Ga naar inhoud

Lady__cha

Lid
  • Items

    10
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door Lady__cha

  1. en de uodates van internet explorer enzo mogen ook gewoon gebeuren?
  2. de snelheid is zoizo beter voorlopig is hij ook niet meer uitgevallen. bij het opstarten krijg ik nog steeds de melding : PSUNMain.exe - systeemfout het programma kan niet worden gestart omdat rtl120.bpl ontbreekt op uw computer. ik krijg nu ook steeds meldingen dat er updates moeten gebeuren zoals bv. internet Explorer. moet ik die uitvoeren ?
  3. ComboFix 13-11-23.02 - charlotte 27/11/2013 9:35.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3891.1654 [GMT 2:00] Gestart vanuit: c:\users\charlotte\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\charlotte\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Offer c:\program files (x86)\Offer\Offer-bg.exe c:\program files (x86)\Offer\Offer-bho64.dll c:\program files (x86)\Offer\Offer-buttonutil.dll c:\program files (x86)\Offer\Offer-buttonutil.exe c:\program files (x86)\Offer\Offer-buttonutil64.dll c:\program files (x86)\Offer\Offer-buttonutil64.exe c:\program files (x86)\Offer\Offer-codedownloader.exe c:\program files (x86)\Offer\Offer-helper.exe c:\program files (x86)\Offer\Offer.ico c:\program files (x86)\Offer\Uninstall.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-10-27 to 2013-11-27 )))))))))))))))))))))))))))))) . . 2013-11-27 07:47 . 2013-11-27 07:47 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp 2013-11-27 07:47 . 2013-11-27 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-26 17:55 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C36B27D-E214-439F-BC52-32BC885B40F3}\mpengine.dll 2013-11-26 12:27 . 2013-11-27 07:47 -------- d-----w- c:\users\charlotte\AppData\Local\Temp 2013-11-26 12:27 . 2013-11-26 12:07 24064 ----a-w- c:\windows\zoek-delete.exe 2013-11-26 09:04 . 2013-11-26 12:24 -------- d-----w- C:\zoek_backup 2013-11-25 19:24 . 2013-11-25 19:26 -------- d-----w- c:\program files (x86)\trend micro 2013-11-25 19:24 . 2013-11-25 19:24 -------- d-----w- C:\rsit 2013-11-25 17:35 . 2013-11-25 17:35 -------- d-----w- c:\windows\ERUNT 2013-11-25 17:31 . 2013-11-25 17:31 -------- d-----w- c:\users\charlotte\AppData\Local\cache 2013-11-25 17:31 . 2013-11-25 17:31 -------- d-----w- c:\users\charlotte\AppData\Local\genienext 2013-11-25 17:24 . 2013-11-25 17:24 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-11-25 17:15 . 2013-11-25 17:15 -------- d-----w- c:\program files\HitmanPro 2013-11-25 17:13 . 2013-11-25 17:23 -------- d-----w- c:\programdata\HitmanPro 2013-11-25 13:56 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-25 13:35 . 2013-11-25 13:35 -------- d-----w- c:\programdata\ReviverSoft 2013-11-13 13:13 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-11-13 13:12 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-11-13 13:12 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-11-08 19:35 . 2013-11-08 19:35 -------- d-----w- c:\program files\iPod 2013-11-08 19:35 . 2013-11-08 19:36 -------- d-----w- c:\program files\iTunes 2013-11-08 19:35 . 2013-11-08 19:36 -------- d-----w- c:\program files (x86)\iTunes 2013-11-06 19:01 . 2013-11-06 19:01 -------- d-----w- c:\users\charlotte\AppData\Roaming\Malwarebytes 2013-11-06 19:00 . 2013-11-06 19:00 -------- d-----w- c:\programdata\Malwarebytes 2013-11-06 19:00 . 2013-11-25 17:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-11-06 19:00 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-06 17:53 . 2013-11-06 17:55 110080 ----a-r- c:\users\charlotte\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconD7F16134.exe 2013-11-06 17:53 . 2013-11-06 17:55 110080 ----a-r- c:\users\charlotte\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe 2013-11-06 17:52 . 2013-11-06 17:55 110080 ----a-r- c:\users\charlotte\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconF7A21AF7.exe 2013-11-06 17:52 . 2013-11-06 17:52 -------- d-----w- c:\program files\Enigma Software Group 2013-11-06 17:31 . 2013-10-18 13:55 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59C14695-4BA5-4DBF-B39C-DE8EBB3F1D95}\gapaengine.dll 2013-10-31 19:56 . 2013-11-06 17:42 -------- d-----w- c:\users\charlotte\AppData\Roaming\AvitoDvd 2013-10-31 19:56 . 2013-10-31 19:56 -------- d-----w- c:\users\charlotte\AppData\Roaming\AviDvdBurner 2013-10-31 19:43 . 2004-10-12 12:46 1761280 ----a-w- c:\windows\SysWow64\ffdshow.ax 2013-10-31 19:43 . 2004-10-12 12:42 262144 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll 2013-10-31 19:43 . 2004-10-05 14:16 395776 ----a-w- c:\windows\SysWow64\libmplayer.dll 2013-10-31 19:43 . 2004-10-03 23:50 112640 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll 2013-10-31 19:43 . 2004-10-12 12:40 2255360 ----a-w- c:\windows\SysWow64\libavcodec.dll 2013-10-31 19:43 . 2003-03-25 04:49 98304 ----a-w- c:\windows\SysWow64\L3CODECX.AX 2013-10-31 19:43 . 2013-10-31 19:43 -------- d-----w- c:\program files (x86)\Cucusoft 2013-10-31 19:29 . 2013-11-25 13:33 -------- d-----w- c:\program files (x86)\MediaConverter 2013-10-31 19:04 . 2013-10-31 19:04 -------- d-----w- c:\users\charlotte\AppData\Roaming\Canneverbe Limited 2013-10-31 19:04 . 2013-10-31 19:04 -------- d-----w- c:\programdata\Canneverbe Limited . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 10:21 . 2011-02-08 07:28 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-14 10:35 . 2011-03-09 13:50 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-10-18 13:55 . 2011-08-11 07:47 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-09 10:53 . 2012-05-22 16:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 10:53 . 2011-08-27 20:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-27 07:53 . 2013-09-27 07:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 07:53 . 2010-10-24 18:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-08 02:30 . 2013-10-11 06:52 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-11 06:52 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-11 06:52 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-19 10:50 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-19 10:50 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-19 10:50 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-19 10:50 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-19 10:50 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-19 10:50 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-19 10:50 7808 ----a-w- c:\windows\system32\drivers\usbd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Facebook Update"="c:\users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3133HJGF05TX;CONNECTION=USB;MONITOR=1; [2009-7-14 45568] TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187.sys [x] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 10:53] . 2013-11-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job - c:\users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 22:26] . 2013-11-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job - c:\users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 22:26] . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 09:10] . 2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 09:10] . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job - c:\users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:10] . 2013-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job - c:\users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:10] . 2013-11-27 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2013-07-10 13:44] . 2013-11-26 c:\windows\Tasks\Start Registry Reviver for charlotte-pc@charlotte(logon).job - c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2012-11-08 09:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-12-16 15:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-12-16 15:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-09 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-09 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-09 410648] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) BHO-{11111111-1111-1111-1111-110411421172} - c:\program files (x86)\Offer\Offer-bho64.dll AddRemove-AnyProtect - c:\program files (x86)\AnyProtectEx\uninstall.exe AddRemove-DVS Video Downloader Addon for Internet Explorer_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe/SILENT AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe AddRemove-Offer - c:\program files (x86)\Offer\Uninstall.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe AddRemove-VuuPC - c:\program files (x86)\VuuPC\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-11-27 09:51:39 ComboFix-quarantined-files.txt 2013-11-27 07:51 ComboFix2.txt 2013-11-26 17:01 . Pre-Run: 77.782.630.400 bytes beschikbaar Post-Run: 76.878.860.288 bytes beschikbaar . - - End Of File - - 5548FD89C4CEB8E2559990A8AE001477
  4. ComboFix 13-11-23.02 - charlotte 26/11/2013 18:49:41.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3891.1844 [GMT 2:00] Gestart vanuit: c:\users\charlotte\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2013-10-26 to 2013-11-26 )))))))))))))))))))))))))))))) . . 2013-11-26 16:58 . 2013-11-26 16:58 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp 2013-11-26 16:58 . 2013-11-26 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-26 12:28 . 2013-11-26 12:28 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{792D46F2-DA39-4368-A8E6-22D55A3C67A1}\offreg.dll 2013-11-26 12:27 . 2013-11-26 16:58 -------- d-----w- c:\users\charlotte\AppData\Local\Temp 2013-11-26 12:27 . 2013-11-26 12:07 24064 ----a-w- c:\windows\zoek-delete.exe 2013-11-26 09:04 . 2013-11-26 12:24 -------- d-----w- C:\zoek_backup 2013-11-25 19:24 . 2013-11-25 19:26 -------- d-----w- c:\program files (x86)\trend micro 2013-11-25 19:24 . 2013-11-25 19:24 -------- d-----w- C:\rsit 2013-11-25 17:35 . 2013-11-25 17:35 -------- d-----w- c:\windows\ERUNT 2013-11-25 17:31 . 2013-11-25 17:31 -------- d-----w- c:\users\charlotte\AppData\Local\cache 2013-11-25 17:31 . 2013-11-25 17:31 -------- d-----w- c:\users\charlotte\AppData\Local\genienext 2013-11-25 17:24 . 2013-11-25 17:24 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-11-25 17:15 . 2013-11-25 17:15 -------- d-----w- c:\program files\HitmanPro 2013-11-25 17:13 . 2013-11-25 17:23 -------- d-----w- c:\programdata\HitmanPro 2013-11-25 13:56 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{792D46F2-DA39-4368-A8E6-22D55A3C67A1}\mpengine.dll 2013-11-25 13:35 . 2013-11-25 13:35 -------- d-----w- c:\programdata\ReviverSoft 2013-11-25 13:34 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-13 13:13 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-11-13 13:12 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-11-13 13:12 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-11-08 19:35 . 2013-11-08 19:35 -------- d-----w- c:\program files\iPod 2013-11-08 19:35 . 2013-11-08 19:36 -------- d-----w- c:\program files\iTunes 2013-11-08 19:35 . 2013-11-08 19:36 -------- d-----w- c:\program files (x86)\iTunes 2013-11-06 19:01 . 2013-11-06 19:01 -------- d-----w- c:\users\charlotte\AppData\Roaming\Malwarebytes 2013-11-06 19:00 . 2013-11-06 19:00 -------- d-----w- c:\programdata\Malwarebytes 2013-11-06 19:00 . 2013-11-25 17:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-11-06 19:00 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-06 17:53 . 2013-11-06 17:55 110080 ----a-r- c:\users\charlotte\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconD7F16134.exe 2013-11-06 17:53 . 2013-11-06 17:55 110080 ----a-r- c:\users\charlotte\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe 2013-11-06 17:52 . 2013-11-06 17:55 110080 ----a-r- c:\users\charlotte\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconF7A21AF7.exe 2013-11-06 17:52 . 2013-11-06 17:52 -------- d-----w- c:\program files\Enigma Software Group 2013-11-06 17:31 . 2013-10-18 13:55 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59C14695-4BA5-4DBF-B39C-DE8EBB3F1D95}\gapaengine.dll 2013-10-31 19:56 . 2013-11-06 17:42 -------- d-----w- c:\users\charlotte\AppData\Roaming\AvitoDvd 2013-10-31 19:56 . 2013-10-31 19:56 -------- d-----w- c:\users\charlotte\AppData\Roaming\AviDvdBurner 2013-10-31 19:43 . 2004-10-12 12:46 1761280 ----a-w- c:\windows\SysWow64\ffdshow.ax 2013-10-31 19:43 . 2004-10-12 12:42 262144 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll 2013-10-31 19:43 . 2004-10-05 14:16 395776 ----a-w- c:\windows\SysWow64\libmplayer.dll 2013-10-31 19:43 . 2004-10-03 23:50 112640 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll 2013-10-31 19:43 . 2004-10-12 12:40 2255360 ----a-w- c:\windows\SysWow64\libavcodec.dll 2013-10-31 19:43 . 2003-03-25 04:49 98304 ----a-w- c:\windows\SysWow64\L3CODECX.AX 2013-10-31 19:43 . 2013-10-31 19:43 -------- d-----w- c:\program files (x86)\Cucusoft 2013-10-31 19:31 . 2013-11-25 13:34 -------- d-----w- c:\program files (x86)\Offer 2013-10-31 19:29 . 2013-11-25 13:33 -------- d-----w- c:\program files (x86)\MediaConverter 2013-10-31 19:04 . 2013-10-31 19:04 -------- d-----w- c:\users\charlotte\AppData\Roaming\Canneverbe Limited 2013-10-31 19:04 . 2013-10-31 19:04 -------- d-----w- c:\programdata\Canneverbe Limited . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 10:21 . 2011-02-08 07:28 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-14 10:35 . 2011-03-09 13:50 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-10-18 13:55 . 2011-08-11 07:47 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-09 10:53 . 2012-05-22 16:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 10:53 . 2011-08-27 20:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-27 07:53 . 2013-09-27 07:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 07:53 . 2010-10-24 18:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-08 02:30 . 2013-10-11 06:52 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-11 06:52 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-11 06:52 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 12:12 . 2013-10-19 10:50 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 12:11 . 2013-10-19 10:50 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 12:11 . 2013-10-19 10:50 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 12:11 . 2013-10-19 10:50 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 12:11 . 2013-10-19 10:50 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 12:11 . 2013-10-19 10:50 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 12:11 . 2013-10-19 10:50 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-29 02:17 . 2013-10-11 06:52 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-11 06:52 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-11 06:52 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-11 06:52 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-11 06:52 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-11 06:52 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-11 06:52 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-11 06:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-11 06:52 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-11 06:52 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-11 06:52 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-11 06:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 01:29 . 2013-10-11 06:52 33280 ----a-w- c:\windows\system32\drivers\usbser.sys 2013-08-29 00:49 . 2013-10-11 06:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-11 06:52 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-11 06:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-11 06:52 2048 ----a-w- c:\windows\SysWow64\user.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Facebook Update"="c:\users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-22 352256] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280] . c:\users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3133HJGF05TX;CONNECTION=USB;MONITOR=1; [2009-7-14 45568] TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187.sys [x] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 10:53] . 2013-11-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job - c:\users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 22:26] . 2013-11-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job - c:\users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-25 22:26] . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 09:10] . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 09:10] . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job - c:\users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:10] . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job - c:\users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:10] . 2013-11-26 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2013-07-10 13:44] . 2013-11-26 c:\windows\Tasks\Start Registry Reviver for charlotte-pc@charlotte(logon).job - c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2012-11-08 09:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411421172}] 2013-10-31 19:36 954368 ----a-w- c:\program files (x86)\Offer\Offer-bho64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-12-16 15:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-12-16 15:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-09 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-09 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-09 410648] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Wow6432Node-HKCU-Run-NextLive - c:\users\charlotte\AppData\Roaming\newnext.me\nengine.dll Wow6432Node-HKLM-Run-NPSStartup - (no file) Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-AnyProtect - c:\program files (x86)\AnyProtectEx\AnyProtect.exe Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-AnyProtect - c:\program files (x86)\AnyProtectEx\uninstall.exe AddRemove-DVS Video Downloader Addon for Internet Explorer_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe/SILENT AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe AddRemove-VuuPC - c:\program files (x86)\VuuPC\uninstall.exe AddRemove-VuuPC Packages - c:\users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G\VuuPC Packages\uninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-11-26 19:01:51 ComboFix-quarantined-files.txt 2013-11-26 17:01 . Pre-Run: 78.341.517.312 bytes beschikbaar Post-Run: 77.938.503.680 bytes beschikbaar . - - End Of File - - 775E9473D38C989C39D393D0B7AD3AE7
  5. de pop ups zijn weg maar de pc ix nog steeds traag met opstart problemen en onverwachts uitvallen - - - Updated - - - de pop ups zijn weg maar de pc start nog steeds moeizaam op en is traag. ook valt hij soms nog steeds uit
  6. Zoek.exe Version 4.0.0.5 Updated 24-November-2013 Tool run by charlotte on di 26/11/2013 at 14:07:18,70. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\charlotte\Desktop\zoek\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results2013-11-26-105452.log 46600 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AnyProtect"=- "mobilegeni daemon"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Bcool not found C:\Program Files (x86)\BuzzSearch not found "C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe" not found C:\Program Files (x86)\AnyProtectEx deleted C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G deleted C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtectEx deleted C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} deleted "C:\autoexec.bat" deleted "C:\Users\Public\Desktop\sample_20132611_1122.zip" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome.manifest" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\install.rdf" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\manifest.xml" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins.json" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button1.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button2.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button3.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button4.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button5.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\crossrider_statusbar.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon128.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon16.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon24.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon48.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\panelarrow-up.png" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\popup.html" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\skin.css" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\update.css" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\background.html" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\baseObject.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\browser.xul" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\dialog.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\main.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\options.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\options.xul" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\search_dialog.xul" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\asyncDB.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\background.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\browserAction.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\contextMenu.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\dbManager.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\dom_bg.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\fileManager.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\firefox.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\firefoxNotifications.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\firefoxOmnibox.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\message.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\pageAction.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\request.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\tabs.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\webRequest.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\console.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\consts.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\delegate.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\extensionDataStore.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\folderIOWrapper.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\httpObserver.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\IDBWrapper.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\installer.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\logFile.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\prefs.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\progressListenerObserver.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\registry.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\reloadObserver.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\reports.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\requestObject.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\searchSettings.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\uninstallObserver.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\updateManager.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\utils.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\xhr.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\defaults\preferences\prefs.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\13_CrossriderAppUtils.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\14_CrossriderUtils.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\16_FFAppAPIWrapper.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\17_jQuery.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\1_base.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\21_debug.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\22_resources.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\28_initializer.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\47_resources_background.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\4_jquery_1_7_1.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\64_appApiMessage.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\72_appApiValidation.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\78_CrossriderInfo.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\98_omniCommands.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\userCode\background.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\userCode\extension.js" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\locale\en-US\translations.dtd" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\defaults" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\locale" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\defaults\preferences" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\userCode" deleted "C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\locale\en-US" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "4f905b94d7ca1@4f905b94d7ca2.info"="C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\4f905b94d7ca1@4f905b94d7ca2.info" [] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22/05/2013 09:24] SiteAdvisor - charlotte - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {8F9F13EF-B5FA-4862-AB88-2189DB045950} eBay Url="{searchTerms | eBay}" {91563D78-6F5D-4287-944F-6D2C9998DB58} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\4f905b94d7ca1@4f905b94d7ca2.info deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\charlotte\AppData\Local\Mozilla\Firefox\Profiles\py2l7xb7.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\CHARLO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C" not found ==== EOF on di 26/11/2013 at 14:29:01,43 ======================
  7. Zoek.exe Version 4.0.0.5 Updated 24-November-2013 Tool run by charlotte on di 26/11/2013 at 11:06:55,06. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\charlotte\Desktop\zoek\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 26/11/2013 11:13:26 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Aimersoft deleted successfully C:\PROGRA~2\Astonsoft deleted successfully C:\PROGRA~2\DUALphone deleted successfully C:\PROGRA~2\hpmonitor deleted successfully C:\PROGRA~2\iSkysoft deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\VideoLAN deleted successfully C:\PROGRA~2\WinAVI deleted successfully C:\Program Files\McAfee deleted successfully C:\ProgramData\Freemake deleted successfully C:\ProgramData\WLInstaller deleted successfully C:\ProgramData\xml_param deleted successfully C:\Users\charlotte\AppData\Roaming\TP deleted successfully C:\Users\charlotte\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\charlotte\AppData\Local\Bundled software uninstaller deleted successfully C:\Users\charlotte\AppData\Local\Samsung deleted successfully ==== Creating Sample_20132611_1122.zip ====================== Process iexplore.exe killed Process rundll32.exe killed Copied file C:\Users\charlotte\AppData\Local\AnyProtectScannerSetup.exe to sample\AnyProtectScannerSetup.exe sample\AnyProtectScannerSetup.exe renamed to 0803301107463ABB156DF520265AB8DF C:\Users\Public\Desktop\sample_20132611_1122.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\prefs.js: user_pref("browser.startup.homepage", "Ask.com"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("extensions.asktb.ff-original-keyword-url", ""); Added to C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar_i.id", "889b12db00000000000088252ca4edb6"); user_pref("extensions.BabylonToolbar_i.hardId", "889b12db00000000000088252ca4edb6"); user_pref("extensions.BabylonToolbar_i.instlDay", "15450"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:31:39"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.newTab", false); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112454"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- FireFox user.js and prefs.js backups ---- user_20132611_1123_.backup prefs_20132611_1123_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Users\CHARLO~1\Desktop\SCHOON~1.LNK not found C:\Windows\syswow64\appdata deleted C:\Users\charlotte\.android deleted C:\Users\charlotte\AppData\Roaming\newnext.me deleted C:\ProgramData\InstallMate deleted C:\Users\charlotte\AppData\Local\Mobogenie deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC deleted C:\Windows\SysNative\roboot64.exe deleted C:\user.js deleted C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\searchplugins\askcom.xml deleted C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\ffxtlbr@babylon.com deleted C:\Users\Public\Desktop\RegClean Pro.lnk deleted C:\Users\charlotte\Desktop\Mobogenie.lnk deleted C:\Users\charlotte\AppData\Local\AnyProtectScannerSetup.exe deleted C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted "C:\Users\charlotte\AppData\Roaming\.NANotifyHere" deleted "C:\Users\charlotte\daemonprocess.txt" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCall.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla2.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla21.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla31.exe" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla32.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla33.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla34.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla37.exe" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseData.ini" deleted "C:\PROGRA~2\Mobogenie\DaemonProcess.exe" deleted "C:\PROGRA~2\Mobogenie\libeay32.dll" deleted "C:\PROGRA~2\Mobogenie\msvcp100.dll" deleted "C:\PROGRA~2\Mobogenie\msvcr100.dll" deleted "C:\PROGRA~2\Mobogenie\QtCore4.dll" deleted "C:\PROGRA~2\Mobogenie\QtGui4.dll" deleted "C:\PROGRA~2\Mobogenie\QtNetwork4.dll" deleted "C:\PROGRA~2\Mobogenie\QtSql4.dll" deleted "C:\PROGRA~2\Mobogenie\QtWebKit4.dll" deleted "C:\PROGRA~2\Mobogenie\ssleay32.dll" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll" deleted "C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft" not deleted "C:\PROGRA~2\Mobogenie" deleted "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\CHARLO~1\AppData\Local\Temp ==== 2013-11-25 17:35:20 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-11-25 17:28:20 ED97246D5627F0BC21F7830BEC42ED8D 26774864 ----a-w- C:\Users\charlotte\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe 2013-11-25 10:03:28 96663C643B6B3E63EF8B1FF93109E637 7668704 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ClickMeInSetup.exe 2013-11-25 10:02:16 4BB92CB7EA897CE88AE1514967CEB4F0 62792 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ManualRegister.exe 2013-11-23 10:02:42 0803301107463ABB156DF520265AB8DF 765728 ------w- C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-14 10:47:30 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-11-14 10:47:30 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-11-14 10:47:28 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-11-14 10:47:28 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-11-14 10:47:27 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-11-14 10:47:27 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-14 10:47:26 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-11-14 10:47:24 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-11-14 10:47:23 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-11-14 10:47:21 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-11-14 10:47:20 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-11-14 10:47:18 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-11-14 10:47:17 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-11-14 10:47:15 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-11-14 10:47:09 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-11-13 13:13:33 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-11-13 13:13:12 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-11-13 13:13:12 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll 2013-11-13 13:13:12 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 13:13:07 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-11-13 13:13:06 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 13:13:06 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-11-13 13:13:06 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-11-13 13:13:03 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2013-11-13 13:12:59 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 13:12:59 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-25 17:23:24 03F775AF952CBA0F753B1A7B9DE38EDB 502 ----a-w- C:\Windows\Sysnative\.crusader 2013-11-14 10:47:31 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-11-14 10:47:29 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-11-14 10:47:28 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-11-14 10:47:28 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-11-14 10:47:27 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-11-14 10:47:27 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-11-14 10:47:27 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-11-14 10:47:26 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-11-14 10:47:24 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-11-14 10:47:23 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-11-14 10:47:22 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-11-14 10:47:19 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-11-14 10:47:18 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-11-14 10:47:16 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-11-14 10:47:13 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-11-14 10:47:12 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-11-13 13:13:33 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-11-13 13:13:13 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll 2013-11-13 13:13:12 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll 2013-11-13 13:13:12 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll 2013-11-13 13:13:07 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-11-13 13:13:07 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-11-13 13:13:07 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-11-13 13:13:06 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-11-13 13:13:06 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-11-13 13:13:06 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-11-13 13:13:06 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-11-13 13:13:03 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2013-11-13 13:13:00 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2013-11-13 13:13:00 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll 2013-11-13 13:13:00 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL ====== C:\Windows\Sysnative\drivers ===== 2013-11-25 17:24:47 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys 2013-11-13 13:13:20 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-13 13:13:07 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-13 13:13:07 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-13 13:13:07 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-06 19:00:55 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys ====== C:\Windows\Tasks ====== 2013-11-06 17:47:49 E8BEF3779B150D96AF075970841B699E 3136 ----a-w- C:\Windows\Sysnative\Tasks\{C379E3EF-9E9C-43C2-A306-BBDAE09EE45E} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-25 17:15:04 -------- d-----w- C:\Program Files\HitmanPro 2013-11-08 19:35:50 -------- d-----w- C:\Program Files\iPod 2013-11-08 19:35:46 -------- d-----w- C:\Program Files\iTunes 2013-11-06 17:52:51 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2013-11-25 19:24:01 -------- d-----w- C:\PROGRA~2\trend micro 2013-11-25 17:29:31 -------- d-----w- C:\PROGRA~2\AnyProtectEx 2013-11-08 19:35:46 -------- d-----w- C:\PROGRA~2\iTunes 2013-10-31 19:43:17 -------- d-----w- C:\PROGRA~2\Cucusoft 2013-10-31 19:31:02 -------- d-----w- C:\PROGRA~2\Offer 2013-10-31 19:29:37 -------- d-----w- C:\PROGRA~2\MediaConverter ======= C: ===== 2013-11-06 17:56:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\charlotte\AppData\Roaming ====== 2013-11-26 09:03:24 27CA41A86A9BFA293CF1FD233B9A3218 81 ----a-w- C:\Users\charlotte\AppData\Roaming\mbam.context.scan 2013-11-25 19:10:11 959EFAFB4B18E36BA05873235BBE772E 1401 ----a-w- C:\Users\charlotte\AppData\Roaming\aps.scan.results 2013-11-25 17:31:39 -------- d-----w- C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G 2013-11-25 17:31:38 13D116E698FB77C07F453801992AAF22 152 ----a-w- C:\Users\charlotte\AppData\Roaming\aps.scan.params 2013-11-25 17:31:38 -------- d-----w- C:\Users\charlotte\AppData\Local\cache 2013-11-25 17:31:36 -------- d-----w- C:\Users\charlotte\AppData\Local\genienext 2013-11-25 17:30:02 -------- d-----w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtectEx 2013-11-06 17:53:00 -------- d-----w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-10-31 19:56:12 -------- d-----w- C:\Users\charlotte\AppData\Roaming\AvitoDvd 2013-10-31 19:56:12 -------- d-----w- C:\Users\charlotte\AppData\Roaming\AviDvdBurner 2013-10-31 19:04:57 -------- d-----w- C:\Users\charlotte\AppData\Roaming\Canneverbe Limited ====== C:\Users\charlotte ====== 2013-11-25 19:25:53 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\charlotte\Desktop\RSIT-1.06.exe 2013-11-25 17:15:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2013-11-25 17:13:04 -------- d-----w- C:\ProgramData\HitmanPro 2013-11-25 13:35:32 -------- d-----w- C:\ProgramData\ReviverSoft 2013-11-08 19:36:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-11-08 19:35:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-31 19:29:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaConverter 2013-10-31 19:04:57 -------- d-----w- C:\ProgramData\Canneverbe Limited ====== C: exe-files == 2013-11-25 19:25:53 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\charlotte\Desktop\RSIT-1.06.exe 2013-11-25 19:24:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\charlotte.exe 2013-11-25 19:23:48 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\171O40AW\RSIT-1.06.exe 2013-11-25 17:39:50 F57F6AF1CC0527B8C37EEC5CBBE88D36 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$I8FKN92.exe 2013-11-25 17:39:42 AFAFA655CC59872129A32CDE4F60F2DE 1091882 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$R8FKN92.exe 2013-11-25 17:35:20 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2013-11-25 17:35:05 7DED2B428CC1AB95DD9D25B2569F799B 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$IHHDCML.exe 2013-11-25 17:34:52 AFAFA655CC59872129A32CDE4F60F2DE 1091882 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$RHHDCML.exe 2013-11-25 17:34:45 9EF917BD6EB2C456BD0F7D04ACB1458F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$IFGGE85.exe 2013-11-25 17:34:11 AC65665AC81A3C5714411DDE32514514 4172288 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$RFGGE85.exe 2013-11-25 17:31:39 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G\VuuPC Packages\uninstaller.exe 2013-11-25 17:30:58 875C502755D37C253C417922969E7FD2 17682224 ----a-w- C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2DTSP1Y\Mobogenie_Setup_2.1.32_537[1].exe 2013-11-25 17:30:07 32C786DBAD3996296B9C4465D823697E 92869 ----a-w- C:\Program Files (x86)\AnyProtectEx\Uninstall.exe 2013-11-25 17:29:37 778ECD22927D56127D11A29FC9F13B23 20668464 ----a-w- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 2013-11-25 17:29:33 A581DE974BE6B494F722E4F472F0D73C 144568 ----a-w- C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7WKCA0S\ClickMeInGeneric[1].exe 2013-11-25 17:28:20 ED97246D5627F0BC21F7830BEC42ED8D 26774864 ----a-w- C:\Users\charlotte\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe 2013-11-25 17:15:04 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2013-11-25 10:03:28 96663C643B6B3E63EF8B1FF93109E637 7668704 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ClickMeInSetup.exe 2013-11-25 10:02:16 4BB92CB7EA897CE88AE1514967CEB4F0 62792 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ManualRegister.exe 2013-11-23 12:00:36 A9ACD7631CA7B40802185898052F3E1F 387152 ----a-w- C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe 2013-11-23 10:02:42 0803301107463ABB156DF520265AB8DF 765728 ------w- C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe === C: other files == 2013-11-26 09:22:30 14A3344673E7127F491048236F8658AE 735830 ----a-w- C:\Users\Public\Desktop\sample_20132611_1122.zip 2013-11-25 17:35:19 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\modules.bat 2013-11-25 17:35:19 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\chrome.bat 2013-11-25 17:35:19 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\firefox.bat 2013-11-25 17:35:19 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\FWPolicy.bat 2013-11-25 17:35:19 B8AF52799C6359D40228B006C1432C57 16063 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\get.bat 2013-11-25 17:35:19 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\ask.bat 2013-11-25 17:35:19 87458834C37183459AA6F19EF5E06533 9099 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\runvalues.bat 2013-11-25 17:35:19 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\ev_clear.bat 2013-11-25 17:35:19 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\iexplore.bat 2013-11-25 17:35:19 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\delorphans.bat 2013-11-25 17:35:19 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\prelim.bat 2013-11-25 17:35:19 504CA0FC8BE3A47ECE89CEC2E5B21E67 10261 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\JRT.bat 2013-11-25 17:35:19 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\searchlnk.bat 2013-11-25 17:35:19 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\TDL4.bat 2013-11-25 17:35:19 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\medfos.bat 2013-11-25 17:35:19 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\delfolders.bat 2013-11-25 17:35:19 006F09DF7EB9E9E61935F16AF2B6DC71 150291 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\misc.bat 2013-11-25 17:24:47 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "Facebook Update"="C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Google Update"="C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l" [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "Facebook Update"="C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Google Update"="C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" "NBAgent"="c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart" "KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" "ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "PSUNMain"="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe /Traybar" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN" "iSkysoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "AnyProtect"="C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" "mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" "TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "Facebook Update"="C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Google Update"="C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe " "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" "Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r" "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Folders ====================== 2013-07-10 13:29:47 1938 ----a-w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk 2011-02-07 14:41:59 2002 ----a-w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2010-04-22 07:24:02 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2010-04-22 07:24:02 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2013-01-06 13:53:08 1258 ----a-w- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job --a------ [undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/02/2011 11:10] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job --a------ C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [08/02/2011 11:10] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job --a------ [undetermined Task] C:\Windows\tasks\HP Photo Creations Communicator.job --a------ [undetermined Task] C:\Windows\tasks\Start Registry Reviver for charlotte-pc@charlotte(logon).job --a------ C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [08/11/2012 11:25] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core" [C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA" [C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core" [C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA" [C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 2510 series" ["C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\Start Registry Reviver for charlotte-pc@charlotte(logon)" [C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{EA08EC40-86FC-413F-8AF8-84FEC2408928}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{EC803146-307B-4AFB-8AD1-4A43278E6AD3}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "4f905b94d7ca1@4f905b94d7ca2.info"="C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\4f905b94d7ca1@4f905b94d7ca2.info" [20/04/2012 20:31] ==== Firefox Extensions ====================== ProfilePath: C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default - Bcool - %ProfilePath%\extensions\4f905b94d7ca1@4f905b94d7ca2.info - Offer - %ProfilePath%\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\4f905b94d7ca1@4f905b94d7ca2.info deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\charlotte\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22/05/2013 09:24] jhjjdgbhohaallcimgcmakfiobacimkm - C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx[] ppjemjejnnojomfekgbpbbnecicblllf - C:\ProgramData\Bcool\ppjemjejnnojomfekgbpbbnecicblllf.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\charlotte\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[] Extended Protection - charlotte - Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml SiteAdvisor - charlotte - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - charlotte - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nederlands.babylon.com_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nederlands.babylon.com_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhjjdgbhohaallcimgcmakfiobacimkm_0.localstorage deleted successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {3A2E8453-6593-4721-AD60-4128C8AFEA8F} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {8F9F13EF-B5FA-4862-AB88-2189DB045950} eBay Url="{searchTerms | eBay}" {91563D78-6F5D-4287-944F-6D2C9998DB58} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2" ==== Reset Google Chrome ====================== C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3A2E8453-6593-4721-AD60-4128C8AFEA8F} deleted successfully HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3A2E8453-6593-4721-AD60-4128C8AFEA8F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C38184E-A74B-DCBE-6DDD-CD54457AB517} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A78C2438-AD78-5F9C-D7B4-0BF8340AAF60} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B51B2D61-EF4A-84B4-D39E-BC8ECBA3081F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ppjemjejnnojomfekgbpbbnecicblllf deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\charlotte\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\charlotte\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\171O40AW will be deleted at reboot C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\charlotte\AppData\Local\Mozilla\Firefox\Profiles\py2l7xb7.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\CHARLO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Common Files\DVDVideoSoft" not found "C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\171O40AW" not found "C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C" not found "C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\assets.videostrip.com" not found "C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\i.d.com.com" not found "C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\resim.fullhdfilmizle.com" not found "C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\tracking.onefeed.co.uk" not found "C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\www.ajaxcdn.org" not found ==== EOF on di 26/11/2013 at 12:54:52,08 ======================
  8. ik kan geen verbinding maken met malwareremovel.com niet via internet Explorer en niet via chrome - - - Updated - - - Logfile of random's system information tool 1.08 (written by random/random) Run by charlotte at 2013-11-25 21:26:11 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 60 GB (25%) free of 238 GB Total RAM: 3891 MB (45% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:26:14, on 25/11/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16736) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Mobogenie\DaemonProcess.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Users\charlotte\Desktop\RSIT-1.06.exe C:\Program Files (x86)\trend micro\charlotte.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing) O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O2 - BHO: EspressoBHO - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AnyProtect] C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Facebook Update] "C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Google Update] "C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-494602320-2517612501-3084155922-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4') O4 - HKUS\S-1-5-21-494602320-2517612501-3084155922-1003\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'NeroMediaHomeUser.4') O4 - HKUS\S-1-5-21-494602320-2517612501-3084155922-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user') O4 - S-1-5-21-494602320-2517612501-3084155922-1003 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'NeroMediaHomeUser.4') O4 - S-1-5-21-494602320-2517612501-3084155922-1003 User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'NeroMediaHomeUser.4') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk = ? O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe O9 - Extra 'Tools' menuitem: HP Smart Print 2.1 - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing) O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17995 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job C:\Windows\tasks\HP Photo Creations Communicator.job C:\Windows\tasks\Start Registry Reviver for charlotte-pc@charlotte(logon).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-11 194640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-05-22 249872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-22 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] DVDVideoSoft WebPageAdjuster Class - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}] TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6C6509-FE36-44B0-A917-6C2A0DDBDF88}] HP Smart Print Helper - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll [2012-12-14 2491856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-05-22 249872] !{D4027C7F-154A-4066-A1AD-4243D8127440} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-11 194640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256] "HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936] "NBAgent"=c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760] "KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160] "TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840] "ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] "NPSStartup"= [] "PSUNMain"=C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-12-16 423232] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008] "Nero MediaHome 4"=C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-02-28 5178664] "iSkysoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208] ""= [] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392] "AnyProtect"=C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2013-11-25 20668464] "mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [2013-11-22 747712] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background [] "Facebook Update"=C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096] "Google Update"=C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 136176] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-21 20549280] "iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-09-14 59720] "NextLive"=C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll [2013-11-14 1283584] C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk - C:\Windows\system32\RunDll32.exe TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2013-11-25 21:24:01 ----D---- C:\rsit 2013-11-25 21:24:01 ----D---- C:\Program Files (x86)\trend micro 2013-11-25 19:35:25 ----D---- C:\Windows\ERUNT 2013-11-25 19:31:39 ----D---- C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G 2013-11-25 19:31:37 ----D---- C:\Users\charlotte\AppData\Roaming\newnext.me 2013-11-25 19:31:17 ----D---- C:\Program Files (x86)\Mobogenie 2013-11-25 19:29:31 ----D---- C:\Program Files (x86)\AnyProtectEx 2013-11-25 19:13:04 ----D---- C:\ProgramData\HitmanPro 2013-11-25 18:45:31 ----A---- C:\TDSSKiller.2.8.16.0_25.11.2013_18.45.31_log.txt 2013-11-25 15:35:32 ----D---- C:\ProgramData\ReviverSoft 2013-11-14 12:47:30 ----A---- C:\Windows\SysWOW64\ieui.dll 2013-11-14 12:47:28 ----A---- C:\Windows\SysWOW64\iesetup.dll 2013-11-14 12:47:28 ----A---- C:\Windows\SysWOW64\iernonce.dll 2013-11-14 12:47:27 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-14 12:47:27 ----A---- C:\Windows\SysWOW64\iesysprep.dll 2013-11-14 12:47:26 ----A---- C:\Windows\SysWOW64\iertutil.dll 2013-11-14 12:47:24 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2013-11-14 12:47:23 ----A---- C:\Windows\SysWOW64\jscript.dll 2013-11-14 12:47:21 ----A---- C:\Windows\SysWOW64\jscript9.dll 2013-11-14 12:47:20 ----A---- C:\Windows\SysWOW64\urlmon.dll 2013-11-14 12:47:18 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2013-11-14 12:47:17 ----A---- C:\Windows\SysWOW64\wininet.dll 2013-11-14 12:47:15 ----A---- C:\Windows\SysWOW64\ieframe.dll 2013-11-14 12:47:09 ----A---- C:\Windows\SysWOW64\mshtml.dll 2013-11-13 15:13:33 ----A---- C:\Windows\SysWOW64\crypt32.dll 2013-11-13 15:13:12 ----A---- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 15:13:12 ----A---- C:\Windows\SysWOW64\credui.dll 2013-11-13 15:13:12 ----A---- C:\Windows\SysWOW64\authui.dll 2013-11-13 15:13:07 ----A---- C:\Windows\SysWOW64\schannel.dll 2013-11-13 15:13:06 ----A---- C:\Windows\SysWOW64\sspicli.dll 2013-11-13 15:13:06 ----A---- C:\Windows\SysWOW64\secur32.dll 2013-11-13 15:13:06 ----A---- C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 15:13:03 ----A---- C:\Windows\SysWOW64\gdi32.dll 2013-11-13 15:12:59 ----A---- C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 15:12:59 ----A---- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-08 21:35:46 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-08 21:35:46 ----D---- C:\Program Files (x86)\iTunes 2013-11-06 21:01:12 ----D---- C:\Users\charlotte\AppData\Roaming\Malwarebytes 2013-11-06 21:00:58 ----D---- C:\ProgramData\Malwarebytes 2013-11-06 21:00:55 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-06 20:09:12 ----A---- C:\Windows\ntbtlog.txt 2013-11-06 19:56:58 ----A---- C:\autoexec.bat 2013-11-06 19:54:29 ----D---- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2013-10-31 21:56:12 ----D---- C:\Users\charlotte\AppData\Roaming\AvitoDvd 2013-10-31 21:56:12 ----D---- C:\Users\charlotte\AppData\Roaming\AviDvdBurner 2013-10-31 21:43:59 ----A---- C:\avi_log.txt 2013-10-31 21:43:34 ----A---- C:\Windows\SysWOW64\TomsMoComp_ff.dll 2013-10-31 21:43:34 ----A---- C:\Windows\SysWOW64\libmplayer.dll 2013-10-31 21:43:34 ----A---- C:\Windows\SysWOW64\libmpeg2_ff.dll 2013-10-31 21:43:33 ----A---- C:\Windows\SysWOW64\libavcodec.dll 2013-10-31 21:43:17 ----D---- C:\Program Files (x86)\Cucusoft 2013-10-31 21:31:02 ----D---- C:\Program Files (x86)\Offer 2013-10-31 21:29:37 ----D---- C:\Program Files (x86)\MediaConverter 2013-10-31 21:04:57 ----D---- C:\Users\charlotte\AppData\Roaming\Canneverbe Limited 2013-10-31 21:04:57 ----D---- C:\ProgramData\Canneverbe Limited ======List of files/folders modified in the last 1 months====== 2013-11-25 21:25:57 ----D---- C:\Windows\Temp 2013-11-25 21:24:46 ----D---- C:\Users\charlotte\AppData\Roaming\Skype 2013-11-25 21:24:01 ----D---- C:\Program Files (x86) 2013-11-25 21:04:50 ----A---- C:\Windows\SysWOW64\log.txt 2013-11-25 19:36:30 ----HD---- C:\ProgramData 2013-11-25 19:35:25 ----D---- C:\Windows 2013-11-25 19:24:52 ----D---- C:\Windows\System32 2013-11-25 19:15:04 ----D---- C:\Program Files 2013-11-25 15:51:57 ----SHD---- C:\System Volume Information 2013-11-25 15:34:41 ----D---- C:\Windows\Tasks 2013-11-25 15:33:42 ----D---- C:\Windows\inf 2013-11-25 15:33:41 ----D---- C:\Windows\SysWOW64\GroupPolicy 2013-11-25 15:33:41 ----D---- C:\Windows\SysWOW64 2013-11-25 15:33:37 ----SHD---- C:\Windows\Installer 2013-11-25 15:33:37 ----D---- C:\Windows\AppCompat 2013-11-25 15:33:33 ----D---- C:\Program Files (x86)\Safari 2013-11-25 15:33:30 ----D---- C:\Program Files (x86)\Realtek WLAN Driver 2013-11-25 15:33:30 ----D---- C:\Program Files (x86)\REALTEK RTL8187 Wireless LAN Driver 2013-11-25 15:33:30 ----D---- C:\Program Files (x86)\Realtek 2013-11-25 15:33:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2013-11-25 15:33:28 ----D---- C:\Program Files (x86)\Panda Security 2013-11-25 15:33:22 ----D---- C:\Program Files (x86)\Freemake 2013-11-25 15:33:22 ----D---- C:\Intel 2013-11-25 15:33:17 ----D---- C:\Windows\registration 2013-11-25 15:32:23 ----D---- C:\ProgramData\Panda Security 2013-11-25 14:35:44 ----D---- C:\Windows\Prefetch 2013-11-25 13:29:42 ----D---- C:\ProgramData\Freemake 2013-11-19 03:22:40 ----D---- C:\Program Files (x86)\Microsoft Security Client 2013-11-14 14:32:27 ----D---- C:\Windows\rescache 2013-11-14 13:09:32 ----D---- C:\Windows\winsxs 2013-11-14 13:08:49 ----A---- C:\Windows\SysWOW64\temp.txt 2013-11-14 13:05:26 ----D---- C:\Program Files (x86)\Internet Explorer 2013-11-14 13:05:24 ----D---- C:\Windows\SysWOW64\nl-NL 2013-11-14 12:46:51 ----D---- C:\ProgramData\Microsoft Help 2013-11-08 21:35:48 ----D---- C:\Program Files (x86)\Common Files\Apple 2013-11-06 19:51:23 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-11-06 19:44:58 ----SD---- C:\ProgramData\Microsoft 2013-11-06 19:44:57 ----D---- C:\Program Files (x86)\Microsoft 2013-11-06 19:11:23 ----D---- C:\ProgramData\Skype 2013-11-06 19:11:15 ----RD---- C:\Program Files (x86)\Skype 2013-10-31 20:59:18 ----D---- C:\Users\charlotte\AppData\Roaming\Nero 2013-10-31 20:59:08 ----D---- C:\ProgramData\Nero 2013-10-31 20:58:36 ----D---- C:\Program Files (x86)\Common Files\Nero 2013-10-31 20:58:20 ----D---- C:\Program Files (x86)\Nero 2013-10-31 20:37:01 ----D---- C:\Users\charlotte\AppData\Roaming\uTorrent ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [] R1 PSINKNC;PSINKNC; C:\Windows\system32\DRIVERS\psinknc.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [] R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [] R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [] R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [] R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [] R3 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [] R3 SynTP;Synaptics Pointing Device Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [] S1 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632] S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [] S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [] S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [] S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [] S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [] S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [] S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [] S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [] S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-05-22 120592] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-07-18 762192] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208] R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [2012-02-28 517416] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928] R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560] R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-19 194032] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888] S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
  9. Ik vermoed dat ik met een virus of malware zit. De pc is al een tijdje traag en dinds kort heb ik steeds reclame onderan bij internet. Ook valt de pc regelmtig uit en start zelfstandig weer op. Iemand enig idee hoe ik dit het bese en liefst gratis oplos?
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.