Ga naar inhoud

Vermoedelijk virus


Aanbevolen berichten

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Link naar reactie
Delen op andere sites

ik kan geen verbinding maken met malwareremovel.com niet via internet Explorer en niet via chrome

- - - Updated - - -

Logfile of random's system information tool 1.08 (written by random/random)

Run by charlotte at 2013-11-25 21:26:11

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 60 GB (25%) free of 238 GB

Total RAM: 3891 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:26:14, on 25/11/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16736)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Users\charlotte\Desktop\RSIT-1.06.exe

C:\Program Files (x86)\trend micro\charlotte.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O2 - BHO: EspressoBHO - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AnyProtect] C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Google Update] "C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-494602320-2517612501-3084155922-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4')

O4 - HKUS\S-1-5-21-494602320-2517612501-3084155922-1003\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'NeroMediaHomeUser.4')

O4 - HKUS\S-1-5-21-494602320-2517612501-3084155922-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')

O4 - S-1-5-21-494602320-2517612501-3084155922-1003 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'NeroMediaHomeUser.4')

O4 - S-1-5-21-494602320-2517612501-3084155922-1003 User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'NeroMediaHomeUser.4')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk = ?

O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe

O9 - Extra 'Tools' menuitem: HP Smart Print 2.1 - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)

O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17995 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job

C:\Windows\tasks\HP Photo Creations Communicator.job

C:\Windows\tasks\Start Registry Reviver for charlotte-pc@charlotte(logon).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-11 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-05-22 249872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

DVDVideoSoft WebPageAdjuster Class - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]

TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6C6509-FE36-44B0-A917-6C2A0DDBDF88}]

HP Smart Print Helper - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll [2012-12-14 2491856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-05-22 249872]

!{D4027C7F-154A-4066-A1AD-4243D8127440}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-11 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256]

"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-04 423936]

"NBAgent"=c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760]

"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-12-25 34160]

"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]

"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"NPSStartup"= []

"PSUNMain"=C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-12-16 423232]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]

"Nero MediaHome 4"=C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-02-28 5178664]

"iSkysoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe []

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]

""= []

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-11-02 152392]

"AnyProtect"=C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2013-11-25 20668464]

"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [2013-11-22 747712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []

"Facebook Update"=C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]

"Google Update"=C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 136176]

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-21 20549280]

"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-09-14 59720]

"NextLive"=C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll [2013-11-14 1283584]

C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk - C:\Windows\system32\RunDll32.exe

TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-11-25 21:24:01 ----D---- C:\rsit

2013-11-25 21:24:01 ----D---- C:\Program Files (x86)\trend micro

2013-11-25 19:35:25 ----D---- C:\Windows\ERUNT

2013-11-25 19:31:39 ----D---- C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G

2013-11-25 19:31:37 ----D---- C:\Users\charlotte\AppData\Roaming\newnext.me

2013-11-25 19:31:17 ----D---- C:\Program Files (x86)\Mobogenie

2013-11-25 19:29:31 ----D---- C:\Program Files (x86)\AnyProtectEx

2013-11-25 19:13:04 ----D---- C:\ProgramData\HitmanPro

2013-11-25 18:45:31 ----A---- C:\TDSSKiller.2.8.16.0_25.11.2013_18.45.31_log.txt

2013-11-25 15:35:32 ----D---- C:\ProgramData\ReviverSoft

2013-11-14 12:47:30 ----A---- C:\Windows\SysWOW64\ieui.dll

2013-11-14 12:47:28 ----A---- C:\Windows\SysWOW64\iesetup.dll

2013-11-14 12:47:28 ----A---- C:\Windows\SysWOW64\iernonce.dll

2013-11-14 12:47:27 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-14 12:47:27 ----A---- C:\Windows\SysWOW64\iesysprep.dll

2013-11-14 12:47:26 ----A---- C:\Windows\SysWOW64\iertutil.dll

2013-11-14 12:47:24 ----A---- C:\Windows\SysWOW64\msfeeds.dll

2013-11-14 12:47:23 ----A---- C:\Windows\SysWOW64\jscript.dll

2013-11-14 12:47:21 ----A---- C:\Windows\SysWOW64\jscript9.dll

2013-11-14 12:47:20 ----A---- C:\Windows\SysWOW64\urlmon.dll

2013-11-14 12:47:18 ----A---- C:\Windows\SysWOW64\jsproxy.dll

2013-11-14 12:47:17 ----A---- C:\Windows\SysWOW64\wininet.dll

2013-11-14 12:47:15 ----A---- C:\Windows\SysWOW64\ieframe.dll

2013-11-14 12:47:09 ----A---- C:\Windows\SysWOW64\mshtml.dll

2013-11-13 15:13:33 ----A---- C:\Windows\SysWOW64\crypt32.dll

2013-11-13 15:13:12 ----A---- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 15:13:12 ----A---- C:\Windows\SysWOW64\credui.dll

2013-11-13 15:13:12 ----A---- C:\Windows\SysWOW64\authui.dll

2013-11-13 15:13:07 ----A---- C:\Windows\SysWOW64\schannel.dll

2013-11-13 15:13:06 ----A---- C:\Windows\SysWOW64\sspicli.dll

2013-11-13 15:13:06 ----A---- C:\Windows\SysWOW64\secur32.dll

2013-11-13 15:13:06 ----A---- C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 15:13:03 ----A---- C:\Windows\SysWOW64\gdi32.dll

2013-11-13 15:12:59 ----A---- C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 15:12:59 ----A---- C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-08 21:35:46 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-08 21:35:46 ----D---- C:\Program Files (x86)\iTunes

2013-11-06 21:01:12 ----D---- C:\Users\charlotte\AppData\Roaming\Malwarebytes

2013-11-06 21:00:58 ----D---- C:\ProgramData\Malwarebytes

2013-11-06 21:00:55 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-06 20:09:12 ----A---- C:\Windows\ntbtlog.txt

2013-11-06 19:56:58 ----A---- C:\autoexec.bat

2013-11-06 19:54:29 ----D---- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP

2013-10-31 21:56:12 ----D---- C:\Users\charlotte\AppData\Roaming\AvitoDvd

2013-10-31 21:56:12 ----D---- C:\Users\charlotte\AppData\Roaming\AviDvdBurner

2013-10-31 21:43:59 ----A---- C:\avi_log.txt

2013-10-31 21:43:34 ----A---- C:\Windows\SysWOW64\TomsMoComp_ff.dll

2013-10-31 21:43:34 ----A---- C:\Windows\SysWOW64\libmplayer.dll

2013-10-31 21:43:34 ----A---- C:\Windows\SysWOW64\libmpeg2_ff.dll

2013-10-31 21:43:33 ----A---- C:\Windows\SysWOW64\libavcodec.dll

2013-10-31 21:43:17 ----D---- C:\Program Files (x86)\Cucusoft

2013-10-31 21:31:02 ----D---- C:\Program Files (x86)\Offer

2013-10-31 21:29:37 ----D---- C:\Program Files (x86)\MediaConverter

2013-10-31 21:04:57 ----D---- C:\Users\charlotte\AppData\Roaming\Canneverbe Limited

2013-10-31 21:04:57 ----D---- C:\ProgramData\Canneverbe Limited

======List of files/folders modified in the last 1 months======

2013-11-25 21:25:57 ----D---- C:\Windows\Temp

2013-11-25 21:24:46 ----D---- C:\Users\charlotte\AppData\Roaming\Skype

2013-11-25 21:24:01 ----D---- C:\Program Files (x86)

2013-11-25 21:04:50 ----A---- C:\Windows\SysWOW64\log.txt

2013-11-25 19:36:30 ----HD---- C:\ProgramData

2013-11-25 19:35:25 ----D---- C:\Windows

2013-11-25 19:24:52 ----D---- C:\Windows\System32

2013-11-25 19:15:04 ----D---- C:\Program Files

2013-11-25 15:51:57 ----SHD---- C:\System Volume Information

2013-11-25 15:34:41 ----D---- C:\Windows\Tasks

2013-11-25 15:33:42 ----D---- C:\Windows\inf

2013-11-25 15:33:41 ----D---- C:\Windows\SysWOW64\GroupPolicy

2013-11-25 15:33:41 ----D---- C:\Windows\SysWOW64

2013-11-25 15:33:37 ----SHD---- C:\Windows\Installer

2013-11-25 15:33:37 ----D---- C:\Windows\AppCompat

2013-11-25 15:33:33 ----D---- C:\Program Files (x86)\Safari

2013-11-25 15:33:30 ----D---- C:\Program Files (x86)\Realtek WLAN Driver

2013-11-25 15:33:30 ----D---- C:\Program Files (x86)\REALTEK RTL8187 Wireless LAN Driver

2013-11-25 15:33:30 ----D---- C:\Program Files (x86)\Realtek

2013-11-25 15:33:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2013-11-25 15:33:28 ----D---- C:\Program Files (x86)\Panda Security

2013-11-25 15:33:22 ----D---- C:\Program Files (x86)\Freemake

2013-11-25 15:33:22 ----D---- C:\Intel

2013-11-25 15:33:17 ----D---- C:\Windows\registration

2013-11-25 15:32:23 ----D---- C:\ProgramData\Panda Security

2013-11-25 14:35:44 ----D---- C:\Windows\Prefetch

2013-11-25 13:29:42 ----D---- C:\ProgramData\Freemake

2013-11-19 03:22:40 ----D---- C:\Program Files (x86)\Microsoft Security Client

2013-11-14 14:32:27 ----D---- C:\Windows\rescache

2013-11-14 13:09:32 ----D---- C:\Windows\winsxs

2013-11-14 13:08:49 ----A---- C:\Windows\SysWOW64\temp.txt

2013-11-14 13:05:26 ----D---- C:\Program Files (x86)\Internet Explorer

2013-11-14 13:05:24 ----D---- C:\Windows\SysWOW64\nl-NL

2013-11-14 12:46:51 ----D---- C:\ProgramData\Microsoft Help

2013-11-08 21:35:48 ----D---- C:\Program Files (x86)\Common Files\Apple

2013-11-06 19:51:23 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-11-06 19:44:58 ----SD---- C:\ProgramData\Microsoft

2013-11-06 19:44:57 ----D---- C:\Program Files (x86)\Microsoft

2013-11-06 19:11:23 ----D---- C:\ProgramData\Skype

2013-11-06 19:11:15 ----RD---- C:\Program Files (x86)\Skype

2013-10-31 20:59:18 ----D---- C:\Users\charlotte\AppData\Roaming\Nero

2013-10-31 20:59:08 ----D---- C:\ProgramData\Nero

2013-10-31 20:58:36 ----D---- C:\Program Files (x86)\Common Files\Nero

2013-10-31 20:58:20 ----D---- C:\Program Files (x86)\Nero

2013-10-31 20:37:01 ----D---- C:\Users\charlotte\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []

R1 PSINKNC;PSINKNC; C:\Windows\system32\DRIVERS\psinknc.sys []

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []

R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys []

R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys []

R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys []

R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys []

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []

R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []

R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []

R3 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys []

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []

R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys []

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys []

R3 SynTP;Synaptics Pointing Device Driver; C:\Windows\system32\DRIVERS\SynTP.sys []

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys []

S1 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632]

S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys []

S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []

S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys []

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []

S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys []

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []

S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys []

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys []

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys []

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys []

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys []

S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []

S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys []

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys []

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-05-22 120592]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]

R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]

R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-07-18 762192]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]

R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [2012-02-28 517416]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe []

R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-19 194032]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

Link naar reactie
Delen op andere sites

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
firefoxlook; 
emptyfolderscheck;delete 
startupall; 
 {EE932B49-D5C0-4D19-A3DA-CE0849258DE6};c
 C:\Program Files (x86)\Common Files\DVDVideoSoft;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}];r64
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r64
 ""=-;r64
 C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP;f
 filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Firefox Defaults
  • Reset Chrome
  • IE Defaults
  • Auto Clean
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.5 Updated 24-November-2013

Tool run by charlotte on di 26/11/2013 at 11:06:55,06.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\charlotte\Desktop\zoek\zoek.exe [script inserted] [Checkboxes used]

==== System Restore Info ======================

26/11/2013 11:13:26 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Aimersoft deleted successfully

C:\PROGRA~2\Astonsoft deleted successfully

C:\PROGRA~2\DUALphone deleted successfully

C:\PROGRA~2\hpmonitor deleted successfully

C:\PROGRA~2\iSkysoft deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\VideoLAN deleted successfully

C:\PROGRA~2\WinAVI deleted successfully

C:\Program Files\McAfee deleted successfully

C:\ProgramData\Freemake deleted successfully

C:\ProgramData\WLInstaller deleted successfully

C:\ProgramData\xml_param deleted successfully

C:\Users\charlotte\AppData\Roaming\TP deleted successfully

C:\Users\charlotte\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully

C:\Users\charlotte\AppData\Local\Bundled software uninstaller deleted successfully

C:\Users\charlotte\AppData\Local\Samsung deleted successfully

==== Creating Sample_20132611_1122.zip ======================

Process iexplore.exe killed

Process rundll32.exe killed

Copied file C:\Users\charlotte\AppData\Local\AnyProtectScannerSetup.exe to sample\AnyProtectScannerSetup.exe

sample\AnyProtectScannerSetup.exe renamed to 0803301107463ABB156DF520265AB8DF

C:\Users\Public\Desktop\sample_20132611_1122.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\prefs.js:

user_pref("browser.startup.homepage", "Ask.com");

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.order.1", "Ask.com");

user_pref("extensions.asktb.ff-original-keyword-url", "");

Added to C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("extensions.asktb.ff-original-keyword-url", "");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.id", "889b12db00000000000088252ca4edb6");

user_pref("extensions.BabylonToolbar_i.hardId", "889b12db00000000000088252ca4edb6");

user_pref("extensions.BabylonToolbar_i.instlDay", "15450");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:31:39");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112454");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- Lines asktb removed from prefs.js ----

user_pref("extensions.asktb.ff-original-keyword-url", "");

---- FireFox user.js and prefs.js backups ----

user_20132611_1123_.backup

prefs_20132611_1123_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

==== Deleting Files \ Folders ======================

C:\Users\CHARLO~1\Desktop\SCHOON~1.LNK not found

C:\Windows\syswow64\appdata deleted

C:\Users\charlotte\.android deleted

C:\Users\charlotte\AppData\Roaming\newnext.me deleted

C:\ProgramData\InstallMate deleted

C:\Users\charlotte\AppData\Local\Mobogenie deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted

C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted

C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VuuPC deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\user.js deleted

C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\searchplugins\askcom.xml deleted

C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\ffxtlbr@babylon.com deleted

C:\Users\Public\Desktop\RegClean Pro.lnk deleted

C:\Users\charlotte\Desktop\Mobogenie.lnk deleted

C:\Users\charlotte\AppData\Local\AnyProtectScannerSetup.exe deleted

C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted

"C:\Users\charlotte\AppData\Roaming\.NANotifyHere" deleted

"C:\Users\charlotte\daemonprocess.txt" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCall.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla2.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla21.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla31.exe" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla32.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla33.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla34.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla37.exe" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseData.ini" deleted

"C:\PROGRA~2\Mobogenie\DaemonProcess.exe" deleted

"C:\PROGRA~2\Mobogenie\libeay32.dll" deleted

"C:\PROGRA~2\Mobogenie\msvcp100.dll" deleted

"C:\PROGRA~2\Mobogenie\msvcr100.dll" deleted

"C:\PROGRA~2\Mobogenie\QtCore4.dll" deleted

"C:\PROGRA~2\Mobogenie\QtGui4.dll" deleted

"C:\PROGRA~2\Mobogenie\QtNetwork4.dll" deleted

"C:\PROGRA~2\Mobogenie\QtSql4.dll" deleted

"C:\PROGRA~2\Mobogenie\QtWebKit4.dll" deleted

"C:\PROGRA~2\Mobogenie\ssleay32.dll" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll" deleted

"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft" not deleted

"C:\PROGRA~2\Mobogenie" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\lib" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\CHARLO~1\AppData\Local\Temp ====

2013-11-25 17:35:20 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2013-11-25 17:28:20 ED97246D5627F0BC21F7830BEC42ED8D 26774864 ----a-w- C:\Users\charlotte\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

2013-11-25 10:03:28 96663C643B6B3E63EF8B1FF93109E637 7668704 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ClickMeInSetup.exe

2013-11-25 10:02:16 4BB92CB7EA897CE88AE1514967CEB4F0 62792 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ManualRegister.exe

2013-11-23 10:02:42 0803301107463ABB156DF520265AB8DF 765728 ------w- C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2013-11-14 10:47:30 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-11-14 10:47:30 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-11-14 10:47:28 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-11-14 10:47:28 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-11-14 10:47:27 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-11-14 10:47:27 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-14 10:47:26 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-11-14 10:47:24 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-11-14 10:47:23 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-11-14 10:47:21 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-11-14 10:47:20 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-11-14 10:47:18 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-11-14 10:47:17 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-11-14 10:47:15 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-11-14 10:47:09 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-11-13 13:13:33 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll

2013-11-13 13:13:12 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll

2013-11-13 13:13:12 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll

2013-11-13 13:13:12 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 13:13:07 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll

2013-11-13 13:13:06 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 13:13:06 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2013-11-13 13:13:06 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2013-11-13 13:13:03 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll

2013-11-13 13:12:59 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 13:12:59 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-11-25 17:23:24 03F775AF952CBA0F753B1A7B9DE38EDB 502 ----a-w- C:\Windows\Sysnative\.crusader

2013-11-14 10:47:31 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-11-14 10:47:29 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-11-14 10:47:28 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-11-14 10:47:28 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-11-14 10:47:27 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-11-14 10:47:27 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-11-14 10:47:27 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-11-14 10:47:26 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-11-14 10:47:24 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-11-14 10:47:23 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-11-14 10:47:22 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-11-14 10:47:19 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-11-14 10:47:18 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-11-14 10:47:16 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-11-14 10:47:13 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-11-14 10:47:12 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-11-13 13:13:33 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll

2013-11-13 13:13:13 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll

2013-11-13 13:13:12 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll

2013-11-13 13:13:12 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll

2013-11-13 13:13:07 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll

2013-11-13 13:13:07 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll

2013-11-13 13:13:07 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2013-11-13 13:13:06 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll

2013-11-13 13:13:06 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2013-11-13 13:13:06 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe

2013-11-13 13:13:06 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll

2013-11-13 13:13:03 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll

2013-11-13 13:13:00 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL

2013-11-13 13:13:00 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll

2013-11-13 13:13:00 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL

====== C:\Windows\Sysnative\drivers =====

2013-11-25 17:24:47 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys

2013-11-13 13:13:20 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

2013-11-13 13:13:07 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2013-11-13 13:13:07 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2013-11-13 13:13:07 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2013-11-06 19:00:55 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

====== C:\Windows\Tasks ======

2013-11-06 17:47:49 E8BEF3779B150D96AF075970841B699E 3136 ----a-w- C:\Windows\Sysnative\Tasks\{C379E3EF-9E9C-43C2-A306-BBDAE09EE45E}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-11-25 17:15:04 -------- d-----w- C:\Program Files\HitmanPro

2013-11-08 19:35:50 -------- d-----w- C:\Program Files\iPod

2013-11-08 19:35:46 -------- d-----w- C:\Program Files\iTunes

2013-11-06 17:52:51 -------- d-----w- C:\Program Files\Enigma Software Group

======= C:\PROGRA~2 =====

2013-11-25 19:24:01 -------- d-----w- C:\PROGRA~2\trend micro

2013-11-25 17:29:31 -------- d-----w- C:\PROGRA~2\AnyProtectEx

2013-11-08 19:35:46 -------- d-----w- C:\PROGRA~2\iTunes

2013-10-31 19:43:17 -------- d-----w- C:\PROGRA~2\Cucusoft

2013-10-31 19:31:02 -------- d-----w- C:\PROGRA~2\Offer

2013-10-31 19:29:37 -------- d-----w- C:\PROGRA~2\MediaConverter

======= C: =====

2013-11-06 17:56:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat

====== C:\Users\charlotte\AppData\Roaming ======

2013-11-26 09:03:24 27CA41A86A9BFA293CF1FD233B9A3218 81 ----a-w- C:\Users\charlotte\AppData\Roaming\mbam.context.scan

2013-11-25 19:10:11 959EFAFB4B18E36BA05873235BBE772E 1401 ----a-w- C:\Users\charlotte\AppData\Roaming\aps.scan.results

2013-11-25 17:31:39 -------- d-----w- C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G

2013-11-25 17:31:38 13D116E698FB77C07F453801992AAF22 152 ----a-w- C:\Users\charlotte\AppData\Roaming\aps.scan.params

2013-11-25 17:31:38 -------- d-----w- C:\Users\charlotte\AppData\Local\cache

2013-11-25 17:31:36 -------- d-----w- C:\Users\charlotte\AppData\Local\genienext

2013-11-25 17:30:02 -------- d-----w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtectEx

2013-11-06 17:53:00 -------- d-----w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2013-10-31 19:56:12 -------- d-----w- C:\Users\charlotte\AppData\Roaming\AvitoDvd

2013-10-31 19:56:12 -------- d-----w- C:\Users\charlotte\AppData\Roaming\AviDvdBurner

2013-10-31 19:04:57 -------- d-----w- C:\Users\charlotte\AppData\Roaming\Canneverbe Limited

====== C:\Users\charlotte ======

2013-11-25 19:25:53 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\charlotte\Desktop\RSIT-1.06.exe

2013-11-25 17:15:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2013-11-25 17:13:04 -------- d-----w- C:\ProgramData\HitmanPro

2013-11-25 13:35:32 -------- d-----w- C:\ProgramData\ReviverSoft

2013-11-08 19:36:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2013-11-08 19:35:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-10-31 19:29:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaConverter

2013-10-31 19:04:57 -------- d-----w- C:\ProgramData\Canneverbe Limited

====== C: exe-files ==

2013-11-25 19:25:53 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\charlotte\Desktop\RSIT-1.06.exe

2013-11-25 19:24:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\charlotte.exe

2013-11-25 19:23:48 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\171O40AW\RSIT-1.06.exe

2013-11-25 17:39:50 F57F6AF1CC0527B8C37EEC5CBBE88D36 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$I8FKN92.exe

2013-11-25 17:39:42 AFAFA655CC59872129A32CDE4F60F2DE 1091882 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$R8FKN92.exe

2013-11-25 17:35:20 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2013-11-25 17:35:05 7DED2B428CC1AB95DD9D25B2569F799B 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$IHHDCML.exe

2013-11-25 17:34:52 AFAFA655CC59872129A32CDE4F60F2DE 1091882 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$RHHDCML.exe

2013-11-25 17:34:45 9EF917BD6EB2C456BD0F7D04ACB1458F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$IFGGE85.exe

2013-11-25 17:34:11 AC65665AC81A3C5714411DDE32514514 4172288 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-494602320-2517612501-3084155922-1000\$RFGGE85.exe

2013-11-25 17:31:39 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G\VuuPC Packages\uninstaller.exe

2013-11-25 17:30:58 875C502755D37C253C417922969E7FD2 17682224 ----a-w- C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2DTSP1Y\Mobogenie_Setup_2.1.32_537[1].exe

2013-11-25 17:30:07 32C786DBAD3996296B9C4465D823697E 92869 ----a-w- C:\Program Files (x86)\AnyProtectEx\Uninstall.exe

2013-11-25 17:29:37 778ECD22927D56127D11A29FC9F13B23 20668464 ----a-w- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

2013-11-25 17:29:33 A581DE974BE6B494F722E4F472F0D73C 144568 ----a-w- C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7WKCA0S\ClickMeInGeneric[1].exe

2013-11-25 17:28:20 ED97246D5627F0BC21F7830BEC42ED8D 26774864 ----a-w- C:\Users\charlotte\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe

2013-11-25 17:15:04 76874123C258B0FE7A5E7E8F71555D52 10264904 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe

2013-11-25 10:03:28 96663C643B6B3E63EF8B1FF93109E637 7668704 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ClickMeInSetup.exe

2013-11-25 10:02:16 4BB92CB7EA897CE88AE1514967CEB4F0 62792 ------w- C:\Users\charlotte\AppData\Local\Temp\is45637729\174932_stp\ManualRegister.exe

2013-11-23 12:00:36 A9ACD7631CA7B40802185898052F3E1F 387152 ----a-w- C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe

2013-11-23 10:02:42 0803301107463ABB156DF520265AB8DF 765728 ------w- C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe

=== C: other files ==

2013-11-26 09:22:30 14A3344673E7127F491048236F8658AE 735830 ----a-w- C:\Users\Public\Desktop\sample_20132611_1122.zip

2013-11-25 17:35:19 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\modules.bat

2013-11-25 17:35:19 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\chrome.bat

2013-11-25 17:35:19 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\firefox.bat

2013-11-25 17:35:19 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\FWPolicy.bat

2013-11-25 17:35:19 B8AF52799C6359D40228B006C1432C57 16063 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\get.bat

2013-11-25 17:35:19 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\ask.bat

2013-11-25 17:35:19 87458834C37183459AA6F19EF5E06533 9099 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\runvalues.bat

2013-11-25 17:35:19 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\ev_clear.bat

2013-11-25 17:35:19 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\iexplore.bat

2013-11-25 17:35:19 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\delorphans.bat

2013-11-25 17:35:19 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\prelim.bat

2013-11-25 17:35:19 504CA0FC8BE3A47ECE89CEC2E5B21E67 10261 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\JRT.bat

2013-11-25 17:35:19 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\searchlnk.bat

2013-11-25 17:35:19 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\TDL4.bat

2013-11-25 17:35:19 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\medfos.bat

2013-11-25 17:35:19 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\delfolders.bat

2013-11-25 17:35:19 006F09DF7EB9E9E61935F16AF2B6DC71 150291 ----a-w- C:\Users\charlotte\AppData\Local\Temp\jrt\misc.bat

2013-11-25 17:24:47 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"Facebook Update"="C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Google Update"="C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l"

[HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"Facebook Update"="C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Google Update"="C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL"

"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP"

"NBAgent"="c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart"

"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"PSUNMain"="C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe /Traybar"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"

"iSkysoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"AnyProtect"="C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"

"mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"

"TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"Facebook Update"="C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Google Update"="C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\charlotte\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"

"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe"

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "

"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "

"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "

"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe "

"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"

"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"

"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "

"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

==== Startup Folders ======================

2013-07-10 13:29:47 1938 ----a-w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk

2011-02-07 14:41:59 2002 ----a-w- C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2010-04-22 07:24:02 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2010-04-22 07:24:02 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2013-01-06 13:53:08 1258 ----a-w- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job --a------ [undetermined Task]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/02/2011 11:10]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core.job --a------ C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe [08/02/2011 11:10]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA.job --a------ [undetermined Task]

C:\Windows\tasks\HP Photo Creations Communicator.job --a------ [undetermined Task]

C:\Windows\tasks\Start Registry Reviver for charlotte-pc@charlotte(logon).job --a------ C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [08/11/2012 11:25]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core" [C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA" [C:\Users\charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000Core" [C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-494602320-2517612501-3084155922-1000UA" [C:\Users\charlotte\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]

"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 2510 series" ["C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe"]

"C:\Windows\SysNative\tasks\Start Registry Reviver for charlotte-pc@charlotte(logon)" [C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{EA08EC40-86FC-413F-8AF8-84FEC2408928}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\{EC803146-307B-4AFB-8AD1-4A43278E6AD3}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"4f905b94d7ca1@4f905b94d7ca2.info"="C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\4f905b94d7ca1@4f905b94d7ca2.info" [20/04/2012 20:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default

- Bcool - %ProfilePath%\extensions\4f905b94d7ca1@4f905b94d7ca2.info

- Offer - %ProfilePath%\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com

- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\4f905b94d7ca1@4f905b94d7ca2.info deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\charlotte\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22/05/2013 09:24]

jhjjdgbhohaallcimgcmakfiobacimkm - C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx[]

ppjemjejnnojomfekgbpbbnecicblllf - C:\ProgramData\Bcool\ppjemjejnnojomfekgbpbbnecicblllf.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\charlotte\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]

Extended Protection - charlotte - Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

SiteAdvisor - charlotte - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

Google Wallet - charlotte - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nederlands.babylon.com_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nederlands.babylon.com_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhjjdgbhohaallcimgcmakfiobacimkm_0.localstorage deleted successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{3A2E8453-6593-4721-AD60-4128C8AFEA8F} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{8F9F13EF-B5FA-4862-AB88-2189DB045950} eBay Url="{searchTerms | eBay}"

{91563D78-6F5D-4287-944F-6D2C9998DB58} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"

==== Reset Google Chrome ======================

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3A2E8453-6593-4721-AD60-4128C8AFEA8F} deleted successfully

HKEY_USERS\S-1-5-21-494602320-2517612501-3084155922-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3A2E8453-6593-4721-AD60-4128C8AFEA8F} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C38184E-A74B-DCBE-6DDD-CD54457AB517} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A78C2438-AD78-5F9C-D7B4-0BF8340AAF60} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B51B2D61-EF4A-84B4-D39E-BC8ECBA3081F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ppjemjejnnojomfekgbpbbnecicblllf deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\charlotte\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\charlotte\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\171O40AW will be deleted at reboot

C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\charlotte\AppData\Local\Mozilla\Firefox\Profiles\py2l7xb7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\CHARLO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Common Files\DVDVideoSoft" not found

"C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\171O40AW" not found

"C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C" not found

"C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\assets.videostrip.com" not found

"C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\i.d.com.com" not found

"C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\resim.fullhdfilmizle.com" not found

"C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\tracking.onefeed.co.uk" not found

"C:\Users\charlotte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QDPQHJWR\www.ajaxcdn.org" not found

==== EOF on di 26/11/2013 at 12:54:52,08 ======================

Link naar reactie
Delen op andere sites

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  C:\Program Files (x86)\AnyProtectEx;fs
 C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69;fs
 C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe;f
 C:\autoexec.bat;f
 C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G;fs
 C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtectEx;fs
 C:\Users\Public\Desktop\sample_20132611_1122.zip;f
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r64
 "AnyProtect"=-;r64
 "mobilegeni daemon"=-;r64
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com;f
 C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C};fs
 C:\ProgramData\Bcool;fs
 C:\Program Files (x86)\BuzzSearch;fs
 autoclean;

  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.5 Updated 24-November-2013

Tool run by charlotte on di 26/11/2013 at 14:07:18,70.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\charlotte\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-11-26-105452.log 46600 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyProtect"=-

"mobilegeni daemon"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\ProgramData\Bcool not found

C:\Program Files (x86)\BuzzSearch not found

"C:\Users\charlotte\AppData\Local\Temp\is82122515\295927_stp\AnyProtectScannerSetup.exe" not found

C:\Program Files (x86)\AnyProtectEx deleted

C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted

C:\Users\charlotte\AppData\Roaming\0C1I1L1R1J0M1P0I1G deleted

C:\Users\charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtectEx deleted

C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} deleted

"C:\autoexec.bat" deleted

"C:\Users\Public\Desktop\sample_20132611_1122.zip" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome.manifest" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\install.rdf" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\manifest.xml" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins.json" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button1.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button2.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button3.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button4.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\button5.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\crossrider_statusbar.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon128.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon16.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon24.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\icon48.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\panelarrow-up.png" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\popup.html" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\skin.css" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin\update.css" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\background.html" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\baseObject.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\browser.xul" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\dialog.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\main.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\options.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\options.xul" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\search_dialog.xul" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\asyncDB.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\background.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\browserAction.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\contextMenu.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\dbManager.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\dom_bg.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\fileManager.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\firefox.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\firefoxNotifications.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\firefoxOmnibox.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\message.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\pageAction.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\request.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\tabs.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api\webRequest.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\console.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\consts.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\delegate.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\extensionDataStore.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\folderIOWrapper.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\httpObserver.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\IDBWrapper.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\installer.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\logFile.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\prefs.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\progressListenerObserver.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\registry.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\reloadObserver.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\reports.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\requestObject.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\searchSettings.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\uninstallObserver.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\updateManager.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\utils.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core\xhr.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\defaults\preferences\prefs.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\13_CrossriderAppUtils.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\14_CrossriderUtils.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\16_FFAppAPIWrapper.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\17_jQuery.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\1_base.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\21_debug.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\22_resources.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\28_initializer.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\47_resources_background.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\4_jquery_1_7_1.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\64_appApiMessage.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\72_appApiValidation.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\78_CrossriderInfo.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins\98_omniCommands.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\userCode\background.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\userCode\extension.js" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\locale\en-US\translations.dtd" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\defaults" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\locale" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\skin" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\api" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\chrome\content\core" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\defaults\preferences" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\plugins" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\extensionData\userCode" deleted

"C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\769269ae-ff87-4224-b776-75fb4c4d3502@f966e919-7c9e-4106-bd32-67f3a2b9c3c6.com\locale\en-US" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"4f905b94d7ca1@4f905b94d7ca2.info"="C:\Users\charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\py2l7xb7.default\extensions\4f905b94d7ca1@4f905b94d7ca2.info" []

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[22/05/2013 09:24]

SiteAdvisor - charlotte - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{8F9F13EF-B5FA-4862-AB88-2189DB045950} eBay Url="{searchTerms | eBay}"

{91563D78-6F5D-4287-944F-6D2C9998DB58} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\4f905b94d7ca1@4f905b94d7ca2.info deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\charlotte\AppData\Local\Mozilla\Firefox\Profiles\py2l7xb7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\charlotte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\CHARLO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTRBW48C" not found

==== EOF on di 26/11/2013 at 14:29:01,43 ======================

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.