pas
-
Items
79 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door pas
-
-
He Kweezie Wabbit, Asus,
Mijn excuses voor deze late reactie. Ik zal deze week Memtest68+ laten testen
mvg
Pascal Van Geem
-
Beste Kweezie wabbit,
Zijn jullie hier wat mee?
mvg
Pascal
Open Hardware Monitor Report
--------------------------------------------------------------------------------
Version: 0.6.0.0
--------------------------------------------------------------------------------
Common Language Runtime: 4.0.30319.18444
Operating System: Microsoft Windows NT 6.1.7601 Service Pack 1
Process Type: 64-Bit
--------------------------------------------------------------------------------
Sensors
|
+- Unknown (/mainboard)
|
+- AMD E-300 APU with Radeon HD Graphics (/amdcpu/0)
| +- Bus Speed : 99.7539 99.7537 99.7593 (/amdcpu/0/clock/0)
| +- CPU Core #1 : 778.081 778.079 1296.87 (/amdcpu/0/clock/1)
| +- CPU Core #2 : 778.081 778.079 1296.87 (/amdcpu/0/clock/2)
| +- Core #1 - #2 : 44 43.5 48.625 (/amdcpu/0/temperature/0)
| +- CPU Total : 10 0 95.4545 (/amdcpu/0/load/0)
| +- CPU Core #1 : 7.69231 0 100 (/amdcpu/0/load/1)
| +- CPU Core #2 : 12.3077 0 100 (/amdcpu/0/load/2)
|
+- Generic Memory (/ram)
| +- Memory : 69.3209 69.3046 71.9644 (/ram/load/0)
| +- Used Memory : 2.4991 2.49851 2.5944 (/ram/data/0)
| +- Available Memory : 1.10602 1.01072 1.10661 (/ram/data/1)
|
+- AMD Radeon HD 6310 Graphics (/atigpu/0)
| +- GPU Core : 0.863 0.863 0.925 (/atigpu/0/voltage/0)
| +- GPU Core : 278.58 278.58 487.5 (/atigpu/0/clock/0)
| +- GPU Memory : 533 533 533 (/atigpu/0/clock/1)
| +- GPU Core : 43 43 52 (/atigpu/0/temperature/0)
| +- GPU Core : 0 0 100 (/atigpu/0/load/0)
|
+- TOSHIBA MK5075GSX (/hdd/0)
| +- Temperature : 37 37 37 (/hdd/0/temperature/0)
--------------------------------------------------------------------------------
Parameters
|
+- Unknown (/mainboard)
|
+- AMD E-300 APU with Radeon HD Graphics (/amdcpu/0)
| |
| +- Core #1 - #2 (/amdcpu/0/temperature/0)
| | +- Offset [°C] : 0 : 0
|
+- Generic Memory (/ram)
|
+- AMD Radeon HD 6310 Graphics (/atigpu/0)
|
+- TOSHIBA MK5075GSX (/hdd/0)
| |
| +- Temperature (/hdd/0/temperature/0)
| | +- Offset [°C] : 0 : 0
--------------------------------------------------------------------------------
Mainboard
--------------------------------------------------------------------------------
CPUID
Processor 0
Processor Vendor: AMD
Processor Brand: AMD E-300 APU with Radeon HD Graphics
Family: 0x14
Model: 0x2
Stepping: 0x0
CPUID Return Values
CPU Thread: 0
APIC ID: 0
Processor ID: 0
Core ID: 0
Thread ID: 0
Function EAX EBX ECX EDX
00000000 00000006 68747541 444D4163 69746E65
00000001 00500F20 00020800 00802209 178BFBFF
00000002 00000000 00000000 00000000 00000000
00000003 00000000 00000000 00000000 00000000
00000004 00000000 00000000 00000000 00000000
00000005 00000040 00000040 00000003 00000000
00000006 00000000 00000000 00000001 00000000
80000000 8000001B 68747541 444D4163 69746E65
80000001 00500F20 000011F9 000035FF 2FD3FBFF
80000002 20444D41 30332D45 50412030 69772055
80000003 52206874 6F656461 6D74286E 44482029
80000004 61724720 63696870 00000073 00000000
80000005 FF08FF08 FF280000 20080140 20020140
80000006 00000000 42004200 02008140 00000000
80000007 00000000 00000000 00000000 000001F9
80000008 00003024 00000000 00001001 00000000
80000009 00000000 00000000 00000000 00000000
8000000A 00000001 00000008 00000000 0000060F
8000000B 00000000 00000000 00000000 00000000
8000000C 00000000 00000000 00000000 00000000
8000000D 00000000 00000000 00000000 00000000
8000000E 00000000 00000000 00000000 00000000
8000000F 00000000 00000000 00000000 00000000
80000010 00000000 00000000 00000000 00000000
80000011 00000000 00000000 00000000 00000000
80000012 00000000 00000000 00000000 00000000
80000013 00000000 00000000 00000000 00000000
80000014 00000000 00000000 00000000 00000000
80000015 00000000 00000000 00000000 00000000
80000016 00000000 00000000 00000000 00000000
80000017 00000000 00000000 00000000 00000000
80000018 00000000 00000000 00000000 00000000
80000019 00000000 00000000 00000000 00000000
8000001A 00000000 00000000 00000000 00000000
8000001B 000000FF 00000000 00000000 00000000
CPU Thread: 1
APIC ID: 1
Processor ID: 0
Core ID: 1
Thread ID: 0
Function EAX EBX ECX EDX
00000000 00000006 68747541 444D4163 69746E65
00000001 00500F20 01020800 00802209 178BFBFF
00000002 00000000 00000000 00000000 00000000
00000003 00000000 00000000 00000000 00000000
00000004 00000000 00000000 00000000 00000000
00000005 00000040 00000040 00000003 00000000
00000006 00000000 00000000 00000001 00000000
80000000 8000001B 68747541 444D4163 69746E65
80000001 00500F20 000011F9 000035FF 2FD3FBFF
80000002 20444D41 30332D45 50412030 69772055
80000003 52206874 6F656461 6D74286E 44482029
80000004 61724720 63696870 00000073 00000000
80000005 FF08FF08 FF280000 20080140 20020140
80000006 00000000 42004200 02008140 00000000
80000007 00000000 00000000 00000000 000001F9
80000008 00003024 00000000 00001001 00000000
80000009 00000000 00000000 00000000 00000000
8000000A 00000001 00000008 00000000 0000060F
8000000B 00000000 00000000 00000000 00000000
8000000C 00000000 00000000 00000000 00000000
8000000D 00000000 00000000 00000000 00000000
8000000E 00000000 00000000 00000000 00000000
8000000F 00000000 00000000 00000000 00000000
80000010 00000000 00000000 00000000 00000000
80000011 00000000 00000000 00000000 00000000
80000012 00000000 00000000 00000000 00000000
80000013 00000000 00000000 00000000 00000000
80000014 00000000 00000000 00000000 00000000
80000015 00000000 00000000 00000000 00000000
80000016 00000000 00000000 00000000 00000000
80000017 00000000 00000000 00000000 00000000
80000018 00000000 00000000 00000000 00000000
80000019 00000000 00000000 00000000 00000000
8000001A 00000000 00000000 00000000 00000000
8000001B 000000FF 00000000 00000000 00000000
--------------------------------------------------------------------------------
AMD CPU
Name: AMD E-300 APU with Radeon HD Graphics
Number of Cores: 2
Threads per Core: 1
Timer Frequency: 1.266406 MHz
Time Stamp Counter: Invariant
Estimated Time Stamp Counter Frequency: 1296.87 MHz
Estimated Time Stamp Counter Frequency Error: 0.12289 Mhz
Time Stamp Counter Frequency: 1296.8 MHz
MSR Core #1
MSR EDX EAX
C0010000 00000000 00000000
C0010004 00000000 00000000
C0010015 00000000 01000011
C0010064 8000012B 00002020
C0010071 002E0082 64002020
MSR Core #2
MSR EDX EAX
C0010000 00000000 00000000
C0010004 00000000 00000000
C0010015 00000000 01000011
C0010064 8000012B 00002020
C0010071 002E0082 64002020
Miscellaneous Control Address: 0xC3
Time Stamp Counter Multiplier: 13
PCI Register D18F3xD4: 00024F57
--------------------------------------------------------------------------------
AMD Display Library
Status: OK
Number of adapters: 2
AdapterIndex: 0
isActive: 1
AdapterName: AMD Radeon HD 6310 Graphics
UDID: PCI_VEN_1002&DEV_9802&SUBSYS_FD3C1179&REV_00_3&11583659&0&08A
Present: 1
VendorID: 0x1002
BusNumber: 0
DeviceNumber: 1
FunctionNumber: 0
AdapterID: 0x5B26100
AdapterIndex: 1
isActive: 0
AdapterName: AMD Radeon HD 6310 Graphics
UDID: PCI_VEN_1002&DEV_9802&SUBSYS_FD3C1179&REV_00_3&11583659&0&08&02A
Present: 1
VendorID: 0x1002
BusNumber: 0
DeviceNumber: 1
FunctionNumber: 0
AdapterID: 0x5B26100
--------------------------------------------------------------------------------
GenericHarddisk
Drive name: TOSHIBA MK5075GSX
Firmware version: GT001M
ID Description Raw Value Worst Value Thres Physical
01 Read Error Rate 000000000000 100 100 50 -
02 Throughput Performance 000000000000 100 100 50 -
03 Spin-Up Time 350800000000 100 100 1 -
04 Start/Stop Count CE0B00000000 100 100 0 3022
05 Reallocated Sectors Count 000000000000 100 100 50 -
07 Seek Error Rate 000000000000 100 100 50 -
08 Seek Time Performance 000000000000 100 100 50 -
09 Power-On Hours (POH) 3F1700000000 86 86 0 5951
0A Spin Retry Count 000000000000 100 160 30 -
0C Power Cycle Count C40B00000000 100 100 0 3012
BF G-sense Error Rate 141000000000 100 100 0 -
C0 Emergency Retract Cycle Count 0A0000000000 100 100 0 -
C1 Load Cycle Count 280E01000000 94 94 0 -
C2 Temperature 25000B003000 100 100 0 37
C4 Reallocation Event Count 000000000000 100 100 0 -
C5 Current Pending Sector Count 000000000000 100 100 0 -
C6 Uncorrectable Sector Count 000000000000 100 100 0 -
C7 UltraDMA CRC Error Count 000000000000 200 200 0 -
DC Disk Shift 420000000000 100 100 0 -
DE Loaded Hours ED0E00000000 91 91 0 -
DF Load/Unload Retry Count 000000000000 100 100 0 -
E0 Load Friction 000000000000 100 100 0 -
E2 Load 'In'-time E50000000000 100 100 0 -
F0 Head Flying Hours 000000000000 100 100 1 -
-
Beste,
Als ik Speccy zoek op m'n laptop, staat ie bij locatie: speccy64 (C:\program files\speccy). Die staat goed denk ik?
Ik heb 'm opnieuw geinstalleerd en opnieuw laten draaien. Helaas zal ie weer niet doen wat ie moet doen?
http://speccy.piriform.com/results/ExUeKofDmHATvrmIbhfqXmp
Dan Real Temp dan maar, echter hier zit ik wat vast. Ik pak alle bestanden uit en tracht .exe uit te voeren, en krijg foutmelding: the processor detected is not supported AMD E-300 APU with radeon HD graphics. Wat doe ik verkeerd?
mvg
Pascal
-
Zal in normale modus zijn denk ik. Ik start 'm opnieuw op en dan deed ik die Speccy. Zal ik 'm volgende keer opstarten in veilige modus en dan die speccy doen?
mvg
Pascal
-
He Asus,
Ik had je berichtje van 23-8 gemist blijkbaar. Deze middag had ik opnieuw hetzelfde probleem. Hierbij Speccy:
http://speccy.piriform.com/results/Y3UYTZ540E4PXXgGAsOyDl3
mvg
Pascal
-
He Asus,
Ik heb 't net opnieuw gehad. Is er iets anders wat ik kan doen?
mvg
Pascal
-
He Asus,
Ik had 'm gedownload en geïnstalleerd (dacht ik). Gister was het weer zover... Ik heb iets opgevangen van beeldschermstuurprogramma en AMD...
Ik heb net de link nog 's gedownload en geïnstalleerd. AMD Radeon HD 6310 Graphics zou zijn geïnstalleerd...
mvg
Pascal
-
Kheb 'm gedownload. Ik zal 's kijken of ie nog uitvalt de komende week. Ik geef jullie zeker feedback
Alvast bedankt voor de hulp en jullie tijd!
Mvg
Pascal
-
He Asus,
Toshiba Satellite C 660 D - 1ch
Part no PSC1YE - 02001187
ben je daar wat mee?
Mvg
Pascal
-
Beste Mako,
Dank je wel alvast!
Mvg
Pascal
-
Beste Mako,
Bij nader inzien... Ik zit vaak te manillen op Home Page - Manillen Online
Ik dacht aan games, die flitsende toestanden a la space invaders ed
Je zal gelijk hebben ivm de grafische kaart
mvg
Pascal
ps: Alcohol 120%, Daemon Tools of Sandboxie zijn mij onbekend
-
Geen spelletjes of dergelijke. Het enige wat vaak draait is Audacity.
Hierbij Speccy:
mvg
Pascal
-
Beste Mako,
Ie gaf aan ' geen schendingen....'
Hierbij Blue Sreen-log
mvg
Pascal
==================================================
Dump File : 081114-63898-01.dmp
Crash Time : 11/08/2014 15:21:07
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`044984e0
Parameter 2 : fffff880`03d4fa1c
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d140
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081114-63898-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 910.200
Dump File Time : 11/08/2014 15:22:56
==================================================
==================================================
Dump File : 080714-75457-01.dmp
Crash Time : 7/08/2014 17:46:48
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`0483a4e0
Parameter 2 : fffff880`02d1ba1c
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d140
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080714-75457-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 373.136
Dump File Time : 7/08/2014 17:49:10
==================================================
==================================================
Dump File : 080614-65239-01.dmp
Crash Time : 6/08/2014 12:39:32
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`064f74e0
Parameter 2 : fffff880`02c78a1c
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d140
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080614-65239-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 373.048
Dump File Time : 6/08/2014 12:41:28
==================================================
==================================================
Dump File : 080214-69108-01.dmp
Crash Time : 2/08/2014 8:40:48
Bug Check String :
Bug Check Code : 0x00000116
Parameter 1 : fffffa80`03fa74e0
Parameter 2 : fffff880`04107a1c
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000002
Caused By Driver : dxgkrnl.sys
Caused By Address : dxgkrnl.sys+5d140
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75bc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080214-69108-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 371.856
Dump File Time : 2/08/2014 8:42:35
==================================================
-
-
Beste,
Mijn laptop is al op een 2-tal weken tijd, ong 4 keer plots uitgevallen, met de melding ' computer wordt afgesloten, interne fout,...' (met blauwe achtergrond).
Is het mogelijk om even naar dit Hijack-logje te kijken? Of heeft dit een andere oorzaak?
Mvg,
Pascal
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pascal at 2014-08-11 19:37:40
WIN_7 Service Pack 1
System drive C: has 107 GB (45%) free of 238 GB
Total RAM: 3692 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:40:43, on 11/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\trend micro\Pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3B7514NV0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')
O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: Inktwaarschuwingen controleren - .lnk = ? (User '?')
O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ? (User '?')
O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Inktwaarschuwingen controleren - .lnk = ?
O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ?
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12837 bytes
======Listing Processes======
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000Core.job - C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000UA.job - C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]
Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]
Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-01-17 155416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-12 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12 1431712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-10-28 915320]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-10 11580520]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-11-03 2181224]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-30 2387752]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2011-08-22 150992]
"Cm106Sound"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 138096]
"HP Photosmart 5520 series (NET)"=C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 2573416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"=c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29 1409424]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-11-09 532480]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-11-02 2475384]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2010-07-01 1295224]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-07-10 5187088]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
""= []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Inktwaarschuwingen controleren - .lnk - C:\Windows\system32\RunDll32.exe
Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk - C:\Windows\system32\RunDll32.exe
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-08-02 08:50:50 ----A---- C:\Windows\system32\wups2.dll
2014-08-02 08:50:50 ----A---- C:\Windows\system32\wucltux.dll
2014-08-02 08:50:50 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-02 08:50:50 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-02 08:50:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-02 08:50:16 ----A---- C:\Windows\system32\wups.dll
2014-08-02 08:50:16 ----A---- C:\Windows\system32\wudriver.dll
2014-08-02 08:50:15 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-02 08:50:15 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-02 08:50:15 ----A---- C:\Windows\system32\wuapi.dll
2014-08-02 08:49:51 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-02 08:49:51 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-02 08:49:50 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-02 08:49:50 ----A---- C:\Windows\system32\wuapp.exe
2014-07-13 18:17:27 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-13 18:16:49 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-13 18:16:48 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-13 18:16:48 ----A---- C:\Windows\system32\drivers\mwac.sys
======List of files/folders modified in the last 1 month======
2014-08-11 19:38:27 ----D---- C:\Windows\Temp
2014-08-11 19:38:14 ----D---- C:\Program Files\trend micro
2014-08-11 19:28:30 ----D---- C:\Windows\SysWOW64
2014-08-11 19:28:30 ----D---- C:\Windows
2014-08-11 18:51:21 ----D---- C:\ProgramData\MFAData
2014-08-11 15:22:51 ----D---- C:\Windows\Minidump
2014-08-11 11:49:48 ----D---- C:\Users\Pascal\AppData\Roaming\Audacity
2014-08-11 10:29:16 ----D---- C:\Windows\system32\config
2014-08-09 11:54:35 ----SHD---- C:\Windows\Installer
2014-08-07 09:06:39 ----D---- C:\Windows\system32\drivers
2014-08-02 08:51:58 ----D---- C:\Windows\winsxs
2014-08-02 08:51:55 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-08-02 08:51:55 ----D---- C:\Windows\system32\nl-NL
2014-08-02 08:51:55 ----D---- C:\Windows\System32
2014-08-02 08:51:12 ----D---- C:\Windows\system32\catroot
2014-08-02 08:51:10 ----D---- C:\Windows\system32\catroot2
2014-08-02 08:49:52 ----SHD---- C:\System Volume Information
2014-07-24 15:43:16 ----D---- C:\Program Files\Microsoft Silverlight
2014-07-24 15:43:14 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-07-19 10:18:27 ----D---- C:\Users\Pascal\AppData\Roaming\Skype
2014-07-18 01:54:45 ----D---- C:\Windows\system32\NDF
2014-07-15 13:38:13 ----D---- C:\Windows\rescache
2014-07-14 12:42:28 ----D---- C:\Windows\system32\wdi
2014-07-13 18:48:31 ----D---- C:\Windows\inf
2014-07-13 18:48:29 ----D---- C:\Windows\debug
2014-07-13 18:16:59 ----D---- C:\Users\Pascal\AppData\Roaming\Malwarebytes
2014-07-13 18:16:48 ----RD---- C:\Program Files (x86)
2014-07-13 18:16:48 ----D---- C:\ProgramData\Malwarebytes
2014-07-13 18:16:47 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-08-14 75904]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-08-14 38016]
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-17 190744]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-06-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-06-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-30 152344]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-06-17 242968]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-06-17 235800]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-06-17 269080]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-10-24 46368]
R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-01-17 323472]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2012-05-10 20592]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-10 2544232]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-30 1393712]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S1 hwinterface;hwinterface; C:\Windows\System32\Drivers\hwinterface.sys []
S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBMULCD;Aureon 7.1 USB Interface; C:\Windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-28 204288]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-07-10 3244048]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-07-10 289328]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-12 247968]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-12 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08 262320]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
-
De rotzooi is blijkbaar verdwenen!!! Hartelijk bedankt voor de hulp!!
-
Bedankt voor 't wachten
Zoek.exe Version 4.0.0.5 Updated 05-December-2013
Tool run by esso on vr 06/12/2013 at 11:22:28,96.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted]
==== System Restore Info ======================
6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\Online Services deleted successfully
C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully
C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\esso\Application Data\searchquband deleted successfully
C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
---- Lines Softonic removed from prefs.js ----
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.cntry", "BE");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B");
user_pref("extensions.Softonic.hmpg", false);
user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.Softonic.instlDay", "15519");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.newTab", false);
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.sg", "az");
user_pref("extensions.Softonic.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "Web search=");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");
---- Lines Softonic modified from prefs.js ----
user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605
---- Lines Softonic removed from user.js ----
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic.tlbrSrchUrl", "Web search=");
user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.Softonic.instlDay", "15519");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.admin", false);
---- Lines delta removed from prefs.js ----
user_pref("browser.newtab.url", "Delta Search");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.babExt", "");
user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta.bbDpng", "12");
user_pref("extensions.delta.cntry", "BE");
user_pref("extensions.delta.dfltLng", "nl");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1");
user_pref("extensions.delta.hmpg", false);
user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.delta.instlDay", "15938");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.srcExt", "ss");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta_i.srcExt", "ss");
---- Lines delta modified from prefs.js ----
user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15938");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "nl");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines CT2704262 removed from prefs.js ----
user_pref("CT2704262.1000082.isPlayDisplay", "true");
user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"PC Helpforum - Gratis hulp bij computer problemen
user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2704262.cbcountry_001", "BE");
user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2704262.CBOpenMAMSettings", "0");
user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C
user_pref("CT2704262.CT2704262current_term", "");
user_pref("CT2704262.CT2704262sdate", "21");
user_pref("CT2704262.defaultSearch", "FALSE");
user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.enableAlerts", "never");
user_pref("CT2704262.FirstTime", "true");
user_pref("CT2704262.firstTimeDialogOpened", "true");
user_pref("CT2704262.FirstTimeFF3", "true");
user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2704262.fixUrls", true);
user_pref("CT2704262.installId", "ConduitStubGeneric");
user_pref("CT2704262.installType", "ConduitIntegration");
user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.isNewTabEnabled", true);
user_pref("CT2704262.isPerformedSmartBarTransition", "true");
user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN
user_pref("CT2704262.openThankYouPage", "TRUE");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 ");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");
user_pref("CT2704262.search.searchAppId", "129234816889425546");
user_pref("CT2704262.search.searchCount", "0");
user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"PC Helpforum - Gratis hulp bij computer problemen
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433");
user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611");
user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766");
user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604");
user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316");
user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783");
user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023");
user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014");
user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776");
user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691");
user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891");
user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491");
user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991");
user_pref("CT2704262.settingsINI", true);
user_pref("CT2704262.smartbar.CTID", "CT2704262");
user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
user_pref("CT2704262.smartbar.Uninstall", "0");
user_pref("CT2704262.startPage", "FALSE");
user_pref("CT2704262.toolbarBornServerTime", "23-11-2012");
user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012");
user_pref("CT2704262.UserID", "UN56628252825158463");
---- Lines qone8 removed from prefs.js ----
user_pref("browser.search.defaultenginename", "qone8");
user_pref("browser.search.selectedEngine", "qone8");
user_pref("browser.startup.homepage", "Start.qone8.com");
---- Lines searchqu removed from prefs.js ----
user_pref("avg.install.userHPSettings", "Search");
user_pref("keyword.URL", "Ask.com=");
---- Lines Web Search removed from prefs.js ----
user_pref("avg.install.userSPSettings", "iLivid Web Search");
user_pref("browser.search.order.1", "iLivid Web Search");
---- Lines mysearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
user_20130612_1134_.backup
prefs_20130612_1134_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-
==== Deleting Files \ Folders ======================
C:\Program Files\Better-Surf deleted
C:\Program Files\Delta deleted
C:\Documents and Settings\esso\Application Data\Delta deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Mozilla Firefox\.autoreg deleted
C:\Program Files\iLivid deleted
C:\Program Files\Windows iLivid Toolbar deleted
C:\Program Files\Conduit deleted
C:\Documents and Settings\esso\Application Data\ExpressFiles deleted
C:\Documents and Settings\esso\Application Data\BabSolution deleted
C:\Documents and Settings\esso\Application Data\Babylon deleted
C:\Documents and Settings\esso\Application Data\SwvUpdater deleted
C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted
C:\Documents and Settings\esso\Application Data\OpenCandy deleted
C:\Documents and Settings\esso\Application Data\PriceGong deleted
C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted
C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted
C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted
C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted
C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\tasks\AmiUpdXp.job deleted
C:\WINDOWS\Tasks\Express FilesUpdate.job deleted
C:\WINDOWS\tasks\EPUpdater.job deleted
C:\user.js deleted
C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted
"C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted
"C:\Program Files\ExpressFiles\EFUpdater.exe" deleted
"C:\Program Files\ExpressFiles\htmlayout.dll" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted
"C:\Program Files\ExpressFiles" not deleted
"C:\Program Files\AVG Secure Search" not deleted
"C:\Program Files\AVG Secure Search" not deleted
"C:\Program Files\Common Files\AVG Secure Search" not deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\esso\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Documents and Settings\esso\Application Data ======
2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014
2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio
====== C:\Documents and Settings\esso ======
2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend
====== C: exe-files ==
2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe
2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
=== C: other files ==
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" []
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
- Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1
- Undetermined - C:\Program Files\Better-Surf\ff
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4
5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4
BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4
8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4
3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4
2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4
A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4
CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[]
poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
"Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW"
"Default_Page_URL"="Start.qone8.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="Start.qone8.com"
"Default_Search_URL"="Search}"
"Search Page"="Search}"
"Start Page"="Start.qone8.com"
"Home_Page"="Dell Officiële Site | Dell België"
"Help_Page"="Welcome to Dell Support"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="Delta Search"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="Search}"
"CustomizeSearch"="Search}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="Bing"
"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Start Page"="https://www.google.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="Bing"
"Search Page"="Bing"
"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Home_Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Help_Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="{searchTerms} - Bing"
{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="{searchTerms - Google Search}"
{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="{searchTerms - Google Search}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT
C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe
C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe
C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com
C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com
C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com
C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe Start.qone8.com
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts After Repair ======================
C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully
C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\ExpressFiles" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\Common Files\AVG Secure Search" deleted
==== EOF on vr 06/12/2013 at 12:38:31,70 ======================
- - - Updated - - -
Bedankt voor 't wachten
Zoek.exe Version 4.0.0.5 Updated 05-December-2013
Tool run by esso on vr 06/12/2013 at 11:22:28,96.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted]
==== System Restore Info ======================
6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\Online Services deleted successfully
C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully
C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\esso\Application Data\searchquband deleted successfully
C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
---- Lines Softonic removed from prefs.js ----
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.cntry", "BE");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B");
user_pref("extensions.Softonic.hmpg", false);
user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.Softonic.instlDay", "15519");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.newTab", false);
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.sg", "az");
user_pref("extensions.Softonic.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");
---- Lines Softonic modified from prefs.js ----
user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605
---- Lines Softonic removed from user.js ----
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.Softonic.instlDay", "15519");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.admin", false);
---- Lines delta removed from prefs.js ----
user_pref("browser.newtab.url", "http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.babExt", "");
user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta.bbDpng", "12");
user_pref("extensions.delta.cntry", "BE");
user_pref("extensions.delta.dfltLng", "nl");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1");
user_pref("extensions.delta.hmpg", false);
user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.delta.instlDay", "15938");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.srcExt", "ss");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta_i.srcExt", "ss");
---- Lines delta modified from prefs.js ----
user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15938");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "nl");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines CT2704262 removed from prefs.js ----
user_pref("CT2704262.1000082.isPlayDisplay", "true");
user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.n
user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2704262.cbcountry_001", "BE");
user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2704262.CBOpenMAMSettings", "0");
user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C
user_pref("CT2704262.CT2704262current_term", "");
user_pref("CT2704262.CT2704262sdate", "21");
user_pref("CT2704262.defaultSearch", "FALSE");
user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.enableAlerts", "never");
user_pref("CT2704262.FirstTime", "true");
user_pref("CT2704262.firstTimeDialogOpened", "true");
user_pref("CT2704262.FirstTimeFF3", "true");
user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2704262.fixUrls", true);
user_pref("CT2704262.installId", "ConduitStubGeneric");
user_pref("CT2704262.installType", "ConduitIntegration");
user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.isNewTabEnabled", true);
user_pref("CT2704262.isPerformedSmartBarTransition", "true");
user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN
user_pref("CT2704262.openThankYouPage", "TRUE");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 ");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");
user_pref("CT2704262.search.searchAppId", "129234816889425546");
user_pref("CT2704262.search.searchCount", "0");
user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://FreeSoundRecorder.MyRadioToo
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433");
user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611");
user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766");
user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604");
user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316");
user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783");
user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023");
user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014");
user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776");
user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691");
user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891");
user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491");
user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991");
user_pref("CT2704262.settingsINI", true);
user_pref("CT2704262.smartbar.CTID", "CT2704262");
user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
user_pref("CT2704262.smartbar.Uninstall", "0");
user_pref("CT2704262.startPage", "FALSE");
user_pref("CT2704262.toolbarBornServerTime", "23-11-2012");
user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012");
user_pref("CT2704262.UserID", "UN56628252825158463");
---- Lines qone8 removed from prefs.js ----
user_pref("browser.search.defaultenginename", "qone8");
user_pref("browser.search.selectedEngine", "qone8");
user_pref("browser.startup.homepage", "http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9");
---- Lines searchqu removed from prefs.js ----
user_pref("avg.install.userHPSettings", "http://www.searchqu.com/406");
user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");
---- Lines Web Search removed from prefs.js ----
user_pref("avg.install.userSPSettings", "iLivid Web Search");
user_pref("browser.search.order.1", "iLivid Web Search");
---- Lines mysearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
user_20130612_1134_.backup
prefs_20130612_1134_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-
==== Deleting Files \ Folders ======================
C:\Program Files\Better-Surf deleted
C:\Program Files\Delta deleted
C:\Documents and Settings\esso\Application Data\Delta deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Mozilla Firefox\.autoreg deleted
C:\Program Files\iLivid deleted
C:\Program Files\Windows iLivid Toolbar deleted
C:\Program Files\Conduit deleted
C:\Documents and Settings\esso\Application Data\ExpressFiles deleted
C:\Documents and Settings\esso\Application Data\BabSolution deleted
C:\Documents and Settings\esso\Application Data\Babylon deleted
C:\Documents and Settings\esso\Application Data\SwvUpdater deleted
C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted
C:\Documents and Settings\esso\Application Data\OpenCandy deleted
C:\Documents and Settings\esso\Application Data\PriceGong deleted
C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted
C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted
C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted
C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted
C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\tasks\AmiUpdXp.job deleted
C:\WINDOWS\Tasks\Express FilesUpdate.job deleted
C:\WINDOWS\tasks\EPUpdater.job deleted
C:\user.js deleted
C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted
"C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted
"C:\Program Files\ExpressFiles\EFUpdater.exe" deleted
"C:\Program Files\ExpressFiles\htmlayout.dll" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted
"C:\Program Files\ExpressFiles" not deleted
"C:\Program Files\AVG Secure Search" not deleted
"C:\Program Files\AVG Secure Search" not deleted
"C:\Program Files\Common Files\AVG Secure Search" not deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\esso\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Documents and Settings\esso\Application Data ======
2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014
2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio
====== C:\Documents and Settings\esso ======
2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend
====== C: exe-files ==
2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe
2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
=== C: other files ==
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" []
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
- Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1
- Undetermined - C:\Program Files\Better-Surf\ff
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4
5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4
BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4
8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4
3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4
2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4
A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4
CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[]
poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
"Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW"
"Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"
"Default_Search_URL"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
"Search Page"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
"Start Page"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"
"Home_Page"="http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen"
"Help_Page"="http://support.euro.dell.com/segment.asp?country=BE&language=NL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
"CustomizeSearch"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.google.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}"
{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT
C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe
C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe
C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts After Repair ======================
C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully
C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\ExpressFiles" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\Common Files\AVG Secure Search" deleted
==== EOF on vr 06/12/2013 at 12:38:31,70 ======================
- - - Updated - - -
Bedankt voor 't wachten
Zoek.exe Version 4.0.0.5 Updated 05-December-2013
Tool run by esso on vr 06/12/2013 at 11:22:28,96.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted]
==== System Restore Info ======================
6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\Online Services deleted successfully
C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully
C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully
C:\Documents and Settings\esso\Application Data\searchquband deleted successfully
C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
---- Lines Softonic removed from prefs.js ----
user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.cntry", "BE");
user_pref("extensions.Softonic.cv", "cv5");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.envrmnt", "production");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B");
user_pref("extensions.Softonic.hmpg", false);
user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.Softonic.instlDay", "15519");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
user_pref("extensions.Softonic.newTab", false);
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.sg", "az");
user_pref("extensions.Softonic.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");
---- Lines Softonic modified from prefs.js ----
user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605
---- Lines Softonic removed from user.js ----
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.Softonic.instlDay", "15519");
user_pref("extensions.Softonic.vrsn", "1.5.24.3");
user_pref("extensions.Softonic.vrsni", "1.5.24.3");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.admin", false);
---- Lines delta removed from prefs.js ----
user_pref("browser.newtab.url", "http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.babExt", "");
user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta.bbDpng", "12");
user_pref("extensions.delta.cntry", "BE");
user_pref("extensions.delta.dfltLng", "nl");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1");
user_pref("extensions.delta.hmpg", false);
user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.delta.instlDay", "15938");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.srcExt", "ss");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta_i.srcExt", "ss");
---- Lines delta modified from prefs.js ----
user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15938");
user_pref("extensions.delta.vrsn", "1.8.24.6");
user_pref("extensions.delta.vrsni", "1.8.24.6");
user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "nl");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines CT2704262 removed from prefs.js ----
user_pref("CT2704262.1000082.isPlayDisplay", "true");
user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.n
user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2704262.cbcountry_001", "BE");
user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2704262.CBOpenMAMSettings", "0");
user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C
user_pref("CT2704262.CT2704262current_term", "");
user_pref("CT2704262.CT2704262sdate", "21");
user_pref("CT2704262.defaultSearch", "FALSE");
user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.enableAlerts", "never");
user_pref("CT2704262.FirstTime", "true");
user_pref("CT2704262.firstTimeDialogOpened", "true");
user_pref("CT2704262.FirstTimeFF3", "true");
user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2704262.fixUrls", true);
user_pref("CT2704262.installId", "ConduitStubGeneric");
user_pref("CT2704262.installType", "ConduitIntegration");
user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.isNewTabEnabled", true);
user_pref("CT2704262.isPerformedSmartBarTransition", "true");
user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN
user_pref("CT2704262.openThankYouPage", "TRUE");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 ");
user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");
user_pref("CT2704262.search.searchAppId", "129234816889425546");
user_pref("CT2704262.search.searchCount", "0");
user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://FreeSoundRecorder.MyRadioToo
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}");
user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790");
user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433");
user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611");
user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766");
user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604");
user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316");
user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783");
user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023");
user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014");
user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776");
user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691");
user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891");
user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491");
user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991");
user_pref("CT2704262.settingsINI", true);
user_pref("CT2704262.smartbar.CTID", "CT2704262");
user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
user_pref("CT2704262.smartbar.Uninstall", "0");
user_pref("CT2704262.startPage", "FALSE");
user_pref("CT2704262.toolbarBornServerTime", "23-11-2012");
user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012");
user_pref("CT2704262.UserID", "UN56628252825158463");
---- Lines qone8 removed from prefs.js ----
user_pref("browser.search.defaultenginename", "qone8");
user_pref("browser.search.selectedEngine", "qone8");
user_pref("browser.startup.homepage", "http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9");
---- Lines searchqu removed from prefs.js ----
user_pref("avg.install.userHPSettings", "http://www.searchqu.com/406");
user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q=");
---- Lines Web Search removed from prefs.js ----
user_pref("avg.install.userSPSettings", "iLivid Web Search");
user_pref("browser.search.order.1", "iLivid Web Search");
---- Lines mysearch removed from prefs.js ----
user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
user_20130612_1134_.backup
prefs_20130612_1134_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-
==== Deleting Files \ Folders ======================
C:\Program Files\Better-Surf deleted
C:\Program Files\Delta deleted
C:\Documents and Settings\esso\Application Data\Delta deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Mozilla Firefox\.autoreg deleted
C:\Program Files\iLivid deleted
C:\Program Files\Windows iLivid Toolbar deleted
C:\Program Files\Conduit deleted
C:\Documents and Settings\esso\Application Data\ExpressFiles deleted
C:\Documents and Settings\esso\Application Data\BabSolution deleted
C:\Documents and Settings\esso\Application Data\Babylon deleted
C:\Documents and Settings\esso\Application Data\SwvUpdater deleted
C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted
C:\Documents and Settings\esso\Application Data\OpenCandy deleted
C:\Documents and Settings\esso\Application Data\PriceGong deleted
C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted
C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted
C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted
C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted
C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted
C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\tasks\AmiUpdXp.job deleted
C:\WINDOWS\Tasks\Express FilesUpdate.job deleted
C:\WINDOWS\tasks\EPUpdater.job deleted
C:\user.js deleted
C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted
C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted
"C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted
"C:\Program Files\ExpressFiles\EFUpdater.exe" deleted
"C:\Program Files\ExpressFiles\htmlayout.dll" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\AVG Secure Search\vprot.exe" deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted
"C:\Program Files\ExpressFiles" not deleted
"C:\Program Files\AVG Secure Search" not deleted
"C:\Program Files\AVG Secure Search" not deleted
"C:\Program Files\Common Files\AVG Secure Search" not deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted
"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted
"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\esso\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Documents and Settings\esso\Application Data ======
2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014
2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio
====== C:\Documents and Settings\esso ======
2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend
====== C: exe-files ==
2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe
2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
=== C: other files ==
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" []
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
- Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1
- Undetermined - C:\Program Files\Better-Surf\ff
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4
5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4
BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4
8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4
3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4
2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4
A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4
CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in
865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[]
poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
"Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW"
"Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"
"Default_Search_URL"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
"Search Page"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
"Start Page"="http://start.qone8.com/?type=hp&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9"
"Home_Page"="http://www1.euro.dell.com/content/default.aspx?c=be&l=nl&s=gen"
"Help_Page"="http://support.euro.dell.com/segment.asp?country=BE&language=NL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
"CustomizeSearch"="http://start.qone8.com/web/?type=ds&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9&q={searchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.google.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}"
{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT
C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe
C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe
C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1383223496&from=amt&uid=ST3160828AS_5MT40NN9XXXX5MT40NN9
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
==== shortcuts After Repair ======================
C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully
C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\ExpressFiles" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\AVG Secure Search" not found
"C:\Program Files\Common Files\AVG Secure Search" deleted
==== EOF on vr 06/12/2013 at 12:38:31,70 ======================
-
Prima nu
Dank u wel!!
-
Rapport de ZHPFix 2013.12.1.2 par Nicolas Coolman, Update du 01/12/2013
Fichier d'export Registre :
Run by Pascal at 4/12/2013 19:14:13
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Prullenbak geleegd (00mn 01s)
Reparatie van browser snelkoppelingen
========== Registersleutels ==========
VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
VERWIJDERD:* HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
VERWIJDERD: HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
VERWIJDERD:* HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
VERWIJDERD: HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
VERWIJDERD: HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
VERWIJDERD:* HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
VERWIJDERD:* HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
VERWIJDERD: HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
VERWIJDERD: HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
VERWIJDERD:* HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
VERWIJDERD:* HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
VERWIJDERD: HKLM\Software\Classes\AppID\ScriptHelper.EXE
VERWIJDERD: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi
VERWIJDERD: HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1
VERWIJDERD: HKLM\Software\Classes\ViProtocol.ViProtocolOLE
VERWIJDERD: HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1
VERWIJDERD: HKCU\Software\AppDataLow\Software\PriceGong
VERWIJDERD:* HKLM\Software\Tarma Installer
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS
VERWIJDERD: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32
VERWIJDERD: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS
VERWIJDERD: HKCU\Software\FileScout
VERWIJDERD: HKLM\Software\Wow6432Node\ExpressFiles
VERWIJDERD: HKCU\Software\5e2da8ae56fbd44
========== Mappen ==========
Verwijderen tijdelijke Windows (5)
Verwijderd Flash Cookies (0)
========== Bestanden ==========
Verwijderen tijdelijke Windows (10) (586.069 octets)
Verwijderd Flash Cookies (0) (0 octets)
========== Andere ==========
NIET-VERDRAG emptyjava
========== Samenvatting ==========
32 : Registersleutels
2 : Mappen
2 : Bestanden
1 : Andere
End of clean in 00mn 12s
========== Pad naar bestand verslag ==========
C:\Users\Pascal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 4/12/2013 19:14:15 [3440]
-
Merci voor de hulp; hier is't logje:
~ Verslag van ZHPDiag v2013.12.3.6 - Nicolas Coolman (3/12/2013)
~ Gelanceerd door Pascal (3/12/2013 22:31:25)
~ Het adres van de website : Home - Malicius Software Information
~ Gratis supportforum voor desinfectie : Links - Malicius Software Information
~ Vertaald door de gebruiker
~ Staat van de versie :
~ Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Activate by user
---\\ Internet-browsers
MSIE: Internet Explorer v10.0.9200.16736 (Defaut)
---\\ Windows productinformatie
~ Langage: Néerlandais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Software om het systeem te beveiligen
AVG 2013 v13.0.3426
Malwarebytes Anti-Malware versie 1.75.0.1300
Windows Defender W7
---\\ Systeem optimalisatie software
CCleaner v4.06 =>Piriform Ltd
---\\ Delen van software PeerToPeer
---\\ Software die extra aandacht behoeft
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.3 - Nederlands
---\\ Informatie over het systeem
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3691 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 149 GB (64%) free of 233 GB
---\\ Verbinding met het systeem-modus
~ Computer Name: PASCAL-TOSH
~ User Name: Pascal
~ All Users Names: Pascal, Gast, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Pascal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Pascal\AppData\Roaming\
~ %Desktop% : C:\Users\Pascal\Desktop\
~ %Favorites% : C:\Users\Pascal\Favorites\
~ %LocalAppData% : C:\Users\Pascal\AppData\Local\
~ %StartMenu% : C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 149 Go of 233 Go)
D: Hard drive, Flash drive, Thumb drive (Free 225 Go of 232 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Staat van het Windows Beveiligingscentrum
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Zoeken naar bepaalde algemene bestanden
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Verkenner.) (.25/02/2011 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14/07/2009 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.12/10/2013 - 9:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.21/11/2010 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.21/11/2010 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14/07/2009 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 4:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14/07/2009 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 4:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.21/11/2010 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/2070
~ Mes musiques (My Musics) : 245/1345
~ Mes Favoris (My Favorites) : 1/47
~ Mes Documents (My Documents) : 1/264
~ Mon Bureau (My Desktop) : 12/8226
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 15s
---\\ Gestarte processen
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.3216]
[MD5.1FAA54E9FFEA6FD3E0CEAD951CDDFEF6] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160] [PID.3788]
[MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.3920]
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.3956]
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3840]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4992]
[MD5.D7D5768B8A697FCBAEE2CFE137070F02] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770736] [PID.3108]
[MD5.DC01B5913305D514041A48D44E4326ED] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8277504] [PID.6076]
[MD5.F89B2DACE0FBE54CF65D12B7081C19C3] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544] [PID.1748]
[MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008] [PID.1768]
[MD5.DABFBE88774A3C1A8CEA198348E02740] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920] [PID.1880]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.4612]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- c:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.4648]
~ Processes Running: Scanned in 00mn 01s
---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts-bestand omleiding (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Orphan sleutel
~ Toolbar: Scanned in 00mn 00s
---\\ Andere Verwijzigingen gebruikers (O4)
O4 - GS\Desktop [Public]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O4 - GS\QuickLaunch [Pascal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Pascal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Pascal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Pascal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Pascal]: Express Files.lnk . (...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O4 - GS\Desktop [Pascal]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Pascal]: Music - Snelkoppeling.lnk . (...) -- C:\Users\Pascal\Music
O4 - GS\Desktop [Pascal]: Numark Cue.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\Numark Cue\cue.exe
O4 - GS\QuickLaunch [Gast]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Gast]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 89 Legitimates Filtered in 00mn 09s
---\\ Toepassingen gestart door register & bestand (O4)
O4 - GS\Startup [Public]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files (x86)\Microsoft Office\Office\OSA9.exe
O4 - GS\Startup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba - Toshiba Places Icon Utility.) -- C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
O4 - GS\Startup [Pascal]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - GS\Startup [Gast]: TRDCReminder.lnk . (.TOSHIBA Europe - TOSHIBA Recovery Reminder.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - HKLM\..\Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe (.not file.)
O4 - HKLM\..\Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (.not file.)
O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.exe (.not file.)
O4 - HKLM\..\Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe (.not file.)
O4 - HKLM\..\Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio configuratie.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - No Comment.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (.not file.)
O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe =>.Toshiba Corporation
O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
O4 - HKLM\..\Run: [Cm106Sound] . (.C-Media Corporation - CmiCnfg DLL.) -- C:\Windows\Syswow64\cm106.dll
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [sVPWUTIL] . (.TOSHIBA - SVPWUTIL Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
O4 - HKLM\..\Wow6432Node\Run: [HWSetup] . (.TOSHIBA Electronics, Inc. - HWSetup.) -- C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Wow6432Node\Run: [TWebCamera] . (.TOSHIBA CORPORATION. - No Comment.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [vProt] C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows-bureaubladgadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpNameServer = 195.130.131.2 195.130.130.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{3AFE18BF-77A8-4EEA-BC37-BF6A1E22218E}: DhcpDomain = telenet.be
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8D577BE-0880-4F38-AD6E-FC9C549BE3DE}: DhcpDomain = SWDLWDS.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.2 195.130.130.130
~ Domain: Scanned in 00mn 00s
---\\ Aanvullend Protocol (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ ShellServiceObjectDelayLoad (SSODL/SSO) (O21) autorun registratiekantoor toonsoort
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\system32\CbFsMntNtf3.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\SysWOW64\CbFsMntNtf3.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Taken die zijn gepland in de automatische modus (O39)
[MD5.BA0BE06A85BC51578D6EAB893C0A9F64] [APT] [{1EAF6B71-CA0C-409A-B64E-6D3C352C5F32}] (...) -- C:\Program Files (x86)\USB Audio\unins000.exe [661258]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 07s
---\\ Geïnstalleerde software (O42)
O42 - Logiciel: ExpressFiles - (.Express Files.) [HKCU][64Bits] -- ExpressFiles =>Adware.ExpressFiles
O42 - Logiciel: Manillen The Game - (...) [HKLM][64Bits] -- Manillen
O42 - Logiciel: Ver 1.2.0 - (.Oscar.) [HKLM][64Bits] -- USB Audio_is1
~ Logic: 28 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\5e2da8ae56fbd44] =>Hijacker.Eazel
[HKCU\Software\8.1]
[HKCU\Software\Cue]
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\IGearSettings]
[HKCU\Software\radio42]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Cue]
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
~ Key Software: 266 Legitimates Filtered in 00mn 01s
---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 16/03/2013 - 13:20:14 - [2,406] ----D C:\Program Files (x86)\USB Audio
O43 - CFD: 25/07/2013 - 16:53:39 - [46,030] ----D C:\Users\Pascal\AppData\Local\Shareaza
O43 - CFD: 27/11/2012 - 13:25:18 - [0,003] ----D C:\Users\Pascal\AppData\Local\ZaraRadio
O43 - CFD: 21/06/2012 - 14:48:04 - [0] ----D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Manillen The Game
~ Program Folder: 144 Legitimates Filtered in 00mn 14s
---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 3/12/2013 - 20:08:13 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2B674F48C1130238DF96D5845799B609] - 3/12/2013 - 20:10:46 ---A- . (...) -- C:\zoek-results2013-10-22-150437.log [115632]
O44 - LFC:[MD5.14E0F7C91CADBC8FCFE3163D97581FDA] - 3/12/2013 - 20:42:11 ---A- . (...) -- C:\zoek-results.log [10025]
O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [25120]
O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [25120]
O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [25120]
O44 - LFC:[MD5.BEA69B748E478F3F9ACC96A719CEE994] - 3/12/2013 - 20:48:39 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [25120]
~ Files: 13 Legitimates Filtered in 00mn 15s
---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.0184904BB63E79651899ECB4D7F23189] - 28/11/2013 - 13:38:24 ---A- - C:\Windows\Prefetch\CUE.EXE-8050DCB1.pf
O45 - LFCP:[MD5.73C80AC34FE324E42EF1391E3D53EC59] - 28/11/2013 - 9:54:41 ---A- - C:\Windows\Prefetch\KWIKMEDIA.EXE-8DEFA947.pf
~ Prefetcher: 106 Legitimates Filtered in 00mn 00s
---\\ Controle van veilige Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Opsomming van de registersleutel PoliciesExplorer (CÖKVI) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:[MD5.957EC5620FB055E9DF2250D6FA4188E1] - 12/08/2010 - 17:24:30 ---A- . (.C-Media Electronics Inc - C-Media Audio WDM Driver.) -- C:\Windows\System32\Drivers\CM10664.sys [1310720]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 28s
---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 1/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgcfg.log.1 [65630]
O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgcore.log.1 [131265]
O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgdecider.log.1 [65655]
O61 - LFC: 2/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\krnlapi.log.1 [1024199]
O61 - LFC: 3/12/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\commonpriv.log.1 [65995]
O61 - LFC: 3/12/2013 - 22:34:43 ---A- . (...) -- C:\Users\Pascal\AppData\Roaming\ZHP\Log.txt [17397] =>.Nicolas Coolman
O61 - LFC: 3/12/2013 - 22:34:43 ---A- . (...) -- C:\Users\Pascal\AppData\Roaming\ZHP\TestsZHPDiag.txt [2884] =>.Nicolas Coolman
O61 - LFC: 30/11/2013 - 22:34:28 ---A- . (...) -- C:\Users\Pascal\AppData\Local\Avg2014\log\avgui.log.1 [131211]
~ 2 Fichiers temporaires (Temporary files)
~ Files: 101 Legitimates Filtered in 00mn 51s
---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s
---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google
~ Keys: Scanned in 00mn 00s
---\\ Geeft een opsomming van de dienst begin door Svchost (SSS) (O83)
O83 - Search Svchost Services: winmgmt (winmgmt) . (...) -- C:\PROGRA~3\4rjlf7t7t.pzz [0]
~ Services: 32 Legitimates Filtered in 00mn 00s
---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [sPRF][11/08/2012] (...) -- C:\Users\Pascal\AppData\LocalLow\dt.dat [27520]
[MD5.662C39FC1E27131551D557862CEC47F0] [sPRF][3/12/2013] (...) -- C:\Users\Pascal\Desktop\RSITx64.exe [935175]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Lijst van uitzonderingen in de firewall (FirewallRules) (O87)
O87 - FAEL: "{EF61FD20-B728-46F7-93E1-BF44FE32F47D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{666B668A-CC9C-47F3-9FE6-31CD20BCC012}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{0CE6DABD-9EB1-4B74-8BF8-A25B4DD6D83A}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O87 - FAEL: "{D4523C71-C95A-4427-9C41-28EDAD34CC16}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
~ Firewall: 185 Legitimates Filtered in 00mn 02s
---\\ Uitvoer van willekeurige registersleutels (O91)
[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
[HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^
~ Export Key Software: Scanned in 00mn 00s
---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Demand 8/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation
SS - | Demand 5/02/2010 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/06/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 11/11/2013 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Auto 4/08/2010 1809920 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Demand 1/07/2010 51576 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 28/09/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 25s
---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Run by Pascal at 3/12/2013 22:37:47
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, PC Helpforum - Gratis hulp bij computer problemen
Run by Pascal at 3/12/2013 22:37:49
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Extra scan (O88)
Database Version : 13007 - (3/12/2013)
Clés trouvées (Keys found) : 36
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles] =>Adware.ExpressFiles^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] =>Spyware.BHO
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\5e2da8ae56fbd44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
[HKCU\Software\5e2da8ae56fbd44] =>PUP.Babylon^^
~ Additionnel Scan: 220053 Items scanned in 00mn 52s
---\\ Samenvatting van detecties gevonden op uw werkstation
~ Adware.ExpressFiles - Malicius Software Information =>Adware.ExpressFiles
~ Hijacker.Eazel - Malicius Software Information =>Hijacker.Eazel
~ PUP.FileScout - Malicius Software Information =>PUP.FileScout
~ PUP.Tarma - Malicius Software Information =>PUP.Tarma
~ PUP.Babylon - Malicius Software Information =>PUP.Babylon
~ PUP.ToparcadeHits - Malicius Software Information =>PUP.ToparcadeHits
~ PUP.Software.Updater - Malicius Software Information =>PUP.Software.Updater
~ Toolbar.Conduit - Malicius Software Information =>Toolbar.Conduit
~ Adware.PriceGong - Malicius Software Information =>Adware.PriceGong
~ MSI: 9 link(s) detected in 00mn 53s
~ 1221 Legitimates filtered by white list
End of the scan (520 lines in 07mn 18s)(0)
-
M'n yahoo opent ie effekes, en daarna is het weer 'cannot display the page'. Hij raadt aan om de pagina te venieuwen. Dit staat op de balk bovenaan, als zijnde de pagina: httpss://view.atdmt.com/PPB/iview/427677176/direct;wi.300;hi.250/01?click=http://ads.yahoo.com/clk?3,eJytj10LgjAUhn9NdyJuOlRGF8eWsWiStJS6W66yZuiFKfbrk-jjD.TwXLzncODwIpdq5Wtd-N4Ra6J836PIwwflhkF40pZDKQ2Qg0LkEMci10jBsu.WZ-gTbCJ40VUyhQ-ZBP6OHGYALG7wfPPelC4y8B.uTbT9.oHzKAsAc0PuhkffK6YvQlbVnhV4JbNrkotWyLgSAyoF2.WrnD.2MjYJFkgsUrL79ZhaVtm2zcSFCY5HD0d7UGVd20V9G8cnZuNX-Q==,
-
Heb ondertussen effe rondgekeken op de site. Heb ook al malwarebytes geinstalleerd en laten lopen hier. Hierbij logje van zoek:
Zoek.exe Version 4.0.0.5 Updated 30-November-2013
Tool run by Pascal on di 03/12/2013 at 20:08:19,03.
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pascal\Desktop\zoek\zoek.exe [script inserted]
==== Older Logs ======================
C:\zoek-results2013-10-21-173102.log 33789 bytes
C:\zoek-results2013-10-21-181719.log 17057 bytes
C:\zoek-results2013-10-21-185730.log 3962 bytes
C:\zoek-results2013-10-21-193241.log 4104 bytes
C:\zoek-results2013-10-22-105334.log 576 bytes
C:\zoek-results2013-10-22-142851.log 115068 bytes
C:\zoek-results2013-10-22-150437.log 115632 bytes
==== Empty Folders Check ======================
C:\Users\Pascal\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Gast\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.0.12 deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~2\ExpressFiles deleted
C:\Users\Pascal\AppData\Roaming\ExpressFiles deleted
C:\ProgramData\7rgjwwq.fvv deleted
C:\ProgramData\7rgjwwq.bxx deleted
C:\ProgramData\AVG Security Toolbar deleted
C:\ProgramData\AVG Nation toolbar deleted
C:\Users\Gast\AppData\Local\AVG Nation toolbar deleted
C:\Users\Pascal\AppData\Local\SwvUpdater deleted
C:\Users\Gast\AppData\LocalLow\AVG Nation toolbar deleted
C:\Users\Pascal\AppData\LocalLow\AVG Nation toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\windows\SysNative\Tasks\Express FilesUpdate deleted
C:\Users\Pascal\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted
"C:\PROGRA~2\AVG Nation toolbar\vprot.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll" deleted
"C:\PROGRA~2\AVG Nation toolbar" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" not deleted
"C:\Users\Pascal\AppData\Local\AVG Nation toolbar" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Pascal\AppData\Local\Temp ====
2013-12-01 11:29:11 A55B82103A202C20717F45C201EC4553 936960 ----a-w- C:\Users\Pascal\AppData\Local\Temp\htmlayout.dll
====== Java Cache =====
2013-11-17 11:14:48 DE9F090A52862C99F27E1AE1C0A29296 25104 ----a-w- C:\Users\Pascal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5fe476ba-1f04dda1-0.91.0.0-
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-12-03 18:37:18 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-11-14 14:32:59 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-14 14:32:27 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-11-14 14:32:27 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2013-11-14 14:32:27 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-11-05 20:55:48 27CA53E91543B800E16129BCEC3247AD 150808 ----a-w- C:\Windows\Sysnative\drivers\avgdiska.sys
2013-11-04 20:52:42 57250DDDE2523115D0927DBBA745F9FA 240920 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-11-28 07:50:41 -------- d-----w- C:\PROGRA~2\MSECache
======= C: =====
====== C:\Users\Pascal\AppData\Roaming ======
2013-12-03 18:36:33 -------- d-----w- C:\Users\Pascal\AppData\Local\Programs
2013-11-26 16:49:05 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2013
2013-11-26 16:48:45 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013
====== C:\Users\Pascal ======
2013-12-03 18:36:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Pascal\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 17:16:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Pascal\Desktop\RSITx64.exe
====== C: exe-files ==
2013-12-03 18:36:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Pascal\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-03 17:16:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\Pascal\Desktop\RSITx64.exe
=== C: other files ==
2013-11-27 07:33:15 CCC3E985CC60C721115A5D883A9864D1 1986231 ----a-w- C:\Documents and Settings\Pascal\Desktop\jingles radio 19\oude 19jingles\Kerstjingles 2013 R19.zip
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.be/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.be/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2457209422-596169401-3258411151-1000\Software\mozilla\Firefox\Extensions\speedanalysis02@SpeedAnalysis.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\speedanalysis02@SpeedAnalysis.com deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Pascal\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\AVG Nation toolbar" not found
"C:\PROGRA~2\COMMON~1\AVG Secure Search" not found
==== EOF on di 03/12/2013 at 20:42:11,61 ======================
-
He Juisterr, bedankt voor je snelle reactie!
Ik kan pas vrijdag terug op die pc, kan je nog effe wachten?
Met dank
Pascal
-
Beste,
Is m'n 2e post vandaag, ditmaal voor m'n laptop. Kan je dit logje 's bekijken aub?
Thanks!
Pascal
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pascal at 2013-12-03 18:17:36
WIN_7 Service Pack 1
System drive C: has 153 GB (64%) free of 238 GB
Total RAM: 3692 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:31, on 3/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Pascal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-2457209422-596169401-3258411151-1000\..\Run: [Facebook Update] "C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')
O4 - S-1-5-21-2457209422-596169401-3258411151-1000 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11955 bytes
======Listing Processes======
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2457209422-596169401-3258411151-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]
Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]
Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-01-17 155416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll [2013-10-24 3352392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.1.12\AVG Nation toolbar_toolbar.dll [2013-10-24 3352392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-09-28 566184]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-10-28 915320]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-10 11580520]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-11-03 2181224]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-30 2387752]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2011-08-22 150992]
"Cm106Sound"=C:\Windows\syswow64\RunDll32.exe [2009-07-14 44544]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Pascal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 138096]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"=c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29 1409424]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-11-09 532480]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-11-02 2475384]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2010-07-01 1295224]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2013-11-07 4956176]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"vProt"=C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2013-10-24 2403144]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-01-17 188696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2013-11-28 08:50:41 ----D---- C:\Program Files (x86)\MSECache
2013-11-22 18:33:14 ----D---- C:\Users\Pascal\AppData\Roaming\ExpressFiles
2013-11-22 18:33:13 ----D---- C:\Program Files (x86)\ExpressFiles
2013-11-14 22:46:25 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-11-14 22:46:25 ----A---- C:\Windows\system32\ieui.dll
2013-11-14 22:46:23 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-11-14 22:46:23 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-11-14 22:46:23 ----A---- C:\Windows\system32\iesetup.dll
2013-11-14 22:46:23 ----A---- C:\Windows\system32\iernonce.dll
2013-11-14 22:46:22 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-11-14 22:46:22 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-11-14 22:46:22 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 22:46:22 ----A---- C:\Windows\system32\iesysprep.dll
2013-11-14 22:46:22 ----A---- C:\Windows\system32\ie4uinit.exe
2013-11-14 22:46:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-11-14 22:46:20 ----A---- C:\Windows\system32\iertutil.dll
2013-11-14 22:46:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-11-14 22:46:19 ----A---- C:\Windows\system32\msfeeds.dll
2013-11-14 22:46:18 ----A---- C:\Windows\system32\jscript.dll
2013-11-14 22:46:17 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-11-14 22:46:16 ----A---- C:\Windows\system32\jscript9.dll
2013-11-14 22:46:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-11-14 22:46:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-11-14 22:46:13 ----A---- C:\Windows\system32\urlmon.dll
2013-11-14 22:46:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-11-14 22:46:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-11-14 22:46:11 ----A---- C:\Windows\system32\jsproxy.dll
2013-11-14 22:46:10 ----A---- C:\Windows\system32\wininet.dll
2013-11-14 22:46:07 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-11-14 22:46:05 ----A---- C:\Windows\system32\ieframe.dll
2013-11-14 22:46:03 ----A---- C:\Windows\system32\mshtml.dll
2013-11-14 22:45:58 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-11-14 15:33:10 ----A---- C:\Windows\system32\crypt32.dll
2013-11-14 15:33:09 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-11-14 15:32:59 ----A---- C:\Windows\system32\drivers\afd.sys
2013-11-14 15:32:47 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-11-14 15:32:47 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:32:47 ----A---- C:\Windows\system32\credui.dll
2013-11-14 15:32:47 ----A---- C:\Windows\system32\authui.dll
2013-11-14 15:32:46 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-14 15:32:46 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-11-14 15:32:33 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:32:33 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:32:32 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-14 15:32:32 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-14 15:32:32 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-14 15:32:31 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-14 15:32:31 ----A---- C:\Windows\system32\gdi32.dll
2013-11-14 15:32:28 ----A---- C:\Windows\system32\schannel.dll
2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-14 15:32:27 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-14 15:32:27 ----A---- C:\Windows\system32\sspicli.dll
2013-11-14 15:32:27 ----A---- C:\Windows\system32\lsass.exe
2013-11-14 15:32:27 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-14 15:32:27 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-14 15:32:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-14 15:32:26 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-14 15:32:26 ----A---- C:\Windows\system32\secur32.dll
2013-11-14 15:32:26 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-05 21:55:48 ----A---- C:\Windows\system32\drivers\avgdiska.sys
2013-11-04 21:52:42 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys
2013-10-31 23:00:18 ----A---- C:\Windows\system32\drivers\avgldx64.sys
2013-10-31 22:49:46 ----A---- C:\Windows\system32\drivers\avgloga.sys
2013-10-30 17:01:16 ----D---- C:\Users\Pascal\AppData\Roaming\AVG2014
2013-10-30 16:53:50 ----D---- C:\ProgramData\AVG2014
2013-10-26 10:00:45 ----D---- C:\Users\Pascal\AppData\Roaming\Windows Live Writer
2013-10-24 22:25:58 ----A---- C:\Windows\system32\drivers\avgidsha.sys
2013-10-24 14:19:12 ----D---- C:\ProgramData\AVG Security Toolbar
2013-10-24 14:18:52 ----A---- C:\Windows\system32\drivers\avgtpx64.sys
2013-10-24 14:18:47 ----D---- C:\ProgramData\AVG Nation toolbar
2013-10-24 14:18:43 ----D---- C:\Program Files (x86)\AVG Nation toolbar
2013-10-22 17:47:35 ----SHD---- C:\$RECYCLE.BIN
2013-10-22 16:37:00 ----D---- C:\ProgramData\HitmanPro
2013-10-22 15:57:51 ----D---- C:\Windows\Temp
2013-10-22 15:57:51 ----A---- C:\Windows\zoek-delete.exe
2013-10-21 18:24:42 ----D---- C:\Program Files (x86)\HiJackThis
2013-10-21 17:25:02 ----D---- C:\Program Files (x86)\trend micro
2013-10-21 17:24:32 ----D---- C:\rsit
2013-10-17 18:25:45 ----D---- C:\Program Files\CCleaner
2013-10-17 18:22:16 ----A---- C:\DelFix.txt
2013-10-17 07:53:39 ----D---- C:\Program Files\trend micro
2013-10-10 06:23:02 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-10 06:23:02 ----A---- C:\Windows\system32\comctl32.dll
2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-10 06:22:59 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-10 06:22:59 ----A---- C:\Windows\system32\lpk.dll
2013-10-10 06:22:59 ----A---- C:\Windows\system32\fontsub.dll
2013-10-10 06:22:59 ----A---- C:\Windows\system32\dciman32.dll
2013-10-10 06:22:59 ----A---- C:\Windows\system32\atmlib.dll
2013-10-10 06:22:59 ----A---- C:\Windows\system32\atmfd.dll
2013-10-10 06:22:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-10 06:22:57 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2013-10-10 06:22:55 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-10 06:22:55 ----A---- C:\Windows\system32\mswsock.dll
2013-10-10 06:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-10 06:22:53 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-10 06:22:53 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-10 06:22:53 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-10 06:22:53 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-10 06:22:53 ----A---- C:\Windows\system32\davclnt.dll
2013-10-10 06:22:52 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-10 06:22:52 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-10 06:22:50 ----A---- C:\Windows\system32\win32k.sys
2013-10-10 06:22:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-10 06:22:39 ----A---- C:\Windows\system32\advapi32.dll
2013-10-10 06:22:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-10 06:22:37 ----A---- C:\Windows\system32\tdh.dll
2013-10-10 06:22:36 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-10 06:22:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-10 06:22:35 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-10 06:22:35 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-10 06:22:35 ----A---- C:\Windows\system32\wow64.dll
2013-10-10 06:22:35 ----A---- C:\Windows\system32\ntdll.dll
2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-10 06:22:34 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-10 06:22:25 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:22:25 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:22:24 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-10 06:22:23 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-01 00:52:08 ----A---- C:\Windows\system32\drivers\avgmfx64.sys
2013-09-12 08:10:56 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-09-12 08:10:34 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-12 08:10:33 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-09-12 08:10:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-09-12 08:10:33 ----A---- C:\Windows\system32\winsrv.dll
2013-09-12 08:10:33 ----A---- C:\Windows\system32\smss.exe
2013-09-12 08:10:33 ----A---- C:\Windows\system32\kernel32.dll
2013-09-12 08:10:33 ----A---- C:\Windows\system32\csrsrv.dll
2013-09-12 08:10:33 ----A---- C:\Windows\system32\conhost.exe
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 08:10:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 08:10:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:10:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:10:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 08:10:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 08:10:30 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-09-12 08:10:30 ----A---- C:\Windows\system32\apisetschema.dll
2013-09-12 08:10:17 ----A---- C:\Windows\system32\shell32.dll
2013-09-12 08:10:16 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-09-12 08:10:15 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-09-12 08:10:15 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-10 00:43:02 ----A---- C:\Windows\system32\drivers\avgrkx64.sys
======List of files/folders modified in the last 3 months======
2013-12-03 18:11:07 ----D---- C:\Windows\system32\config
2013-12-03 18:09:40 ----SHD---- C:\Windows\Installer
2013-12-03 18:08:58 ----D---- C:\ProgramData\MFAData
2013-12-02 18:05:57 ----D---- C:\Windows
2013-12-01 16:25:45 ----D---- C:\Users\Pascal\AppData\Roaming\Audacity
2013-12-01 12:29:30 ----RD---- C:\Program Files (x86)
2013-12-01 12:29:22 ----D---- C:\Windows\system32\Tasks
2013-12-01 00:42:16 ----SHD---- C:\System Volume Information
2013-11-28 21:19:05 ----D---- C:\Windows\Panther
2013-11-28 21:19:05 ----D---- C:\Windows\Logs
2013-11-28 21:19:05 ----D---- C:\Windows\debug
2013-11-28 08:52:42 ----SD---- C:\Users\Pascal\AppData\Roaming\Microsoft
2013-11-28 08:51:49 ----D---- C:\Program Files (x86)\Microsoft Office
2013-11-27 16:03:44 ----D---- C:\Windows\system32\catroot
2013-11-26 17:49:22 ----D---- C:\ProgramData\AVG2013
2013-11-26 17:49:22 ----D---- C:\Program Files (x86)\AVG
2013-11-26 17:47:11 ----D---- C:\Windows\system32\drivers
2013-11-24 19:36:44 ----D---- C:\Windows\system32\catroot2
2013-11-22 18:33:34 ----D---- C:\Windows\Tasks
2013-11-15 16:13:19 ----D---- C:\Windows\winsxs
2013-11-15 16:10:32 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-15 16:10:31 ----D---- C:\Windows\SysWOW64
2013-11-15 16:10:30 ----D---- C:\Windows\System32
2013-11-15 16:10:28 ----D---- C:\Program Files\Internet Explorer
2013-11-15 16:10:23 ----D---- C:\Windows\SYSWOW64\nl-NL
2013-11-15 16:10:23 ----D---- C:\Windows\system32\nl-NL
2013-11-14 22:44:40 ----D---- C:\Windows\system32\MRT
2013-11-14 22:39:52 ----A---- C:\Windows\system32\MRT.exe
2013-11-09 17:15:11 ----D---- C:\Users\Pascal\AppData\Roaming\Skype
2013-11-03 13:15:54 ----D---- C:\Windows\system32\NDF
2013-11-02 12:14:17 ----D---- C:\Windows\inf
2013-10-30 16:53:50 ----HD---- C:\ProgramData
2013-10-25 18:58:45 ----D---- C:\Windows\SYSWOW64\drivers
2013-10-24 14:18:46 ----D---- C:\Program Files (x86)\Common Files
2013-10-21 18:53:28 ----RD---- C:\Program Files
2013-10-18 15:33:55 ----D---- C:\Windows\rescache
2013-10-17 18:27:16 ----D---- C:\Windows\Minidump
2013-10-17 11:30:00 ----D---- C:\Windows\Prefetch
2013-10-16 20:08:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-12 13:58:41 ----D---- C:\Windows\Microsoft.NET
2013-10-12 13:57:51 ----RSD---- C:\Windows\assembly
2013-10-11 19:01:45 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-11 19:01:43 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 18:58:42 ----D---- C:\Windows\AppPatch
2013-10-11 18:58:37 ----D---- C:\Windows\system32\DriverStore
2013-10-08 20:16:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-08 14:56:51 ----SD---- C:\ProgramData\Microsoft
2013-10-08 14:56:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-10-08 14:56:04 ----D---- C:\Users\Pascal\AppData\Roaming\SoftGrid Client
2013-09-20 21:57:00 ----D---- C:\ProgramData\Skype
2013-09-20 21:56:55 ----RD---- C:\Program Files (x86)\Skype
2013-09-12 23:13:04 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-08-14 75904]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-08-14 38016]
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-10-01 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-10 31544]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-11-05 150808]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-04 240920]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-10-24 46368]
R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-01-17 323472]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2012-05-10 20592]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-10 2544232]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-30 1393712]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBMULCD;Aureon 7.1 USB Interface; C:\Windows\system32\drivers\CM10664.sys [2010-08-12 1310720]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-28 204288]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-09-28 489384]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-24 1733448]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-26 1255736]
-----------------EOF-----------------
Hijack-logje Laptop valt soms uit
in Archief Bestrijding malware & virussen
Geplaatst:
Beste,
De Memtest86+ heeft ongeveer 23u lang gelopen. Er is niks gevonden.
mvg
Pascal