B-A0E2-EE9B1261B766}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8C4DF67C-1027-4C2E-A9E2-E646CB8C4607}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8E07ADD7-4C8E-432A-80C0-6145379A5F4C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{8FB54526-CB24-42C7-89A0-E5CF843DFED6}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9073A5CC-0F30-4F9D-B51C-B4A04E8724E7}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9077B84D-4578-458D-A62A-299E75CF44B0}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{90F63219-B976-4A1E-87DF-6D825EF6A051}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{91AEDFFA-5E3D-48A7-9D0F-305A541F7637}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{91E520F3-8AB6-4D5A-86D8-E826AD8E901B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{92A7DA51-1F5C-452B-AE0C-5A3E91F72232}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{93B6A105-F195-4E3B-BD7F-E4B30A63D038}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9584513F-8AE5-4477-A428-22E2D5F71484}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{96148D5F-6E0F-4142-933B-490859C8E439}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{965633EC-0B64-4E2E-8CBC-B21DF9C32DBE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{97D0C3D2-7256-4F4A-848D-CDB4383CDED0}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{98B874DB-43C4-4357-857A-67C967DF9E88}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{99A7C78C-FB5C-4D06-AE48-8CE1BF1BDF49}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{99AA48A7-D1B7-4F36-8F6A-FD8CEB5D5D35}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{99CF52CC-F3B2-4216-B16A-BBE6A5FF4A91}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9A673C38-A023-4BA3-8F3F-D83E7DE0A640}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9A92A639-998E-4F44-985E-2091B4FFF68B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9BE1FE23-D2D1-4B64-8E4F-755EEC8E0554}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9D81FBB4-E5C0-4C29-BB40-091407520697}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9D94AECC-B4C1-4C84-9291-331BA398512B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9E14F89B-BA7D-4B26-951D-D7F0A0C42A2C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{9EB04A15-625D-4DF3-A91A-96A058BA4CC9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A1FCFB0E-7581-4F04-B6D9-D212175834EB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A382948D-007A-403A-B893-1E76925A2A4E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A4D7E51D-83F2-4486-B9D8-2C85641E1C19}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A514B144-02F6-43C3-B68B-46ED82551E08}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A59045EA-7B8C-4AAE-8608-4A473DFD8B69}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A7105298-6212-4037-A615-CC037285EA96}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A8753565-9B64-47F8-B6D5-14C88E758486}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A8F93452-F199-4BF5-B0A3-551A74E86158}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A9DB7E43-85C7-4307-9D18-20188FC23B73}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{A9E70836-A5BF-4161-89E9-539EF432922E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{AAC213CA-A106-4658-A9DD-18D1FEC98808}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{AADEE117-8F0B-43A8-960B-11B3B1B63D22}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{AB0A68EC-1C03-43CA-B2F8-7A2CFA4E267F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{ACA63417-5E7E-4F8D-AE2F-4D488D3648DE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{AD582DD2-562B-4F49-905B-FAD850A20C1F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{ADDB52B9-015E-4181-94DC-F79195C2B6BC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{AE5B9165-9A38-4E97-8FE6-A78772C348CA}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{AEADE606-644B-480A-A8C5-E1F88B1D4A13}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B06C8AAF-A12D-40CC-B4C3-26C1624096EC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B35223CF-AF84-409C-A1EF-B6BC0D726054}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B4961241-078A-4E59-AC69-4BE2D1185003}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B4E6B6B9-A461-4235-865E-BF1F5313C1E9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B4F56757-4E9F-4907-BDF9-E1A0C534637C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B4F852A1-AE87-4A51-AAC4-A9A75A569B43}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B56A30FF-67CA-4A1E-92AC-1BB7EEC1D5B5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B65915EF-79F8-49DB-976A-0C34109272CD}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B7AC98CD-714C-45F5-AFA8-29C1676C8593}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B9B3C3EA-7202-4F32-BB41-42048FF26BF5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{B9FC7B1F-C3A9-42E7-866F-8BE86ED79F72}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{BA57739E-043B-4D1A-8E16-B1FB78A8F4A8}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{BCA914C3-CEA0-4AE3-9965-8CCCB47A214A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{BCB1A4CD-5B92-421D-A86A-28DD3DEE9CC9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{BDAE2264-F447-4B51-8D14-376463ED9621}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{BF38B246-1583-420F-BE40-285CD0107B45}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C006B688-4B97-436E-B1A6-0997A70E8A31}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C04FFAAE-6FFB-485F-9363-141362AA2CEB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C18982DD-83EA-420D-B0BB-F73E6A71649A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C1F825F2-464E-4CA8-A273-382DA6FC040D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C3972802-47E7-47AF-A1CB-CC17E8DFCE08}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C468B52F-E2C2-466C-A8BD-A9CB50FAE62C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C4A6693C-9BB3-4874-8499-863D4B5027BE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C5DCAB6C-3731-430A-9079-9C91E83B4C70}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C5F5FBBB-29E1-421C-9FFE-4EDA37493A8D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C700B6D9-C45F-4B9B-8BAE-F640EA325EA2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C7A11CED-EB5E-42F7-AFF3-E885887518FD}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C89F6568-3B13-4D99-9FCD-3966244E79FF}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{C8A4DF52-17EC-4373-82D4-B4F90C22A3A2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CA01DCC1-063A-4F0E-801A-8BC37C4AAFD9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CBEEC4F4-431F-43A1-B2A0-BBF10F992E4E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CC6EAA2A-A7D1-4694-9FC6-91D6928501DE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CD0600ED-04BF-44C3-BEAE-45ED8C1AC178}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CD323FCA-308A-4271-92BC-5913C3DA057E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CE039A08-F3A4-456D-B09B-6072ED3EC23E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CEC5DC12-D794-4C04-A93E-7BF37816508F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{CFA2B43B-C363-4C44-8214-0FD58A2F4B84}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D03EF89B-0E98-4E5B-8736-275E73167E28}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D0440149-BE29-46D3-9412-0C74EC5A15C3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D3A017A9-BF13-4EF7-894E-FD790670A4F3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D46032A2-EB7A-470D-AC0C-2BA82B3D0B46}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D549C894-B5B2-48E3-9B60-C57E7DF61A08}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D571CAE4-D0BC-4660-B0E7-508610C24F8D}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D62E16D4-118C-4838-99F6-C5A9A8674C0B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D74E83F0-9394-4017-AEDE-9B9730ECFABB}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D75E3A4B-C6CE-4F37-B2F0-21D5D282804A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D813D0B7-8AA9-4850-9A0F-832648C20498}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D8FFC1E6-FBEF-4F99-B0B7-4AD9B6F2C91B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D903ACC5-0D21-40BB-A993-51A896F3086A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{D9F95472-D8F6-4410-BB60-47548FD60384}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{DAD33BB0-8581-445E-9CF0-2CF4DFC37DB5}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{DAED67FF-BAB1-4B3D-BB92-D427F50D6D12}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{DC361D70-98CE-44F6-8B2C-E3ECFD0AEFF1}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{DDB0D1CE-0F1D-4ABA-8AB6-E3C55B964642}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{DEDEBFAF-23C0-4CEA-ADAA-47132BF90E78}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{DF084B8A-99F9-478C-923C-47014876DBC7}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E019BF91-0DCC-48D5-B5C8-6B8B73D1F177}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E023C1B3-B57D-430E-9F94-D3E7D8F541AE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E0332689-5AC0-4EC9-AE1D-C2F4635069E9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E072BBE0-B8C9-43E5-A62D-FB0E40BB2B49}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E13442FB-FAC8-42EE-AB67-1B4D5723A59C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E1B8A64F-7BB1-462F-BD0A-13C404F6659A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E1D26D3D-33BB-41B9-BD65-445DD33380EE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E1F140E2-AE2E-483A-85A2-ACF52558F540}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E362DD95-0FEC-4896-A9EF-9B1D7C1270E6}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E4435B02-2AEB-48AB-A8C6-90072CF23B55}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E4B05C39-826C-428B-B41D-F84536FD4E27}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E52AB274-640A-4130-91C4-AA00E3FB1477}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E5712BF2-ACC1-46EC-A531-88DF1718B44F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E586FAEF-3721-4252-B303-F5FC9B2D3DF2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E598A3DC-003A-4C0D-A05D-C210D558DFB9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E6BD31E1-2A79-4F5D-837C-07CF1779FE4F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E88913BE-7D9C-45CB-BE82-C603B333198A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{E8FB6042-4EBA-47DE-AD48-A9C3160F6E6E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EA9A82FD-03AD-499B-8DDB-F16DBCBB6151}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EB06994F-888E-4DA8-BA02-0FE6BF3CBE89}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EB14B796-B0C2-4137-A813-41DAA65A9D45}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EC285848-5B88-4D82-BA37-34B39A312210}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EDFF3FD1-0879-489F-94A5-C3B6EA32A63B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EF4BBA71-3DD3-4950-B19A-5716A60FB5CC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{EFDCEBE8-3384-427B-9AE1-ABADC81EF638}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F027FB29-F619-42E4-A258-0A57FEE2F1CC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F030D400-705C-45E5-8433-9B4F85B45870}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F07E21E8-8C40-46F6-8F99-003D452B040A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F0CB7793-ABDD-4F8E-AB42-D673DD46BA07}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F165CD9C-1151-498A-827E-D2302353C34E}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F1A2DB9E-7EA9-4D4F-B37B-987320B179A3}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F2D3E0D1-4463-4AE6-9FEC-845511FED159}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F3D52FE9-4718-492B-9D66-DA581D7428BE}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F48C0140-A00F-44CF-BE7A-7442BCB7AC17}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F501BBAF-2E66-408C-981E-086BAF04C74A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F52C69CD-D15D-4FB8-A9C2-3FE1664FD5BC}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F54103AE-CDF9-4666-A3E2-562B41BEE597}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F7150E1E-38E1-48E8-B2E3-BDDA7EE8129B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F74A727A-1B79-4079-AE98-DCE9F6A7C8E0}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F80B0AC0-59C7-4FD6-AD84-1D4B4E6459A4}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F87CEBFC-76EE-4E2D-AA51-C506AE08EE62}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{F888472D-30A1-49A8-9C8D-D6EADF833D1A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FA2CF65F-73FE-4D5A-88DD-0F9335F6E17B}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FACC2F83-8E25-443C-BA1A-2C004E5C1F28}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FB13DA9E-3C33-4C3D-871B-D08281B9F74A}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FC4D7D51-DA88-48FC-8B9B-0034635E2FD9}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FCC780A9-CE21-4F0A-9534-6D787A5CDA1F}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FE7313AC-B8FF-4D9E-B614-1CB37B28B233}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FED574C3-EE40-4CB5-8237-856D2B03613C}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FEFC85E1-7954-47CA-86B6-E7BCA54574E2}
Successfully deleted: C:\Users\hansenmarjo\appdata\local\{FF005FDD-D36E-4139-A62D-605FD3E9576A}
~~~ Chrome
Successfully deleted: C:\Users\hansenmarjo\appdata\local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
Successfully deleted: C:\Users\hansenmarjo\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: C:\Users\hansenmarjo\appdata\local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Successfully deleted: HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 11-08-2013 at 14:34:04,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hallo,
Zo dat is een opruiming.
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by hansenmarjo on zo 11-08-2013 at 14:55:51,24.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\hansenmarjo\Desktop\zoek.exe
==== System Restore Info ======================
11-8-2013 14:56:49 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\hansenmarjo\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“BrowserMngr Start Page”=-
“bProtector Start Page”=-
“BrowserMngrDefaultScope”=-
==== Deleting Files \ Folders ======================
“C:\windows\SysNative\Tasks\Browser Manager” deleted
“C:\windows\SysNative\dmwu.exe” deleted
“C:\user.js” deleted
“C:\Program Files\IB Updater” deleted
“C:\Users\hansenmarjo\AppData\Roaming\ParetoLogic” deleted
“C:\ProgramData\ParetoLogic” deleted
“C:\Users\hansenmarjo\AppData\Local\CRE” deleted
“C:\Windows\SysWow64\searchplugins” deleted
“C:\Windows\SysWow64\Extensions” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6049 MB
CPU Info: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
CPU Speed: 2115,7 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 2x (E: | F: | ) E: SlimtypeDVD A DS8A8SH | F: HMLCHUX DIJ0XIRS5U
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 186,3GB | D: 254,5GB
Hard Disks - Free: C: 120,2GB | D: 204,3GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 04/18/12 | _ASUS_ - 6222004
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK Computer Inc. K54C
Internet Explorer Version: 10.0.9200.16635
Sun Java version: No Java Installed?
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\HANSEN~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-07-23 10:00:56 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-14 12:01:23 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
2013-08-10 15:33:38 ——– d—–w- C:\Program Files (x86)\ESET
======= C: =====
2013-08-10 14:54:27 ED68E834ABEF5DCAE6A1A9779E257893 416 —-a-w- C:\AdwCleaner.txt
2013-08-10 14:38:40 C3CF206A7B12F4356D9A02F49402689B 451 —-a-w- C:\AdwCleaner.txt
====== C:\Users\hansenmarjo\AppData\Roaming ======
2013-08-10 17:51:04 ——– d—–w- C:\users\hansenmarjo\AppData\Roaming\PlayFirst
2013-07-22 19:55:00 ——– d—–w- C:\users\hansenmarjo\AppData\Local\JollyBear
====== C:\Users\hansenmarjo ======
2013-08-11 12:23:54 544946823E4C60379015F7926D6A7C61 958573 —-a-w- C:\Users\hansenmarjo\Desktop\JRT.exe
2013-08-10 17:51:04 ——– d—–w- C:\ProgramData\PlayFirst
2013-08-10 14:37:23 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\hansenmarjo\Desktop\adwcleaner (2).exe
2013-07-22 19:55:00 ——– d—–w- C:\ProgramData\JollyBear
====== C: exe-files ==
2013-08-11 12:24:58 2E0323A94915FAAB10A25F3BABF82584 157696 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2013-08-11 12:23:54 544946823E4C60379015F7926D6A7C61 958573 —-a-w- C:\Users\hansenmarjo\Desktop\JRT.exe
2013-08-10 15:33:43 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-08-10 15:33:43 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2013-08-10 15:33:43 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-08-10 15:33:43 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2013-08-10 15:33:43 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-08-10 14:37:23 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\hansenmarjo\Desktop\adwcleaner (2).exe
=== C: other files ==
2013-08-11 12:24:58 FDB9CF820305FE44231763042642F7A6 12733 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\searchlnk.bat
2013-08-11 12:24:58 F6CA4866511929B8356C67C40DF7D9B3 28960 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\prelim.bat
2013-08-11 12:24:58 CC6C23C02BE66014AD87F2678BBB3A1D 8117 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\modules.bat
2013-08-11 12:24:58 B964B792D3692699CD7D4FDB63EE470E 1239 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\FWPolicy.bat
2013-08-11 12:24:58 94B171C896646086E0D091B3C05D23F2 10842 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\runvalues.bat
2013-08-11 12:24:58 91FEE963763EA97551534C67B67DF74D 10256 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\JRT.bat
2013-08-11 12:24:58 90DEA8FB8E2BFEA1480C79570E2D8993 150811 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\firefox.bat
2013-08-11 12:24:58 80D02380F1AC33E459324B088392A1EC 732 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\ev_clear.bat
2013-08-11 12:24:58 654E9FE74B930A454EE5BDE165794B65 85 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\delorphans.bat
2013-08-11 12:24:58 603595734D290C73FA40EDA1ACADF265 14973 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\chrome.bat
2013-08-11 12:24:58 48C24AFEBBB5C9A7D7376B5218C742E6 127925 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\misc.bat
2013-08-11 12:24:58 379673050B551D544FFD41F57B456886 22721 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\ask.bat
2013-08-11 12:24:58 1FBF882AA934A741530741FC134872A3 1243 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\TDL4.bat
2013-08-11 12:24:58 14D6EE8B672684E2232FB430D8C4A928 18668 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\medfos.bat
2013-08-11 12:24:58 07DC8EC9B40A3DFFF106B607FDF4D749 16155 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\get.bat
2013-08-11 12:24:58 0768E560CCD86C18F35FAD29DCEA7B80 1820 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\delfolders.bat
2013-08-11 12:24:58 05B282816F9DB49C325A5D88ECF0D9A1 29932 —-a-w- C:\Users\hansenmarjo\AppData\Local\Temp\jrt\iexplore.bat
==== Startup Registry Enabled ======================
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“DAEMON Tools Lite”=“D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun”
“OfficeSyncProcess”=“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
“ASUSPRP”=“C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
“SonicMasterTray”=“C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe”
“ATKOSD2”=“C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“ATKMEDIA”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“HControlUser”=“C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”
“Wireless Console 3”=“C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe”
“ASUSWebStorage”=“C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“DAEMON Tools Lite”=“D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun”
“OfficeSyncProcess”=“C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”
==== Startup Registry Enabled x64 ======================
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“AmIcoSinglun64”=“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”
“RtHDVBg”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 ”
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“SynTPEnh”=“%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ”
“SynAsusAcpi”=“%ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe ”
==== Startup Registry Disabled ======================
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
==== Startup Registry Disabled x64 ======================
“command”=“C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe”
“hkey”=“HKLM”
“item”=“ACMON”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“\”C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\“”
“hkey”=“HKLM”
“item”=“Adobe Reader Speed Launcher”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Windows\\AsScrPro.exe”
“hkey”=“HKLM”
“item”=“ASUS Screen Saver Protector”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“\”C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\“”
“hkey”=“HKLM”
“item”=“CLMLServer”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s”
“hkey”=“HKLM”
“item”=“RtHDVCpl”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
==== Startup Folders ======================
2013-03-09 18:39:26 1112 —-a-w- C:\users\hansenmarjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
2012-06-05 05:29:58 2617 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
meinjhkhgaalhfbinmclpmjikccbplkf - C:\Users\hansenmarjo\AppData\Local\CRE\meinjhkhgaalhfbinmclpmjikccbplkf.crx
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
meinjhkhgaalhfbinmclpmjikccbplkf - C:\Users\hansenmarjo\AppData\Local\CRE\meinjhkhgaalhfbinmclpmjikccbplkf.crx
YouTube - hansenmarjo - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - hansenmarjo - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - hansenmarjo - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - hansenmarjo - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Gmail - hansenmarjo - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\hansenmarjo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.nl/”
New Values:
“Start Page”=“http://www.google.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} Bing Url=“http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071313&q={searchTerms}&src=IE-SearchBox”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2259818667-322241977-2532615236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\meinjhkhgaalhfbinmclpmjikccbplkf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\meinjhkhgaalhfbinmclpmjikccbplkf deleted successfully
==== HijackThis Entries ======================
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE”
O4 - HKCU\..\Run: C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FB3ZWHU will be deleted at reboot
C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C54CAM9 will be deleted at reboot
C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W1QMS13 will be deleted at reboot
C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P59EJ5NJ will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\hansenmarjo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HANSEN~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FB3ZWHU” not found
“C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C54CAM9” not found
“C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W1QMS13” not found
“C:\Users\hansenmarjo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P59EJ5NJ” not found
==== EOF on zo 11-08-2013 at 15:09:39,71 ======================
Hallo,
Dat is mooi doe nog even het volgende:
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.
Gr.Ben
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
