pas

Beste, De Memtest86+ heeft ongeveer 23u lang gelopen. Er is niks gevonden. mvg Pascal

He Kweezie Wabbit, Asus, Mijn excuses voor deze late reactie. Ik zal deze week Memtest68+ laten testen mvg Pascal Van Geem

Beste Kweezie wabbit, Zijn jullie hier wat mee? mvg Pascal Open Hardware Monitor Report -------------------------------------------------------------------------------- Version: 0.6.0.0 -------------------------------------------------------------------------------- Common Language Runtime: 4.0.30319.18444 Operating System: Microsoft Windows NT 6.1.7601 Service Pack 1 Process Type: 64-Bit -------------------------------------------------------------------------------- Sensors | +- Unknown (/mainboard) | +- AMD E-300 APU with Radeon HD Graphics (/amdcpu/0) | +- Bus Speed : 99.7539 99.7537 99.7593 (/amdcpu/0/clock/0) | +- CPU Core #1 : 778.081 778.079 1296.87 (/amdcpu/0/clock/1) | +- CPU Core #2 : 778.081 778.079 1296.87 (/amdcpu/0/clock/2) | +- Core #1 - #2 : 44 43.5 48.625 (/amdcpu/0/temperature/0) | +- CPU Total : 10 0 95.4545 (/amdcpu/0/load/0) | +- CPU Core #1 : 7.69231 0 100 (/amdcpu/0/load/1) | +- CPU Core #2 : 12.3077 0 100 (/amdcpu/0/load/2) | +- Generic Memory (/ram) | +- Memory : 69.3209 69.3046 71.9644 (/ram/load/0) | +- Used Memory : 2.4991 2.49851 2.5944 (/ram/data/0) | +- Available Memory : 1.10602 1.01072 1.10661 (/ram/data/1) | +- AMD Radeon HD 6310 Graphics (/atigpu/0) | +- GPU Core : 0.863 0.863 0.925 (/atigpu/0/voltage/0) | +- GPU Core : 278.58 278.58 487.5 (/atigpu/0/clock/0) | +- GPU Memory : 533 533 533 (/atigpu/0/clock/1) | +- GPU Core : 43 43 52 (/atigpu/0/temperature/0) | +- GPU Core : 0 0 100 (/atigpu/0/load/0) | +- TOSHIBA MK5075GSX (/hdd/0) | +- Temperature : 37 37 37 (/hdd/0/temperature/0) -------------------------------------------------------------------------------- Parameters | +- Unknown (/mainboard) | +- AMD E-300 APU with Radeon HD Graphics (/amdcpu/0) | | | +- Core #1 - #2 (/amdcpu/0/temperature/0) | | +- Offset [°C] : 0 : 0 | +- Generic Memory (/ram) | +- AMD Radeon HD 6310 Graphics (/atigpu/0) | +- TOSHIBA MK5075GSX (/hdd/0) | | | +- Temperature (/hdd/0/temperature/0) | | +- Offset [°C] : 0 : 0 -------------------------------------------------------------------------------- Mainboard -------------------------------------------------------------------------------- CPUID Processor 0 Processor Vendor: AMD Processor Brand: AMD E-300 APU with Radeon HD Graphics Family: 0x14 Model: 0x2 Stepping: 0x0 CPUID Return Values CPU Thread: 0 APIC ID: 0 Processor ID: 0 Core ID: 0 Thread ID: 0 Function EAX EBX ECX EDX 00000000 00000006 68747541 444D4163 69746E65 00000001 00500F20 00020800 00802209 178BFBFF 00000002 00000000 00000000 00000000 00000000 00000003 00000000 00000000 00000000 00000000 00000004 00000000 00000000 00000000 00000000 00000005 00000040 00000040 00000003 00000000 00000006 00000000 00000000 00000001 00000000 80000000 8000001B 68747541 444D4163 69746E65 80000001 00500F20 000011F9 000035FF 2FD3FBFF 80000002 20444D41 30332D45 50412030 69772055 80000003 52206874 6F656461 6D74286E 44482029 80000004 61724720 63696870 00000073 00000000 80000005 FF08FF08 FF280000 20080140 20020140 80000006 00000000 42004200 02008140 00000000 80000007 00000000 00000000 00000000 000001F9 80000008 00003024 00000000 00001001 00000000 80000009 00000000 00000000 00000000 00000000 8000000A 00000001 00000008 00000000 0000060F 8000000B 00000000 00000000 00000000 00000000 8000000C 00000000 00000000 00000000 00000000 8000000D 00000000 00000000 00000000 00000000 8000000E 00000000 00000000 00000000 00000000 8000000F 00000000 00000000 00000000 00000000 80000010 00000000 00000000 00000000 00000000 80000011 00000000 00000000 00000000 00000000 80000012 00000000 00000000 00000000 00000000 80000013 00000000 00000000 00000000 00000000 80000014 00000000 00000000 00000000 00000000 80000015 00000000 00000000 00000000 00000000 80000016 00000000 00000000 00000000 00000000 80000017 00000000 00000000 00000000 00000000 80000018 00000000 00000000 00000000 00000000 80000019 00000000 00000000 00000000 00000000 8000001A 00000000 00000000 00000000 00000000 8000001B 000000FF 00000000 00000000 00000000 CPU Thread: 1 APIC ID: 1 Processor ID: 0 Core ID: 1 Thread ID: 0 Function EAX EBX ECX EDX 00000000 00000006 68747541 444D4163 69746E65 00000001 00500F20 01020800 00802209 178BFBFF 00000002 00000000 00000000 00000000 00000000 00000003 00000000 00000000 00000000 00000000 00000004 00000000 00000000 00000000 00000000 00000005 00000040 00000040 00000003 00000000 00000006 00000000 00000000 00000001 00000000 80000000 8000001B 68747541 444D4163 69746E65 80000001 00500F20 000011F9 000035FF 2FD3FBFF 80000002 20444D41 30332D45 50412030 69772055 80000003 52206874 6F656461 6D74286E 44482029 80000004 61724720 63696870 00000073 00000000 80000005 FF08FF08 FF280000 20080140 20020140 80000006 00000000 42004200 02008140 00000000 80000007 00000000 00000000 00000000 000001F9 80000008 00003024 00000000 00001001 00000000 80000009 00000000 00000000 00000000 00000000 8000000A 00000001 00000008 00000000 0000060F 8000000B 00000000 00000000 00000000 00000000 8000000C 00000000 00000000 00000000 00000000 8000000D 00000000 00000000 00000000 00000000 8000000E 00000000 00000000 00000000 00000000 8000000F 00000000 00000000 00000000 00000000 80000010 00000000 00000000 00000000 00000000 80000011 00000000 00000000 00000000 00000000 80000012 00000000 00000000 00000000 00000000 80000013 00000000 00000000 00000000 00000000 80000014 00000000 00000000 00000000 00000000 80000015 00000000 00000000 00000000 00000000 80000016 00000000 00000000 00000000 00000000 80000017 00000000 00000000 00000000 00000000 80000018 00000000 00000000 00000000 00000000 80000019 00000000 00000000 00000000 00000000 8000001A 00000000 00000000 00000000 00000000 8000001B 000000FF 00000000 00000000 00000000 -------------------------------------------------------------------------------- AMD CPU Name: AMD E-300 APU with Radeon HD Graphics Number of Cores: 2 Threads per Core: 1 Timer Frequency: 1.266406 MHz Time Stamp Counter: Invariant Estimated Time Stamp Counter Frequency: 1296.87 MHz Estimated Time Stamp Counter Frequency Error: 0.12289 Mhz Time Stamp Counter Frequency: 1296.8 MHz MSR Core #1 MSR EDX EAX C0010000 00000000 00000000 C0010004 00000000 00000000 C0010015 00000000 01000011 C0010064 8000012B 00002020 C0010071 002E0082 64002020 MSR Core #2 MSR EDX EAX C0010000 00000000 00000000 C0010004 00000000 00000000 C0010015 00000000 01000011 C0010064 8000012B 00002020 C0010071 002E0082 64002020 Miscellaneous Control Address: 0xC3 Time Stamp Counter Multiplier: 13 PCI Register D18F3xD4: 00024F57 -------------------------------------------------------------------------------- AMD Display Library Status: OK Number of adapters: 2 AdapterIndex: 0 isActive: 1 AdapterName: AMD Radeon HD 6310 Graphics UDID: PCI_VEN_1002&DEV_9802&SUBSYS_FD3C1179&REV_00_3&11583659&0&08A Present: 1 VendorID: 0x1002 BusNumber: 0 DeviceNumber: 1 FunctionNumber: 0 AdapterID: 0x5B26100 AdapterIndex: 1 isActive: 0 AdapterName: AMD Radeon HD 6310 Graphics UDID: PCI_VEN_1002&DEV_9802&SUBSYS_FD3C1179&REV_00_3&11583659&0&08&02A Present: 1 VendorID: 0x1002 BusNumber: 0 DeviceNumber: 1 FunctionNumber: 0 AdapterID: 0x5B26100 -------------------------------------------------------------------------------- GenericHarddisk Drive name: TOSHIBA MK5075GSX Firmware version: GT001M ID Description Raw Value Worst Value Thres Physical 01 Read Error Rate 000000000000 100 100 50 - 02 Throughput Performance 000000000000 100 100 50 - 03 Spin-Up Time 350800000000 100 100 1 - 04 Start/Stop Count CE0B00000000 100 100 0 3022 05 Reallocated Sectors Count 000000000000 100 100 50 - 07 Seek Error Rate 000000000000 100 100 50 - 08 Seek Time Performance 000000000000 100 100 50 - 09 Power-On Hours (POH) 3F1700000000 86 86 0 5951 0A Spin Retry Count 000000000000 100 160 30 - 0C Power Cycle Count C40B00000000 100 100 0 3012 BF G-sense Error Rate 141000000000 100 100 0 - C0 Emergency Retract Cycle Count 0A0000000000 100 100 0 - C1 Load Cycle Count 280E01000000 94 94 0 - C2 Temperature 25000B003000 100 100 0 37 C4 Reallocation Event Count 000000000000 100 100 0 - C5 Current Pending Sector Count 000000000000 100 100 0 - C6 Uncorrectable Sector Count 000000000000 100 100 0 - C7 UltraDMA CRC Error Count 000000000000 200 200 0 - DC Disk Shift 420000000000 100 100 0 - DE Loaded Hours ED0E00000000 91 91 0 - DF Load/Unload Retry Count 000000000000 100 100 0 - E0 Load Friction 000000000000 100 100 0 - E2 Load 'In'-time E50000000000 100 100 0 - F0 Head Flying Hours 000000000000 100 100 1 -

Beste, Als ik Speccy zoek op m'n laptop, staat ie bij locatie: speccy64 (C:\program files\speccy). Die staat goed denk ik? Ik heb 'm opnieuw geinstalleerd en opnieuw laten draaien. Helaas zal ie weer niet doen wat ie moet doen? http://speccy.piriform.com/results/ExUeKofDmHATvrmIbhfqXmp Dan Real Temp dan maar, echter hier zit ik wat vast. Ik pak alle bestanden uit en tracht .exe uit te voeren, en krijg foutmelding: the processor detected is not supported AMD E-300 APU with radeon HD graphics. Wat doe ik verkeerd? mvg Pascal

Zal in normale modus zijn denk ik. Ik start 'm opnieuw op en dan deed ik die Speccy. Zal ik 'm volgende keer opstarten in veilige modus en dan die speccy doen? mvg Pascal

He Asus, Ik had je berichtje van 23-8 gemist blijkbaar. Deze middag had ik opnieuw hetzelfde probleem. Hierbij Speccy: http://speccy.piriform.com/results/Y3UYTZ540E4PXXgGAsOyDl3 mvg Pascal

He Asus, Ik heb 't net opnieuw gehad. Is er iets anders wat ik kan doen? mvg Pascal

He Asus, Ik had 'm gedownload en geïnstalleerd (dacht ik). Gister was het weer zover... Ik heb iets opgevangen van beeldschermstuurprogramma en AMD... Ik heb net de link nog 's gedownload en geïnstalleerd. AMD Radeon HD 6310 Graphics zou zijn geïnstalleerd... mvg Pascal

Kheb 'm gedownload. Ik zal 's kijken of ie nog uitvalt de komende week. Ik geef jullie zeker feedback Alvast bedankt voor de hulp en jullie tijd! Mvg Pascal

He Asus, Toshiba Satellite C 660 D - 1ch Part no PSC1YE - 02001187 ben je daar wat mee? Mvg Pascal

Beste Mako, Dank je wel alvast! Mvg Pascal

Beste Mako, Bij nader inzien... Ik zit vaak te manillen op Home Page - Manillen Online Ik dacht aan games, die flitsende toestanden a la space invaders ed Je zal gelijk hebben ivm de grafische kaart mvg Pascal ps: Alcohol 120%, Daemon Tools of Sandboxie zijn mij onbekend

Geen spelletjes of dergelijke. Het enige wat vaak draait is Audacity. Hierbij Speccy: mvg Pascal http://speccy.piriform.com/results/PtvYOgyelkSdJxYYTf3Vq4p

Beste Mako, Ie gaf aan ' geen schendingen....' Hierbij Blue Sreen-log mvg Pascal ================================================== Dump File : 081114-63898-01.dmp Crash Time : 11/08/2014 15:21:07 Bug Check String : Bug Check Code : 0x00000116 Parameter 1 : fffffa80`044984e0 Parameter 2 : fffff880`03d4fa1c Parameter 3 : 00000000`00000000 Parameter 4 : 00000000`00000002 Caused By Driver : dxgkrnl.sys Caused By Address : dxgkrnl.sys+5d140 File Description : Product Name : Company : File Version : Processor : x64 Crash Address : ntoskrnl.exe+75bc0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\081114-63898-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 910.200 Dump File Time : 11/08/2014 15:22:56 ================================================== ================================================== Dump File : 080714-75457-01.dmp Crash Time : 7/08/2014 17:46:48 Bug Check String : Bug Check Code : 0x00000116 Parameter 1 : fffffa80`0483a4e0 Parameter 2 : fffff880`02d1ba1c Parameter 3 : 00000000`00000000 Parameter 4 : 00000000`00000002 Caused By Driver : dxgkrnl.sys Caused By Address : dxgkrnl.sys+5d140 File Description : Product Name : Company : File Version : Processor : x64 Crash Address : ntoskrnl.exe+75bc0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\080714-75457-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 373.136 Dump File Time : 7/08/2014 17:49:10 ================================================== ================================================== Dump File : 080614-65239-01.dmp Crash Time : 6/08/2014 12:39:32 Bug Check String : Bug Check Code : 0x00000116 Parameter 1 : fffffa80`064f74e0 Parameter 2 : fffff880`02c78a1c Parameter 3 : 00000000`00000000 Parameter 4 : 00000000`00000002 Caused By Driver : dxgkrnl.sys Caused By Address : dxgkrnl.sys+5d140 File Description : Product Name : Company : File Version : Processor : x64 Crash Address : ntoskrnl.exe+75bc0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\080614-65239-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 373.048 Dump File Time : 6/08/2014 12:41:28 ================================================== ================================================== Dump File : 080214-69108-01.dmp Crash Time : 2/08/2014 8:40:48 Bug Check String : Bug Check Code : 0x00000116 Parameter 1 : fffffa80`03fa74e0 Parameter 2 : fffff880`04107a1c Parameter 3 : 00000000`00000000 Parameter 4 : 00000000`00000002 Caused By Driver : dxgkrnl.sys Caused By Address : dxgkrnl.sys+5d140 File Description : Product Name : Company : File Version : Processor : x64 Crash Address : ntoskrnl.exe+75bc0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\Windows\Minidump\080214-69108-01.dmp Processors Count : 2 Major Version : 15 Minor Version : 7601 Dump File Size : 371.856 Dump File Time : 2/08/2014 8:42:35 ==================================================

Dank u

Beste, Mijn laptop is al op een 2-tal weken tijd, ong 4 keer plots uitgevallen, met de melding ' computer wordt afgesloten, interne fout,...' (met blauwe achtergrond). Is het mogelijk om even naar dit Hijack-logje te kijken? Of heeft dit een andere oorzaak? Mvg, Pascal Logfile of random's system information tool 1.10 (written by random/random) Run by Pascal at 2014-08-11 19:37:40 WIN_7 Service Pack 1 System drive C: has 107 GB (45%) free of 238 GB Total RAM: 3692 MB (42% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:40:43, on 11/08/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17207) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\trend micro\Pascal.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3B7514NV0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?') O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: Inktwaarschuwingen controleren - .lnk = ? (User '?') O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ? (User '?') O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - .lnk = ? O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ? O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12837 bytes ======Listing Processes====== ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000Core.job - C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000UA.job - C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}] Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}] Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-01-17 155416] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-22 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304] "Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-10-28 915320] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-10 11580520] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-11-03 2181224] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-30 2387752] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976] "SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2011-08-22 150992] "Cm106Sound"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 138096] "HP Photosmart 5520 series (NET)"=C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 2573416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"=c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29 1409424] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384] "SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-11-09 532480] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936] "KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160] "TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-11-02 2475384] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2010-07-01 1295224] "AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-07-10 5187088] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208] ""= [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Inktwaarschuwingen controleren - .lnk - C:\Windows\system32\RunDll32.exe Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk - C:\Windows\system32\RunDll32.exe TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-08-02 08:50:50 ----A---- C:\Windows\system32\wups2.dll 2014-08-02 08:50:50 ----A---- C:\Windows\system32\wucltux.dll 2014-08-02 08:50:50 ----A---- C:\Windows\system32\wuaueng.dll 2014-08-02 08:50:50 ----A---- C:\Windows\system32\wuauclt.exe 2014-08-02 08:50:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll 2014-08-02 08:50:16 ----A---- C:\Windows\system32\wups.dll 2014-08-02 08:50:16 ----A---- C:\Windows\system32\wudriver.dll 2014-08-02 08:50:15 ----A---- C:\Windows\SYSWOW64\wups.dll 2014-08-02 08:50:15 ----A---- C:\Windows\SYSWOW64\wuapi.dll 2014-08-02 08:50:15 ----A---- C:\Windows\system32\wuapi.dll 2014-08-02 08:49:51 ----A---- C:\Windows\SYSWOW64\wuwebv.dll 2014-08-02 08:49:51 ----A---- C:\Windows\SYSWOW64\wuapp.exe 2014-08-02 08:49:50 ----A---- C:\Windows\system32\wuwebv.dll 2014-08-02 08:49:50 ----A---- C:\Windows\system32\wuapp.exe 2014-07-13 18:17:27 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys 2014-07-13 18:16:49 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys 2014-07-13 18:16:48 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-13 18:16:48 ----A---- C:\Windows\system32\drivers\mwac.sys ======List of files/folders modified in the last 1 month====== 2014-08-11 19:38:27 ----D---- C:\Windows\Temp 2014-08-11 19:38:14 ----D---- C:\Program Files\trend micro 2014-08-11 19:28:30 ----D---- C:\Windows\SysWOW64 2014-08-11 19:28:30 ----D---- C:\Windows 2014-08-11 18:51:21 ----D---- C:\ProgramData\MFAData 2014-08-11 15:22:51 ----D---- C:\Windows\Minidump 2014-08-11 11:49:48 ----D---- C:\Users\Pascal\AppData\Roaming\Audacity 2014-08-11 10:29:16 ----D---- C:\Windows\system32\config 2014-08-09 11:54:35 ----SHD---- C:\Windows\Installer 2014-08-07 09:06:39 ----D---- C:\Windows\system32\drivers 2014-08-02 08:51:58 ----D---- C:\Windows\winsxs 2014-08-02 08:51:55 ----D---- C:\Windows\SYSWOW64\nl-NL 2014-08-02 08:51:55 ----D---- C:\Windows\system32\nl-NL 2014-08-02 08:51:55 ----D---- C:\Windows\System32 2014-08-02 08:51:12 ----D---- C:\Windows\system32\catroot 2014-08-02 08:51:10 ----D---- C:\Windows\system32\catroot2 2014-08-02 08:49:52 ----SHD---- C:\System Volume Information 2014-07-24 15:43:16 ----D---- C:\Program Files\Microsoft Silverlight 2014-07-24 15:43:14 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2014-07-19 10:18:27 ----D---- C:\Users\Pascal\AppData\Roaming\Skype 2014-07-18 01:54:45 ----D---- C:\Windows\system32\NDF 2014-07-15 13:38:13 ----D---- C:\Windows\rescache 2014-07-14 12:42:28 ----D---- C:\Windows\system32\wdi 2014-07-13 18:48:31 ----D---- C:\Windows\inf 2014-07-13 18:48:29 ----D---- C:\Windows\debug 2014-07-13 18:16:59 ----D---- C:\Users\Pascal\AppData\Roaming\Malwarebytes 2014-07-13 18:16:48 ----RD---- C:\Program Files (x86) 2014-07-13 18:16:48 ----D---- C:\ProgramData\Malwarebytes 2014-07-13 18:16:47 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-08-14 75904] R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-08-14 38016] R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-17 190744] R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-06-17 328984] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-06-17 123672] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-30 152344] R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-06-17 242968] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-06-17 235800] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-06-17 269080] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-10-24 46368] R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-01-17 323472] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760] R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2012-05-10 20592] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-10 2544232] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376] R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-30 1393712] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] S1 hwinterface;hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [] S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBMULCD;Aureon 7.1 USB Interface; C:\Windows\system32\drivers\CM10664.sys [2010-08-12 1310720] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-28 204288] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-07-10 3244048] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-07-10 289328] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920] R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08 262320] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] -----------------EOF-----------------

De rotzooi is blijkbaar verdwenen!!! Hartelijk bedankt voor de hulp!!

Bedankt voor 't wachten Zoek.exe Version 4.0.0.5 Updated 05-December-2013 Tool run by esso on vr 06/12/2013 at 11:22:28,96. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Online Services deleted successfully C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully C:\Documents and Settings\esso\Application Data\searchquband deleted successfully C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "BE"); user_pref("extensions.Softonic.cv", "cv5"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.envrmnt", "production"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B"); user_pref("extensions.Softonic.hmpg", false); user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.Softonic.instlDay", "15519"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); user_pref("extensions.Softonic.newTab", false); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.sg", "az"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "Web search="); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35"); ---- Lines Softonic modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605 ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic.tlbrSrchUrl", "Web search="); user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.Softonic.instlDay", "15519"); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.admin", false); ---- Lines delta removed from prefs.js ---- user_pref("browser.newtab.url", "Delta Search"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.babExt", ""); user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta.bbDpng", "12"); user_pref("extensions.delta.cntry", "BE"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1"); user_pref("extensions.delta.hmpg", false); user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.delta.instlDay", "15938"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.lastVrsnTs", ""); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.sg", "azb"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.srcExt", "ss"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605 ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15938"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines CT2704262 removed from prefs.js ---- user_pref("CT2704262.1000082.isPlayDisplay", "true"); user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"PC Helpforum - Gratis hulp bij computer problemen user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2704262.cbcountry_001", "BE"); user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2704262.CBOpenMAMSettings", "0"); user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C user_pref("CT2704262.CT2704262current_term", ""); user_pref("CT2704262.CT2704262sdate", "21"); user_pref("CT2704262.defaultSearch", "FALSE"); user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.enableAlerts", "never"); user_pref("CT2704262.FirstTime", "true"); user_pref("CT2704262.firstTimeDialogOpened", "true"); user_pref("CT2704262.FirstTimeFF3", "true"); user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2704262.fixUrls", true); user_pref("CT2704262.installId", "ConduitStubGeneric"); user_pref("CT2704262.installType", "ConduitIntegration"); user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.isNewTabEnabled", true); user_pref("CT2704262.isPerformedSmartBarTransition", "true"); user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN user_pref("CT2704262.openThankYouPage", "TRUE"); user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0"); user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 "); user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds"); user_pref("CT2704262.search.searchAppId", "129234816889425546"); user_pref("CT2704262.search.searchCount", "0"); user_pref("CT2704262.searchInNewTabEnabledInHidden", "true"); user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"PC Helpforum - Gratis hulp bij computer problemen user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433"); user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611"); user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766"); user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604"); user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316"); user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783"); user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023"); user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014"); user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776"); user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691"); user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891"); user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491"); user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991"); user_pref("CT2704262.settingsINI", true); user_pref("CT2704262.smartbar.CTID", "CT2704262"); user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder "); user_pref("CT2704262.smartbar.Uninstall", "0"); user_pref("CT2704262.startPage", "FALSE"); user_pref("CT2704262.toolbarBornServerTime", "23-11-2012"); user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012"); user_pref("CT2704262.UserID", "UN56628252825158463"); ---- Lines qone8 removed from prefs.js ---- user_pref("browser.search.defaultenginename", "qone8"); user_pref("browser.search.selectedEngine", "qone8"); user_pref("browser.startup.homepage", "Start.qone8.com"); ---- Lines searchqu removed from prefs.js ---- user_pref("avg.install.userHPSettings", "Search"); user_pref("keyword.URL", "Ask.com="); ---- Lines Web Search removed from prefs.js ---- user_pref("avg.install.userSPSettings", "iLivid Web Search"); user_pref("browser.search.order.1", "iLivid Web Search"); ---- Lines mysearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- user_20130612_1134_.backup prefs_20130612_1134_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Better-Surf deleted C:\Program Files\Delta deleted C:\Documents and Settings\esso\Application Data\Delta deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Mozilla Firefox\.autoreg deleted C:\Program Files\iLivid deleted C:\Program Files\Windows iLivid Toolbar deleted C:\Program Files\Conduit deleted C:\Documents and Settings\esso\Application Data\ExpressFiles deleted C:\Documents and Settings\esso\Application Data\BabSolution deleted C:\Documents and Settings\esso\Application Data\Babylon deleted C:\Documents and Settings\esso\Application Data\SwvUpdater deleted C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted C:\Documents and Settings\esso\Application Data\OpenCandy deleted C:\Documents and Settings\esso\Application Data\PriceGong deleted C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\tasks\AmiUpdXp.job deleted C:\WINDOWS\Tasks\Express FilesUpdate.job deleted C:\WINDOWS\tasks\EPUpdater.job deleted C:\user.js deleted C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted "C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted "C:\Program Files\ExpressFiles\EFUpdater.exe" deleted "C:\Program Files\ExpressFiles\htmlayout.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted "C:\Program Files\ExpressFiles" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\esso\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\esso\Application Data ====== 2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014 2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio ====== C:\Documents and Settings\esso ====== 2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend ====== C: exe-files == 2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe 2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe === C: other files == ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default - Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1 - Undetermined - C:\Program Files\Better-Surf\ff AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash 8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4 5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4 BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4 8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4 3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4 2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4 A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4 CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in 865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[] poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" "Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW" "Default_Page_URL"="Start.qone8.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="Start.qone8.com" "Default_Search_URL"="Search}" "Search Page"="Search}" "Start Page"="Start.qone8.com" "Home_Page"="Dell Officiële Site | Dell België" "Help_Page"="Welcome to Dell Support" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="Delta Search" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="Search}" "CustomizeSearch"="Search}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="Bing" "Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="Bing" "Search Page"="Bing" "Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Home_Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Help_Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="{searchTerms} - Bing" {3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="{searchTerms - Google Search}" {3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="{searchTerms - Google Search}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe Start.qone8.com C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== Empty Temp Folders ====================== C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\ExpressFiles" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\Common Files\AVG Secure Search" deleted ==== EOF on vr 06/12/2013 at 12:38:31,70 ====================== - - - Updated - - - Bedankt voor 't wachten Zoek.exe Version 4.0.0.5 Updated 05-December-2013 Tool run by esso on vr 06/12/2013 at 11:22:28,96. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Online Services deleted successfully C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully C:\Documents and Settings\esso\Application Data\searchquband deleted successfully C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "BE"); user_pref("extensions.Softonic.cv", "cv5"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.envrmnt", "production"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B"); user_pref("extensions.Softonic.hmpg", false); user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.Softonic.instlDay", "15519"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); user_pref("extensions.Softonic.newTab", false); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.sg", "az"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35"); ---- Lines Softonic modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605 ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.Softonic.instlDay", "15519"); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.admin", false); ---- Lines delta removed from prefs.js ---- user_pref("browser.newtab.url", "http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.babExt", ""); user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta.bbDpng", "12"); user_pref("extensions.delta.cntry", "BE"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1"); user_pref("extensions.delta.hmpg", false); user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.delta.instlDay", "15938"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.lastVrsnTs", ""); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.sg", "azb"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.srcExt", "ss"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605 ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15938"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines CT2704262 removed from prefs.js ---- user_pref("CT2704262.1000082.isPlayDisplay", "true"); user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.n user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2704262.cbcountry_001", "BE"); user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2704262.CBOpenMAMSettings", "0"); user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C user_pref("CT2704262.CT2704262current_term", ""); user_pref("CT2704262.CT2704262sdate", "21"); user_pref("CT2704262.defaultSearch", "FALSE"); user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.enableAlerts", "never"); user_pref("CT2704262.FirstTime", "true"); user_pref("CT2704262.firstTimeDialogOpened", "true"); user_pref("CT2704262.FirstTimeFF3", "true"); user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2704262.fixUrls", true); user_pref("CT2704262.installId", "ConduitStubGeneric"); user_pref("CT2704262.installType", "ConduitIntegration"); user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.isNewTabEnabled", true); user_pref("CT2704262.isPerformedSmartBarTransition", "true"); user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN user_pref("CT2704262.openThankYouPage", "TRUE"); user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0"); user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 "); user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds"); user_pref("CT2704262.search.searchAppId", "129234816889425546"); user_pref("CT2704262.search.searchCount", "0"); user_pref("CT2704262.searchInNewTabEnabledInHidden", "true"); user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://FreeSoundRecorder.MyRadioToo user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433"); user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611"); user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766"); user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604"); user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316"); user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783"); user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023"); user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014"); user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776"); user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691"); user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891"); user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491"); user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991"); user_pref("CT2704262.settingsINI", true); user_pref("CT2704262.smartbar.CTID", "CT2704262"); user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder "); user_pref("CT2704262.smartbar.Uninstall", "0"); user_pref("CT2704262.startPage", "FALSE"); user_pref("CT2704262.toolbarBornServerTime", "23-11-2012"); user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012"); user_pref("CT2704262.UserID", "UN56628252825158463"); ---- Lines qone8 removed from prefs.js ---- user_pref("browser.search.defaultenginename", "qone8"); user_pref("browser.search.selectedEngine", "qone8"); user_pref("browser.startup.homepage", "http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"); ---- Lines searchqu removed from prefs.js ---- user_pref("avg.install.userHPSettings", "http://www.searchqu.com/406"); user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="); ---- Lines Web Search removed from prefs.js ---- user_pref("avg.install.userSPSettings", "iLivid Web Search"); user_pref("browser.search.order.1", "iLivid Web Search"); ---- Lines mysearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- user_20130612_1134_.backup prefs_20130612_1134_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Better-Surf deleted C:\Program Files\Delta deleted C:\Documents and Settings\esso\Application Data\Delta deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Mozilla Firefox\.autoreg deleted C:\Program Files\iLivid deleted C:\Program Files\Windows iLivid Toolbar deleted C:\Program Files\Conduit deleted C:\Documents and Settings\esso\Application Data\ExpressFiles deleted C:\Documents and Settings\esso\Application Data\BabSolution deleted C:\Documents and Settings\esso\Application Data\Babylon deleted C:\Documents and Settings\esso\Application Data\SwvUpdater deleted C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted C:\Documents and Settings\esso\Application Data\OpenCandy deleted C:\Documents and Settings\esso\Application Data\PriceGong deleted C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\tasks\AmiUpdXp.job deleted C:\WINDOWS\Tasks\Express FilesUpdate.job deleted C:\WINDOWS\tasks\EPUpdater.job deleted C:\user.js deleted C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted "C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted "C:\Program Files\ExpressFiles\EFUpdater.exe" deleted "C:\Program Files\ExpressFiles\htmlayout.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted "C:\Program Files\ExpressFiles" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\esso\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\esso\Application Data ====== 2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014 2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio ====== C:\Documents and Settings\esso ====== 2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend ====== C: exe-files == 2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe 2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe === C: other files == ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default - Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1 - Undetermined - C:\Program Files\Better-Surf\ff AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash 8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4 5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4 BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4 8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4 3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4 2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4 A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4 CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in 865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[] poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" "Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW" "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9" "Default_Search_URL"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" "Search Page"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" "Start Page"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9" "Home_Page"="http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen" "Help_Page"="http://support.euro.dell.com/segment.asp?country=BE&language=NL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" "CustomizeSearch"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC" {3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}" {3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== Empty Temp Folders ====================== C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\ExpressFiles" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\Common Files\AVG Secure Search" deleted ==== EOF on vr 06/12/2013 at 12:38:31,70 ====================== - - - Updated - - - Bedankt voor 't wachten Zoek.exe Version 4.0.0.5 Updated 05-December-2013 Tool run by esso on vr 06/12/2013 at 11:22:28,96. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Online Services deleted successfully C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully C:\Documents and Settings\esso\Application Data\searchquband deleted successfully C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "BE"); user_pref("extensions.Softonic.cv", "cv5"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.envrmnt", "production"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B"); user_pref("extensions.Softonic.hmpg", false); user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.Softonic.instlDay", "15519"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); user_pref("extensions.Softonic.newTab", false); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.sg", "az"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35"); ---- Lines Softonic modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605 ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.Softonic.instlDay", "15519"); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.admin", false); ---- Lines delta removed from prefs.js ---- user_pref("browser.newtab.url", "http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.babExt", ""); user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta.bbDpng", "12"); user_pref("extensions.delta.cntry", "BE"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1"); user_pref("extensions.delta.hmpg", false); user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.delta.instlDay", "15938"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.lastVrsnTs", ""); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.sg", "azb"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.srcExt", "ss"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605 ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15938"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines CT2704262 removed from prefs.js ---- user_pref("CT2704262.1000082.isPlayDisplay", "true"); user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.n user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2704262.cbcountry_001", "BE"); user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2704262.CBOpenMAMSettings", "0"); user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C user_pref("CT2704262.CT2704262current_term", ""); user_pref("CT2704262.CT2704262sdate", "21"); user_pref("CT2704262.defaultSearch", "FALSE"); user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.enableAlerts", "never"); user_pref("CT2704262.FirstTime", "true"); user_pref("CT2704262.firstTimeDialogOpened", "true"); user_pref("CT2704262.FirstTimeFF3", "true"); user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2704262.fixUrls", true); user_pref("CT2704262.installId", "ConduitStubGeneric"); user_pref("CT2704262.installType", "ConduitIntegration"); user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.isNewTabEnabled", true); user_pref("CT2704262.isPerformedSmartBarTransition", "true"); user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN user_pref("CT2704262.openThankYouPage", "TRUE"); user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0"); user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 "); user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds"); user_pref("CT2704262.search.searchAppId", "129234816889425546"); user_pref("CT2704262.search.searchCount", "0"); user_pref("CT2704262.searchInNewTabEnabledInHidden", "true"); user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://FreeSoundRecorder.MyRadioToo user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}"); user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790"); user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433"); user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611"); user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766"); user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604"); user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316"); user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783"); user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023"); user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014"); user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776"); user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691"); user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891"); user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491"); user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991"); user_pref("CT2704262.settingsINI", true); user_pref("CT2704262.smartbar.CTID", "CT2704262"); user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder "); user_pref("CT2704262.smartbar.Uninstall", "0"); user_pref("CT2704262.startPage", "FALSE"); user_pref("CT2704262.toolbarBornServerTime", "23-11-2012"); user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012"); user_pref("CT2704262.UserID", "UN56628252825158463"); ---- Lines qone8 removed from prefs.js ---- user_pref("browser.search.defaultenginename", "qone8"); user_pref("browser.search.selectedEngine", "qone8"); user_pref("browser.startup.homepage", "http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"); ---- Lines searchqu removed from prefs.js ---- user_pref("avg.install.userHPSettings", "http://www.searchqu.com/406"); user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="); ---- Lines Web Search removed from prefs.js ---- user_pref("avg.install.userSPSettings", "iLivid Web Search"); user_pref("browser.search.order.1", "iLivid Web Search"); ---- Lines mysearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- user_20130612_1134_.backup prefs_20130612_1134_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Better-Surf deleted C:\Program Files\Delta deleted C:\Documents and Settings\esso\Application Data\Delta deleted C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Mozilla Firefox\.autoreg deleted C:\Program Files\iLivid deleted C:\Program Files\Windows iLivid Toolbar deleted C:\Program Files\Conduit deleted C:\Documents and Settings\esso\Application Data\ExpressFiles deleted C:\Documents and Settings\esso\Application Data\BabSolution deleted C:\Documents and Settings\esso\Application Data\Babylon deleted C:\Documents and Settings\esso\Application Data\SwvUpdater deleted C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted C:\Documents and Settings\esso\Application Data\OpenCandy deleted C:\Documents and Settings\esso\Application Data\PriceGong deleted C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\tasks\AmiUpdXp.job deleted C:\WINDOWS\Tasks\Express FilesUpdate.job deleted C:\WINDOWS\tasks\EPUpdater.job deleted C:\user.js deleted C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted "C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted "C:\Program Files\ExpressFiles\EFUpdater.exe" deleted "C:\Program Files\ExpressFiles\htmlayout.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted "C:\Program Files\ExpressFiles" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\esso\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\esso\Application Data ====== 2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014 2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio ====== C:\Documents and Settings\esso ====== 2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend ====== C: exe-files == 2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe 2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe === C: other files == ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default - Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1 - Undetermined - C:\Program Files\Better-Surf\ff AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash 8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4 5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4 BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4 8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4 3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4 2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4 A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4 CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in 865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[] poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" "Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW" "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9" "Default_Search_URL"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" "Search Page"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" "Start Page"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9" "Home_Page"="http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen" "Help_Page"="http://support.euro.dell.com/segment.asp?country=BE&language=NL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" "CustomizeSearch"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC" {3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}" {3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts on All Users Desktop ====================== C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe ==== shortcuts in Users Start Menu ====================== C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe ==== shortcuts in Quick Launch ====================== C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9 C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== Empty Temp Folders ====================== C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\ExpressFiles" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\Common Files\AVG Secure Search" deleted ==== EOF on vr 06/12/2013 at 12:38:31,70 ======================

Prima nu Dank u wel!!

Rapport de ZHPFix 2013.12.1.2 par Nicolas Coolman, Update du 01/12/2013 Fichier d'export Registre : Run by Pascal at 4/12/2013 19:14:13 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Prullenbak geleegd (00mn 01s) Reparatie van browser snelkoppelingen ========== Registersleutels ========== VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles VERWIJDERD:* HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} VERWIJDERD: HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} VERWIJDERD:* HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} VERWIJDERD: HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} VERWIJDERD: HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} VERWIJDERD:* HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} VERWIJDERD:* HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} VERWIJDERD: HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} VERWIJDERD: HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} VERWIJDERD:* HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} VERWIJDERD:* HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} VERWIJDERD: HKLM\Software\Classes\AppID\ScriptHelper.EXE VERWIJDERD: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi VERWIJDERD: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1 VERWIJDERD: HKLM\Software\Classes\ViProtocol.ViProtocolOLE VERWIJDERD: HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1 VERWIJDERD: HKCU\Software\AppDataLow\Software\PriceGong VERWIJDERD:* HKLM\Software\Tarma Installer VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32 VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32 VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS VERWIJDERD: HKCU\Software\FileScout VERWIJDERD: HKLM\Software\Wow6432Node\ExpressFiles VERWIJDERD: HKCU\Software\5e2da8ae56fbd44 ========== Mappen ========== Verwijderen tijdelijke Windows (5) Verwijderd Flash Cookies (0) ========== Bestanden ========== Verwijderen tijdelijke Windows (10) (586.069 octets) Verwijderd Flash Cookies (0) (0 octets) ========== Andere ========== NIET-VERDRAG emptyjava ========== Samenvatting ========== 32 : Registersleutels 2 : Mappen 2 : Bestanden 1 : Andere End of clean in 00mn 12s ========== Pad naar bestand verslag ========== C:\Users\Pascal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/12/2013 19:14:15 [3440]

Merci voor de hulp; hier is't logje: ~ Verslag van ZHPDiag v2013.12.3.6 - Nicolas Coolman (3/12/2013) ~ Gelanceerd door Pascal (3/12/2013 22:31:25) ~ Het adres van de website : Home - Malicius Software Information ~ Gratis supportforum voor desinfectie : Links - Malicius Software Information ~ Vertaald door de gebruiker ~ Staat van de versie : ~ Lijst wit : Ingeschakeld door het programma ~ Tot misbruik van bevoegdheden : OK ~ Gebruikersaccountbeheer (UAC) : Activate by user ---\\ Internet-browsers MSIE: Internet Explorer v10.0.9200.16736 (Defaut) ---\\ Windows productinformatie ~ Langage: Néerlandais Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Software om het systeem te beveiligen AVG 2013 v13.0.3426 Malwarebytes Anti-Malware versie 1.75.0.1300 Windows Defender W7 ---\\ Systeem optimalisatie software CCleaner v4.06 =>Piriform Ltd ---\\ Delen van software PeerToPeer ---\\ Software die extra aandacht behoeft Adobe Flash Player 11 ActiveX Adobe Reader 9.5.3 - Nederlands ---\\ Informatie over het systeem ~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3691 MB (55% free) System Restore: Activé (Enable) System drive C: has 149 GB (64%) free of 233 GB ---\\ Verbinding met het systeem-modus ~ Computer Name: PASCAL-TOSH ~ User Name: Pascal ~ All Users Names: Pascal, Gast, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Omgevingsvariabelen ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Pascal\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Pascal\AppData\Roaming\ ~ %Desktop% : C:\Users\Pascal\Desktop\ ~ %Favorites% : C:\Users\Pascal\Favorites\ ~ %LocalAppData% : C:\Users\Pascal\AppData\Local\ ~ %StartMenu% : C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Overzicht vaste en verwisselbare stations C: Hard drive, Flash drive, Thumb drive (Free 149 Go of 233 Go) D: Hard drive, Flash drive, Thumb drive (Free 225 Go of 232 Go) E: CD-ROM drive (Free 0 Go of 0 Go) ---\\ Staat van het Windows Beveiligingscentrum [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Zoeken naar bepaalde algemene bestanden [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25/02/2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.12/10/2013 - 9:45:20.) -- C:\Windows\System32\wininet.dll [2241536] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.21/11/2010 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21/11/2010 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 4:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 4:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Status van de verborgen bestanden (verborgen/totaal) ~ Mes images (My Pictures) : 1/2070 ~ Mes musiques (My Musics) : 245/1345 ~ Mes Favoris (My Favorites) : 1/47 ~ Mes Documents (My Documents) : 1/264 ~ Mon Bureau (My Desktop) : 12/8226 ~ Menu demarrer (Programs) : 1/24 ~ Hidden Files: Scanned in 00mn 15s ---\\ Gestarte processen [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.3216] [MD5.1FAA54E9FFEA6FD3E0CEAD951CDDFEF6] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160] [PID.3788] [MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.3920] [MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.3956] [MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3840] [MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4992] [MD5.D7D5768B8A697FCBAEE2CFE137070F02] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770736] [PID.3108] [MD5.DC01B5913305D514041A48D44E4326ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8277504] [PID.6076] [MD5.F89B2DACE0FBE54CF65D12B7081C19C3] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544] [PID.1748] [MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008] [PID.1768] [MD5.DABFBE88774A3C1A8CEA198348E02740] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920] [PID.1880] [MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.4612] [MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.4648] ~ Processes Running: Scanned in 00mn 01s ---\\ Internet Explorer, proxybeheer (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts-bestand omleiding (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer werkbalken (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel ~ Toolbar: Scanned in 00mn 00s ---\\ Andere Verwijzigingen gebruikers (O4) O4 - GS\Desktop [Public]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles O4 - GS\QuickLaunch [Pascal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Pascal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Pascal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Pascal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Pascal]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles O4 - GS\Desktop [Pascal]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe O4 - GS\Desktop [Pascal]: Music - Snelkoppeling.lnk . (...) -- C:\Users\Pascal\Music O4 - GS\Desktop [Pascal]: Numark Cue.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\Numark Cue\cue.exe O4 - GS\QuickLaunch [Gast]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Program [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Gast]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Global Startup: 89 Legitimates Filtered in 00mn 09s ---\\ Toepassingen gestart door register & bestand (O4) O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files (x86)\Microsoft Office\Office\OSA9.exe O4 - GS\Startup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) -- C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe O4 - GS\Startup [Pascal]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - GS\Startup [Gast]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.) O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.) O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.) O4 - HKLM\..\Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe (.not file.) O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe O4 - HKLM\..\Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (.not file.) O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe O4 - HKLM\..\Run: [Cm106Sound] . (.C-Media Corporation - CmiCnfg DLL.) -- C:\Windows\Syswow64\cm106.dll O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [sVPWUTIL] . (.TOSHIBA - SVPWUTIL Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe O4 - HKLM\..\Wow6432Node\Run: [HWSetup] . (.TOSHIBA Electronics, Inc. - HWSetup.) -- C:\Program Files\TOSHIBA\Utilities\HWSetup.exe O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Wow6432Node\Run: [TWebCamera] . (.TOSHIBA CORPORATION. - No Comment.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [vProt] C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe ~ Application: Scanned in 00mn 00s ---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9) O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Domeinadres van de DNS (O17) wijzigen O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130 O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be O17 - HKLM\System\CCS\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com O17 - HKLM\System\CS1\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be O17 - HKLM\System\CS1\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com O17 - HKLM\System\CS2\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be O17 - HKLM\System\CS2\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.2 195.130.130.130 ~ Domain: Scanned in 00mn 00s ---\\ Aanvullend Protocol (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (SSODL/SSO) (O21) autorun registratiekantoor toonsoort O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\system32\CbFsMntNtf3.dll ~ SSODL: 2 Legitimates Filtered in 00mn 00s ---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\SysWOW64\CbFsMntNtf3.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Taken die zijn gepland in de automatische modus (O39) [MD5.BA0BE06A85BC51578D6EAB893C0A9F64] [APT] [{1EAF6B71-CA0C-409A-B64E-6D3C352C5F32}] (...) -- C:\Program Files (x86)\USB Audio\unins000.exe [661258] ~ Scheduled Task: 9 Legitimates Filtered in 00mn 07s ---\\ Geïnstalleerde software (O42) O42 - Logiciel: ExpressFiles - (.Express Files.) [HKCU][64Bits] -- ExpressFiles =>Adware.ExpressFiles O42 - Logiciel: Manillen The Game - (...) [HKLM][64Bits] -- Manillen O42 - Logiciel: Ver 1.2.0 - (.Oscar.) [HKLM][64Bits] -- USB Audio_is1 ~ Logic: 28 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\5e2da8ae56fbd44] =>Hijacker.Eazel [HKCU\Software\8.1] [HKCU\Software\Cue] [HKCU\Software\FileScout] =>PUP.FileScout [HKCU\Software\IGearSettings] [HKCU\Software\radio42] [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Cue] [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles ~ Key Software: 266 Legitimates Filtered in 00mn 01s ---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43) O43 - CFD: 16/03/2013 - 13:20:14 - [2,406] ----D C:\Program Files (x86)\USB Audio O43 - CFD: 25/07/2013 - 16:53:39 - [46,030] ----D C:\Users\Pascal\AppData\Local\Shareaza O43 - CFD: 27/11/2012 - 13:25:18 - [0,003] ----D C:\Users\Pascal\AppData\Local\ZaraRadio O43 - CFD: 21/06/2012 - 14:48:04 - [0] ----D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Manillen The Game ~ Program Folder: 144 Legitimates Filtered in 00mn 14s ---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44) O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 3/12/2013 - 20:08:13 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064] O44 - LFC:[MD5.2B674F48C1130238DF96D5845799B609] - 3/12/2013 - 20:10:46 ---A- . (...) -- C:\zoek-results2013-10-22-150437.log [115632] O44 - LFC:[MD5.14E0F7C91CADBC8FCFE3163D97581FDA] - 3/12/2013 - 20:42:11 ---A- . (...) -- C:\zoek-results.log [10025] O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [25120] O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [25120] O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [25120] O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [25120] ~ Files: 13 Legitimates Filtered in 00mn 15s ---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45) O45 - LFCP:[MD5.0184904BB63E79651899ECB4D7F23189] - 28/11/2013 - 13:38:24 ---A- - C:\Windows\Prefetch\CUE.EXE-8050DCB1.pf O45 - LFCP:[MD5.73C80AC34FE324E42EF1391E3D53EC59] - 28/11/2013 - 9:54:41 ---A- - C:\Windows\Prefetch\KWIKMEDIA.EXE-8DEFA947.pf ~ Prefetcher: 106 Legitimates Filtered in 00mn 00s ---\\ Controle van veilige Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.) ~ CSB: 15 Legitimates Filtered in 00mn 00s ---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Overzicht van de drivers (SDL) (O58) O58 - SDL:[MD5.957EC5620FB055E9DF2250D6FA4188E1] - 12/08/2010 - 17:24:30 ---A- . (.C-Media Electronics Inc - C-Media Audio WDM Driver.) -- C:\Windows\System32\Drivers\CM10664.sys [1310720] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 17 Legitimates Filtered in 00mn 28s ---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61) O61 - LFC: 1/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgcfg.log.1 [65630] O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgcore.log.1 [131265] O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgdecider.log.1 [65655] O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\krnlapi.log.1 [1024199] O61 - LFC: 3/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\commonpriv.log.1 [65995] O61 - LFC: 3/12/2013 - 22:34:43 ---A- . (...) -- C:\Users\Pascal\AppData\Roaming\ZHP\Log.txt [17397] =>.Nicolas Coolman O61 - LFC: 3/12/2013 - 22:34:43 ---A- . (...) -- C:\Users\Pascal\AppData\Roaming\ZHP\TestsZHPDiag.txt [2884] =>.Nicolas Coolman O61 - LFC: 30/11/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgui.log.1 [131211] ~ 2 Fichiers temporaires (Temporary files) ~ Files: 101 Legitimates Filtered in 00mn 51s ---\\ Lijst van cleaning tools (CLAB) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Startmenu Internet (SMI) (O68) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Zoek "infecties in internetbrowsers (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google ~ Keys: Scanned in 00mn 00s ---\\ Geeft een opsomming van de dienst begin door Svchost (SSS) (O83) O83 - Search Svchost Services: winmgmt (winmgmt) . (...) -- C:\PROGRA~3\4rjlf7t7t.pzz [0] ~ Services: 32 Legitimates Filtered in 00mn 00s ---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84) [MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [sPRF][11/08/2012] (...) -- C:\Users\Pascal\AppData\LocalLow\dt.dat [27520] [MD5.662C39FC1E27131551D557862CEC47F0] [sPRF][3/12/2013] (...) -- C:\Users\Pascal\Desktop\RSITx64.exe [935175] ~ Files: 4 Legitimates Filtered in 00mn 00s ---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87) O87 - FAEL: "{EF61FD20-B728-46F7-93E1-BF44FE32F47D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{666B668A-CC9C-47F3-9FE6-31CD20BCC012}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{0CE6DABD-9EB1-4B74-8BF8-A25B4DD6D83A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles O87 - FAEL: "{D4523C71-C95A-4427-9C41-28EDAD34CC16}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles ~ Firewall: 185 Legitimates Filtered in 00mn 02s ---\\ Uitvoer van willekeurige registersleutels (O91) [HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel [HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel [HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^ ~ Export Key Software: Scanned in 00mn 00s ---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt) SS - | Demand 8/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation SS - | Demand 5/02/2010 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 28/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe SR - | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe SR - | Auto 4/08/2010 1809920 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe SR - | Demand 1/07/2010 51576 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation SR - | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe SR - | Auto 28/09/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 25s ---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80) Run by Pascal at 3/12/2013 22:37:47 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80) Written by ad13, PC Helpforum - Gratis hulp bij computer problemen Run by Pascal at 3/12/2013 22:37:49 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Extra scan (O88) Database Version : 13007 - (3/12/2013) Clés trouvées (Keys found) : 36 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 4 [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles] =>Adware.ExpressFiles^ [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKCU\Software\FileScout] =>PUP.FileScout^ [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^ [HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^ [HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^^ ~ Additionnel Scan: 220053 Items scanned in 00mn 52s ---\\ Samenvatting van detecties gevonden op uw werkstation ~ Adware.ExpressFiles - Malicius Software Information =>Adware.ExpressFiles ~ Hijacker.Eazel - Malicius Software Information =>Hijacker.Eazel ~ PUP.FileScout - Malicius Software Information =>PUP.FileScout ~ PUP.Tarma - Malicius Software Information =>PUP.Tarma ~ PUP.Babylon - Malicius Software Information =>PUP.Babylon ~ PUP.ToparcadeHits - Malicius Software Information =>PUP.ToparcadeHits ~ PUP.Software.Updater - Malicius Software Information =>PUP.Software.Updater ~ Toolbar.Conduit - Malicius Software Information =>Toolbar.Conduit ~ Adware.PriceGong - Malicius Software Information =>Adware.PriceGong ~ MSI: 9 link(s) detected in 00mn 53s ~ 1221 Legitimates filtered by white list End of the scan (520 lines in 07mn 18s)(0)

M'n yahoo opent ie effekes, en daarna is het weer 'cannot display the page'. Hij raadt aan om de pagina te venieuwen. Dit staat op de balk bovenaan, als zijnde de pagina: httpss://view.atdmt.com/PPB/iview/427677176/direct;wi.300;hi.250/01?click=http://ads.yahoo.com/clk?3,eJytj10LgjAUhn9NdyJuOlRGF8eWsWiStJS6W66yZuiFKfbrk-jjD.TwXLzncODwIpdq5Wtd-N4Ra6J836PIwwflhkF40pZDKQ2Qg0LkEMci10jBsu.WZ-gTbCJ40VUyhQ-ZBP6OHGYALG7wfPPelC4y8B.uTbT9.oHzKAsAc0PuhkffK6YvQlbVnhV4JbNrkotWyLgSAyoF2.WrnD.2MjYJFkgsUrL79ZhaVtm2zcSFCY5HD0d7UGVd20V9G8cnZuNX-Q==,

Heb ondertussen effe rondgekeken op de site. Heb ook al malwarebytes geinstalleerd en laten lopen hier. Hierbij logje van zoek: Zoek.exe Version 4.0.0.5 Updated 30-November-2013 Tool run by Pascal on di 03/12/2013 at 20:08:19,03. Running in: Normal Mode Internet Access Detected Launched: C:\Users\Pascal\Desktop\zoek\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results2013-10-21-173102.log 33789 bytes C:\zoek-results2013-10-21-181719.log 17057 bytes C:\zoek-results2013-10-21-185730.log 3962 bytes C:\zoek-results2013-10-21-193241.log 4104 bytes C:\zoek-results2013-10-22-105334.log 576 bytes C:\zoek-results2013-10-22-142851.log 115068 bytes C:\zoek-results2013-10-22-150437.log 115632 bytes ==== Empty Folders Check ====================== C:\Users\Pascal\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.0.12 deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\ExpressFiles deleted C:\Users\Pascal\AppData\Roaming\ExpressFiles deleted C:\ProgramData\7rgjwwq.fvv deleted C:\ProgramData\7rgjwwq.bxx deleted C:\ProgramData\AVG Security Toolbar deleted C:\ProgramData\AVG Nation toolbar deleted C:\Users\Gast\AppData\Local\AVG Nation toolbar deleted C:\Users\Pascal\AppData\Local\SwvUpdater deleted C:\Users\Gast\AppData\LocalLow\AVG Nation toolbar deleted C:\Users\Pascal\AppData\LocalLow\AVG Nation toolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted C:\windows\SysNative\Tasks\Express FilesUpdate deleted C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted "C:\PROGRA~2\AVG Nation toolbar\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Nation toolbar" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" not deleted "C:\Users\Pascal\AppData\Local\AVG Nation toolbar" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Pascal\AppData\Local\Temp ==== 2013-12-01 11:29:11 A55B82103A202C20717F45C201EC4553 936960 ----a-w- C:\Users\Pascal\AppData\Local\Temp\htmlayout.dll ====== Java Cache ===== 2013-11-17 11:14:48 DE9F090A52862C99F27E1AE1C0A29296 25104 ----a-w- C:\Users\Pascal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5fe476ba-1f04dda1-0.91.0.0- ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-12-03 18:37:18 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2013-11-14 14:32:59 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-14 14:32:27 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-14 14:32:27 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-14 14:32:27 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-05 20:55:48 27CA53E91543B800E16129BCEC3247AD 150808 ----a-w- C:\Windows\Sysnative\drivers\avgdiska.sys 2013-11-04 20:52:42 57250DDDE2523115D0927DBBA745F9FA 240920 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2013-11-28 07:50:41 -------- d-----w- C:\PROGRA~2\MSECache ======= C: ===== ====== C:\Users\Pascal\AppData\Roaming ====== 2013-12-03 18:36:33 -------- d-----w- C:\Users\Pascal\AppData\Local\Programs 2013-11-26 16:49:05 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2013 2013-11-26 16:48:45 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013 ====== C:\Users\Pascal ====== 2013-12-03 18:36:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Pascal\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-03 17:16:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Pascal\Desktop\RSITx64.exe ====== C: exe-files == 2013-12-03 18:36:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Pascal\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-03 17:16:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\Pascal\Desktop\RSITx64.exe === C: other files == 2013-11-27 07:33:15 CCC3E985CC60C721115A5D883A9864D1 1986231 ----a-w- C:\Documents and Settings\Pascal\Desktop\jingles radio 19\oude 19jingles\Kerstjingles 2013 R19.zip ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "speedanalysis02@SpeedAnalysis.com"="C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "speedanalysis02@SpeedAnalysis.com"="C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com" [] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\mozilla\Firefox\Extensions\speedanalysis02@SpeedAnalysis.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\speedanalysis02@SpeedAnalysis.com deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Pascal\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\AVG Nation toolbar" not found "C:\PROGRA~2\COMMON~1\AVG Secure Search" not found ==== EOF on di 03/12/2013 at 20:42:11,61 ======================

He Juisterr, bedankt voor je snelle reactie! Ik kan pas vrijdag terug op die pc, kan je nog effe wachten? Met dank Pascal

Beste, Is m'n 2e post vandaag, ditmaal voor m'n laptop. Kan je dit logje 's bekijken aub? Thanks! Pascal Logfile of random's system information tool 1.09 (written by random/random) Run by Pascal at 2013-12-03 18:17:36 WIN_7 Service Pack 1 System drive C: has 153 GB (64%) free of 238 GB Total RAM: 3692 MB (55% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:23:31, on 3/12/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16736) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\AVG Nation toolbar\vprot.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Pascal.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?') O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11955 bytes ======Listing Processes====== ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\AmiUpdXp.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}] Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}] Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-01-17 155416] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll [2013-10-24 3352392] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-22 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll [2013-10-24 3352392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928] "TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304] "Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720] "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184] "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680] "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-10-28 915320] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-10 11580520] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-11-03 2181224] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-30 2387752] "TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976] "SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080] "TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376] "Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2011-08-22 150992] "Cm106Sound"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 138096] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"=c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29 1409424] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384] "SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-11-09 532480] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936] "KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160] "TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-11-02 2475384] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2010-07-01 1295224] "AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2013-11-07 4956176] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352] "vProt"=C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2013-10-24 2403144] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2013-11-28 08:50:41 ----D---- C:\Program Files (x86)\MSECache 2013-11-22 18:33:14 ----D---- C:\Users\Pascal\AppData\Roaming\ExpressFiles 2013-11-22 18:33:13 ----D---- C:\Program Files (x86)\ExpressFiles 2013-11-14 22:46:25 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-11-14 22:46:25 ----A---- C:\Windows\system32\ieui.dll 2013-11-14 22:46:23 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-11-14 22:46:23 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-11-14 22:46:23 ----A---- C:\Windows\system32\iesetup.dll 2013-11-14 22:46:23 ----A---- C:\Windows\system32\iernonce.dll 2013-11-14 22:46:22 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-11-14 22:46:22 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-11-14 22:46:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-14 22:46:22 ----A---- C:\Windows\system32\iesysprep.dll 2013-11-14 22:46:22 ----A---- C:\Windows\system32\ie4uinit.exe 2013-11-14 22:46:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-11-14 22:46:20 ----A---- C:\Windows\system32\iertutil.dll 2013-11-14 22:46:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-11-14 22:46:19 ----A---- C:\Windows\system32\msfeeds.dll 2013-11-14 22:46:18 ----A---- C:\Windows\system32\jscript.dll 2013-11-14 22:46:17 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-11-14 22:46:16 ----A---- C:\Windows\system32\jscript9.dll 2013-11-14 22:46:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-11-14 22:46:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-11-14 22:46:13 ----A---- C:\Windows\system32\urlmon.dll 2013-11-14 22:46:11 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-11-14 22:46:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-11-14 22:46:11 ----A---- C:\Windows\system32\jsproxy.dll 2013-11-14 22:46:10 ----A---- C:\Windows\system32\wininet.dll 2013-11-14 22:46:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-11-14 22:46:05 ----A---- C:\Windows\system32\ieframe.dll 2013-11-14 22:46:03 ----A---- C:\Windows\system32\mshtml.dll 2013-11-14 22:45:58 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-11-14 15:33:10 ----A---- C:\Windows\system32\crypt32.dll 2013-11-14 15:33:09 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-11-14 15:32:59 ----A---- C:\Windows\system32\drivers\afd.sys 2013-11-14 15:32:47 ----A---- C:\Windows\SYSWOW64\authui.dll 2013-11-14 15:32:47 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-14 15:32:47 ----A---- C:\Windows\system32\credui.dll 2013-11-14 15:32:47 ----A---- C:\Windows\system32\authui.dll 2013-11-14 15:32:46 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll 2013-11-14 15:32:46 ----A---- C:\Windows\SYSWOW64\credui.dll 2013-11-14 15:32:33 ----A---- C:\Windows\system32\IKEEXT.DLL 2013-11-14 15:32:33 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 15:32:32 ----A---- C:\Windows\SYSWOW64\nshwfp.dll 2013-11-14 15:32:32 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL 2013-11-14 15:32:32 ----A---- C:\Windows\system32\nshwfp.dll 2013-11-14 15:32:31 ----A---- C:\Windows\SYSWOW64\gdi32.dll 2013-11-14 15:32:31 ----A---- C:\Windows\system32\gdi32.dll 2013-11-14 15:32:28 ----A---- C:\Windows\system32\schannel.dll 2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\secur32.dll 2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\schannel.dll 2013-11-14 15:32:27 ----A---- C:\Windows\system32\sspicli.dll 2013-11-14 15:32:27 ----A---- C:\Windows\system32\lsass.exe 2013-11-14 15:32:27 ----A---- C:\Windows\system32\lsasrv.dll 2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\cng.sys 2013-11-14 15:32:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2013-11-14 15:32:26 ----A---- C:\Windows\system32\sspisrv.dll 2013-11-14 15:32:26 ----A---- C:\Windows\system32\secur32.dll 2013-11-14 15:32:26 ----A---- C:\Windows\system32\ncrypt.dll 2013-11-05 21:55:48 ----A---- C:\Windows\system32\drivers\avgdiska.sys 2013-11-04 21:52:42 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys 2013-10-31 23:00:18 ----A---- C:\Windows\system32\drivers\avgldx64.sys 2013-10-31 22:49:46 ----A---- C:\Windows\system32\drivers\avgloga.sys 2013-10-30 17:01:16 ----D---- C:\Users\Pascal\AppData\Roaming\AVG2014 2013-10-30 16:53:50 ----D---- C:\ProgramData\AVG2014 2013-10-26 10:00:45 ----D---- C:\Users\Pascal\AppData\Roaming\Windows Live Writer 2013-10-24 22:25:58 ----A---- C:\Windows\system32\drivers\avgidsha.sys 2013-10-24 14:19:12 ----D---- C:\ProgramData\AVG Security Toolbar 2013-10-24 14:18:52 ----A---- C:\Windows\system32\drivers\avgtpx64.sys 2013-10-24 14:18:47 ----D---- C:\ProgramData\AVG Nation toolbar 2013-10-24 14:18:43 ----D---- C:\Program Files (x86)\AVG Nation toolbar 2013-10-22 17:47:35 ----SHD---- C:\$RECYCLE.BIN 2013-10-22 16:37:00 ----D---- C:\ProgramData\HitmanPro 2013-10-22 15:57:51 ----D---- C:\Windows\Temp 2013-10-22 15:57:51 ----A---- C:\Windows\zoek-delete.exe 2013-10-21 18:24:42 ----D---- C:\Program Files (x86)\HiJackThis 2013-10-21 17:25:02 ----D---- C:\Program Files (x86)\trend micro 2013-10-21 17:24:32 ----D---- C:\rsit 2013-10-17 18:25:45 ----D---- C:\Program Files\CCleaner 2013-10-17 18:22:16 ----A---- C:\DelFix.txt 2013-10-17 07:53:39 ----D---- C:\Program Files\trend micro 2013-10-10 06:23:02 ----A---- C:\Windows\SYSWOW64\comctl32.dll 2013-10-10 06:23:02 ----A---- C:\Windows\system32\comctl32.dll 2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\lpk.dll 2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\fontsub.dll 2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\dciman32.dll 2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\atmlib.dll 2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\atmfd.dll 2013-10-10 06:22:59 ----A---- C:\Windows\system32\lpk.dll 2013-10-10 06:22:59 ----A---- C:\Windows\system32\fontsub.dll 2013-10-10 06:22:59 ----A---- C:\Windows\system32\dciman32.dll 2013-10-10 06:22:59 ----A---- C:\Windows\system32\atmlib.dll 2013-10-10 06:22:59 ----A---- C:\Windows\system32\atmfd.dll 2013-10-10 06:22:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys 2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\usbvideo.sys 2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\usbcir.sys 2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys 2013-10-10 06:22:55 ----A---- C:\Windows\SYSWOW64\mswsock.dll 2013-10-10 06:22:55 ----A---- C:\Windows\system32\mswsock.dll 2013-10-10 06:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-10-10 06:22:53 ----A---- C:\Windows\SYSWOW64\WebClnt.dll 2013-10-10 06:22:53 ----A---- C:\Windows\SYSWOW64\davclnt.dll 2013-10-10 06:22:53 ----A---- C:\Windows\system32\WebClnt.dll 2013-10-10 06:22:53 ----A---- C:\Windows\system32\drivers\mrxdav.sys 2013-10-10 06:22:53 ----A---- C:\Windows\system32\davclnt.dll 2013-10-10 06:22:52 ----A---- C:\Windows\system32\drivers\hidparse.sys 2013-10-10 06:22:52 ----A---- C:\Windows\system32\drivers\hidclass.sys 2013-10-10 06:22:50 ----A---- C:\Windows\system32\win32k.sys 2013-10-10 06:22:44 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-10-10 06:22:39 ----A---- C:\Windows\system32\advapi32.dll 2013-10-10 06:22:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-10-10 06:22:37 ----A---- C:\Windows\system32\tdh.dll 2013-10-10 06:22:36 ----A---- C:\Windows\SYSWOW64\tdh.dll 2013-10-10 06:22:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-10-10 06:22:35 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2013-10-10 06:22:35 ----A---- C:\Windows\SYSWOW64\advapi32.dll 2013-10-10 06:22:35 ----A---- C:\Windows\system32\wow64.dll 2013-10-10 06:22:35 ----A---- C:\Windows\system32\ntdll.dll 2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\wow32.dll 2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\user.exe 2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\setup16.exe 2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\instnm.exe 2013-10-10 06:22:25 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 06:22:25 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 06:22:24 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-10-10 06:22:23 ----A---- C:\Windows\system32\scavengeui.dll 2013-10-01 00:52:08 ----A---- C:\Windows\system32\drivers\avgmfx64.sys 2013-09-12 08:10:56 ----A---- C:\Windows\system32\drivers\ataport.sys 2013-09-12 08:10:34 ----A---- C:\Windows\system32\KernelBase.dll 2013-09-12 08:10:33 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2013-09-12 08:10:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2013-09-12 08:10:33 ----A---- C:\Windows\system32\winsrv.dll 2013-09-12 08:10:33 ----A---- C:\Windows\system32\smss.exe 2013-09-12 08:10:33 ----A---- C:\Windows\system32\kernel32.dll 2013-09-12 08:10:33 ----A---- C:\Windows\system32\csrsrv.dll 2013-09-12 08:10:33 ----A---- C:\Windows\system32\conhost.exe 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 08:10:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 08:10:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 08:10:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 08:10:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 08:10:30 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2013-09-12 08:10:30 ----A---- C:\Windows\system32\apisetschema.dll 2013-09-12 08:10:17 ----A---- C:\Windows\system32\shell32.dll 2013-09-12 08:10:16 ----A---- C:\Windows\SYSWOW64\shell32.dll 2013-09-12 08:10:15 ----A---- C:\Windows\SYSWOW64\shdocvw.dll 2013-09-12 08:10:15 ----A---- C:\Windows\system32\shdocvw.dll 2013-09-10 00:43:02 ----A---- C:\Windows\system32\drivers\avgrkx64.sys ======List of files/folders modified in the last 3 months====== 2013-12-03 18:11:07 ----D---- C:\Windows\system32\config 2013-12-03 18:09:40 ----SHD---- C:\Windows\Installer 2013-12-03 18:08:58 ----D---- C:\ProgramData\MFAData 2013-12-02 18:05:57 ----D---- C:\Windows 2013-12-01 16:25:45 ----D---- C:\Users\Pascal\AppData\Roaming\Audacity 2013-12-01 12:29:30 ----RD---- C:\Program Files (x86) 2013-12-01 12:29:22 ----D---- C:\Windows\system32\Tasks 2013-12-01 00:42:16 ----SHD---- C:\System Volume Information 2013-11-28 21:19:05 ----D---- C:\Windows\Panther 2013-11-28 21:19:05 ----D---- C:\Windows\Logs 2013-11-28 21:19:05 ----D---- C:\Windows\debug 2013-11-28 08:52:42 ----SD---- C:\Users\Pascal\AppData\Roaming\Microsoft 2013-11-28 08:51:49 ----D---- C:\Program Files (x86)\Microsoft Office 2013-11-27 16:03:44 ----D---- C:\Windows\system32\catroot 2013-11-26 17:49:22 ----D---- C:\ProgramData\AVG2013 2013-11-26 17:49:22 ----D---- C:\Program Files (x86)\AVG 2013-11-26 17:47:11 ----D---- C:\Windows\system32\drivers 2013-11-24 19:36:44 ----D---- C:\Windows\system32\catroot2 2013-11-22 18:33:34 ----D---- C:\Windows\Tasks 2013-11-15 16:13:19 ----D---- C:\Windows\winsxs 2013-11-15 16:10:32 ----D---- C:\Program Files (x86)\Internet Explorer 2013-11-15 16:10:31 ----D---- C:\Windows\SysWOW64 2013-11-15 16:10:30 ----D---- C:\Windows\System32 2013-11-15 16:10:28 ----D---- C:\Program Files\Internet Explorer 2013-11-15 16:10:23 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-11-15 16:10:23 ----D---- C:\Windows\system32\nl-NL 2013-11-14 22:44:40 ----D---- C:\Windows\system32\MRT 2013-11-14 22:39:52 ----A---- C:\Windows\system32\MRT.exe 2013-11-09 17:15:11 ----D---- C:\Users\Pascal\AppData\Roaming\Skype 2013-11-03 13:15:54 ----D---- C:\Windows\system32\NDF 2013-11-02 12:14:17 ----D---- C:\Windows\inf 2013-10-30 16:53:50 ----HD---- C:\ProgramData 2013-10-25 18:58:45 ----D---- C:\Windows\SYSWOW64\drivers 2013-10-24 14:18:46 ----D---- C:\Program Files (x86)\Common Files 2013-10-21 18:53:28 ----RD---- C:\Program Files 2013-10-18 15:33:55 ----D---- C:\Windows\rescache 2013-10-17 18:27:16 ----D---- C:\Windows\Minidump 2013-10-17 11:30:00 ----D---- C:\Windows\Prefetch 2013-10-16 20:08:35 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-10-12 13:58:41 ----D---- C:\Windows\Microsoft.NET 2013-10-12 13:57:51 ----RSD---- C:\Windows\assembly 2013-10-11 19:01:45 ----D---- C:\Program Files\Microsoft Silverlight 2013-10-11 19:01:43 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2013-10-11 18:58:42 ----D---- C:\Windows\AppPatch 2013-10-11 18:58:37 ----D---- C:\Windows\system32\DriverStore 2013-10-08 20:16:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-10-08 14:56:51 ----SD---- C:\ProgramData\Microsoft 2013-10-08 14:56:50 ----D---- C:\Program Files\Common Files\Microsoft Shared 2013-10-08 14:56:04 ----D---- C:\Users\Pascal\AppData\Roaming\SoftGrid Client 2013-09-20 21:57:00 ----D---- C:\ProgramData\Skype 2013-09-20 21:56:55 ----RD---- C:\Program Files (x86)\Skype 2013-09-12 23:13:04 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-08-14 75904] R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-08-14 38016] R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-10-24 194872] R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-10-01 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-10 31544] R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840] R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-11-05 150808] R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-04 240920] R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-10-31 212280] R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-10-24 46368] R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-01-17 323472] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760] R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2012-05-10 20592] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-10 2544232] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-30 1393712] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784] S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBMULCD;Aureon 7.1 USB Interface; C:\Windows\system32\drivers\CM10664.sys [2010-08-12 1310720] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-28 204288] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920] R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384] R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-24 1733448] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-07-25 162672] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736] -----------------EOF-----------------