Dubbele antivirus

  • lg

    Deze laptop had een dubbele antivirus draaien lavasoft en avg.

    Lavasoft verwijderd voor de zekerheid hirbij de logjes

    Malware heb ik 2 maal moet draaien om dat hij bleef hangen.

    Dus ook 2 logjes

    LG

    www.malwarebytes.org

    Databaseversie: v2014.01.22.09

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Bob en Hillie :: PC_VAN_BOBENHIL

    22-1-2014 19:49:22

    mbam-log-2014-01-22 (19-49-22).txt

    Scan type: Volledige scan (C:\|)

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 170324

    Verstreken tijd: 2 uur/uren, 38 minuut/minuten, 10 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 1

    C:\Users\Bob en Hillie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REBCJZ6D\SoftonicDownloader_voor_ad-aware-free-antivirus.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    alwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.01.22.09

    Windows Vista Service Pack 2 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Bob en Hillie :: PC_VAN_BOBENHIL

    22-1-2014 22:28:14

    mbam-log-2014-01-22 (22-28-14).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 207414

    Verstreken tijd: 16 minuut/minuten, 59 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Bob en Hillie at 2014-01-23 09:50:27

    Microsoft® Windows Vista™ Home Basic Service Pack 2

    System drive C: has 57 GB (54%) free of 106 GB

    Total RAM: 1790 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 9:51:39, on 23-1-2014

    Platform: Windows Vista SP2 (WinNT 6.00.1906)

    MSIE: Internet Explorer v9.00 (9.00.8112.16526)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Powercinema\PCMService.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\AVG\AVG2014\avgui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    C:\Users\Bob en Hillie\Desktop\RSIT.exe

    C:\Program Files\trend micro\Bob en Hillie.exe

    C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: “c:\Program Files\Powercinema\PCMService.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2014\avgui.exe” /TRAYONLY

    O4 - HKCU\..\Run: C:\Program Files\windows sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-18\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘SYSTEEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘Default user’)

    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249135194638

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe

    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe

    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    End of file - 8402 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    C:\Windows\tasks\HP Photo Creations Messager.job

    C:\Windows\tasks\Recovery DVD Creator.job

    C:\Windows\tasks\Uitgebreide garantie.job

    ======Registry dump======

    Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll

    “RtHDVCpl”=C:\Windows\RtHDVCpl.exe

    “SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    “PCMService”=c:\Program Files\Powercinema\PCMService.exe

    “Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    “Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    “MSC”=c:\Program Files\Microsoft Security Client\msseces.exe

    “SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe

    “Skytel”=C:\Windows\Skytel.exe

    “AVG_UI”=C:\Program Files\AVG\AVG2014\avgui.exe

    “Sidebar”=C:\Program Files\windows sidebar\sidebar.exe

    “ISUSPM”=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAzADgANAAwADYANwA4ADQALQBUADQALQBYAEwAKwAxAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBGADkATQA2ACsAMQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAFgATwA5ACsAMQAtAEYAOQBNADMAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAyADgANwA2ADEALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGADkAMABVAFUARQArADMALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAFMAVABGADkAMABVAFUARQAxACsAMQAtAFMAVABGADkAMABVAFUARQAyACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxADEALQBWAEkAUAAxADIAKwAxAA&prod=90&ver=9.0.894

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    C:\Windows\Skytel.exe

    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Zune\ZuneLauncher.exe

    C:\Windows\system32\RunDll32.exe

    C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE

    C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE

    “AppInit_DLLs”=“C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL”

    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “EnableUIADesktopToggle”=0

    “EnableSecureUIAPath”=1

    “NoDriveTypeAutoRun”=145

    “BindDirectlyToPropertySetStorage”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “VIDC.UYVY”=msyuv.dll

    “VIDC.YUY2”=msyuv.dll

    “VIDC.YVYU”=msyuv.dll

    “VIDC.IYUV”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “VIDC.YVU9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “vidc.cvid”=iccvid.dll

    “MSVideo8”=VfWWDM32.dll

    “msacm.l3codecp”=

    “msacm.siren”=sirenacm.dll

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2014-01-22 22:56:44 —-D—- C:\rsit

    2014-01-22 19:47:37 —-D—- C:\Program Files\Malwarebytes' Anti-Malware

    2014-01-22 19:47:37 —-A—- C:\Windows\system32\drivers\mbam.sys

    2014-01-22 19:18:47 —-SHD—- C:\Config.Msi

    2014-01-20 21:01:09 —-D—- C:\Users\Bob en Hillie\AppData\Roaming\LavasoftStatistics

    2014-01-20 19:55:14 —-D—- C:\Users\Bob en Hillie\AppData\Roaming\SecureSearch

    2014-01-20 19:26:06 —-D—- C:\Users\Bob en Hillie\AppData\Roaming\AVG2014

    2014-01-20 19:24:46 —-D—- C:\Users\Bob en Hillie\AppData\Roaming\TuneUp Software

    2014-01-20 19:23:09 —-D—- C:\ProgramData\AVG2014

    ======List of files/folders modified in the last 1 month======

    2014-01-23 09:50:30 —-D—- C:\Program Files\trend micro

    2014-01-23 09:50:28 —-D—- C:\Windows\Temp

    2014-01-23 09:48:37 —-D—- C:\ProgramData\MFAData

    2014-01-22 22:58:48 —-D—- C:\Windows\system32\drivers

    2014-01-22 22:48:19 —-D—- C:\Windows\WindowsMobile

    2014-01-22 19:47:37 —-RD—- C:\Program Files

    2014-01-22 19:30:41 —-HD—- C:\ProgramData

    2014-01-22 19:23:14 —-SHD—- C:\Windows\Installer

    2014-01-22 19:21:26 —-SHD—- C:\System Volume Information

    2014-01-22 19:20:51 —-D—- C:\Program Files\Lavasoft

    2014-01-22 19:20:45 —-D—- C:\ProgramData\Lavasoft

    2014-01-22 19:19:25 —-AD—- C:\Windows\System32

    2014-01-22 19:18:56 —-D—- C:\Program Files\Common Files

    2014-01-22 19:16:43 —-D—- C:\Program Files\CCleaner

    2014-01-21 17:44:03 —-D—- C:\Windows\inf

    2014-01-21 17:44:03 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-01-21 17:35:11 —-D—- C:\Windows

    2014-01-20 20:12:50 —-D—- C:\ProgramData\Oracle

    2014-01-20 20:07:29 —-D—- C:\Program Files\Java

    2014-01-20 19:51:47 —-HD—- C:\Windows\system32\GroupPolicy

    2014-01-20 19:47:30 —-D—- C:\Windows\system32\catroot2

    2014-01-20 19:25:30 —-D—- C:\Windows\Prefetch

    2014-01-20 19:21:44 —-D—- C:\Program Files\AVG

    2014-01-19 14:33:52 —-D—- C:\ProgramData\Norton

    2014-01-19 08:32:23 —-N—- C:\Windows\system32\MpSigStub.exe

    2014-01-15 16:00:11 —-D—- C:\ProgramData\Microsoft Help

    2014-01-15 15:58:50 —-D—- C:\Windows\system32\MRT

    2014-01-15 15:55:32 —-A—- C:\Windows\system32\mrt.exe

    2014-01-07 20:44:53 —-D—- C:\Users\Bob en Hillie\AppData\Roaming\HpUpdate

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys

    R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys

    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys

    R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys

    R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys

    R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys

    R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys

    R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys

    R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys

    R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys

    R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys

    R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys

    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys

    R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys

    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys

    R3 Cam5603D;USB2.0 350K WebCam; C:\Windows\System32\Drivers\BisonCam.sys

    R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys

    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys

    R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys

    R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys

    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys

    R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys

    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys

    R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys

    S0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys

    S3 Dot4;Microsoft IEEE-1284.4-stuurprogramma; C:\Windows\system32\DRIVERS\Dot4.sys

    S3 Dot4Print;Stuurprogramma voor printerklasse voor IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys

    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys

    S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys

    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys

    S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys

    S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys

    S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys

    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys

    S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys

    S3 WinUSB;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.sys

    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe

    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe

    R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe

    R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe

    R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe

    R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe

    R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe

    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe

    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 CLSched;CyberLink Task Scheduler (CTS); c:\Program Files\Powercinema\Kernel\TV\CLSched.exe

    S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe

    S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

    S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe

    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

    —————–EOF—————–

  • fazantje

    Hoi LG,

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Download Zoek.exe naar het bureaublad.

    Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren.

    Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    Windows XP: dubbelklik op Zoek.exe om de tool te starten.

    Windows Vista, 7 en 8: Klik met de rechtermuisknop en kies voor Als Administrator uitvoeren.

    Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    firefoxlook;

    emptyclsid;

    torpigcheck;

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    Klik nu op de knop “Run script”.

    Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    Post het geopende logje in het volgende bericht.

    Succes,

    Huib;)

  • lg

    Zoals gevraagd

    Zoek.exe v5.0.0.0 Updated 22-Januari-2014

    Tool run by Bob en Hillie on do 23-01-2014 at 10:57:46,94.

    Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Bob en Hillie\Desktop\zoek.exe

    ==== System Restore Info ======================

    23-1-2014 10:59:11 Zoek.exe System Restore Point Created Succesfully.

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll

    ==== Empty Folders Check ======================

    C:\Program Files\MSXML 4.0 deleted successfully

    C:\ProgramData\Oracle deleted successfully

    C:\Users\Bob en Hillie\AppData\Roaming\Reviversoft deleted successfully

    C:\Users\Bob en Hillie\AppData\Roaming\Windows Live Writer deleted successfully

    C:\Users\Bob en Hillie\AppData\Local\Unity deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-811046315-3372952122-3516781338-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully

    HKEY_USERS\S-1-5-21-811046315-3372952122-3516781338-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AE6965E1-7342-44AC-9A21-B7185A1C4BF7} deleted successfully

    HKEY_USERS\S-1-5-21-811046315-3372952122-3516781338-1002\Software\Microsoft\Internet Explorer\SearchScopes\{E93104E9-280F-4C71-8979-19C3AF948457} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-811046315-3372952122-3516781338-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully

    HKEY_USERS\S-1-5-21-811046315-3372952122-3516781338-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully

    ==== Running Processes ======================

    C:\Windows\System32\smss.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\system32\Ati2evxx.exe

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\Ati2evxx.exe

    C:\Program Files\ATK Hotkey\ASLDRSrv.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\AVG\AVG2014\avgwdsvc.exe

    c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\taskeng.exe

    c:\Program Files\Microsoft Security Client\NisSrv.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Program Files\ATK Hotkey\Hcontrol.exe

    C:\Program Files\ATK Hotkey\ATKOSD.exe

    C:\Windows\RtHDVCpl.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Powercinema\PCMService.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\AVG\AVG2014\avgui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe

    C:\Windows\system32\conime.exe

    C:\Users\Bob en Hillie\Desktop\zoek.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    ==== Deleting Services ======================

    ==== FireFox Fix ======================

    ProfilePath: C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default

    —- Lines Softonic removed from prefs.js —-

    user_pref(“browser.startup.homepage”, “http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=a0c4b3330000000000000015af3ce758&toi=16090”);

    user_pref(“browser.search.selectedEngine”, “Search the web (Softonic)”);

    —- Lines Softonic removed from user.js —-

    user_pref(“extensions.Softonic.hpOld0”, “http://startpagina.nl/”);

    user_pref(“extensions.Softonic.tlbrSrchUrl”, “http://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&mi=a0c4b3330000000000000015af3ce758&toi=16090&q=”);

    user_pref(“extensions.Softonic.id”, “a0c4b3330000000000000015af3ce758”);

    user_pref(“extensions.Softonic.appId”, “{7ABBFE1C-E485-44AA-8F36-353751B4124D}”);

    user_pref(“extensions.Softonic.instlDay”, “16090”);

    user_pref(“extensions.Softonic.vrsn”, “1.8.29.3”);

    user_pref(“extensions.Softonic.vrsni”, “1.8.29.3”);

    user_pref(“extensions.Softonic.vrsnTs”, “1.8.29.319:51:21”);

    user_pref(“extensions.Softonic.prtnrId”, “softonic”);

    user_pref(“extensions.Softonic.prdct”, “Softonic”);

    user_pref(“extensions.Softonic.aflt”, “SD”);

    user_pref(“extensions.Softonic.smplGrp”, “none”);

    user_pref(“extensions.Softonic.tlbrId”, “2013desingbrand”);

    user_pref(“extensions.Softonic.instlRef”, “MOY00011”);

    user_pref(“extensions.Softonic.dfltLng”, “nl”);

    user_pref(“extensions.Softonic.excTlbr”, false);

    user_pref(“extensions.Softonic.ffxUnstlRst”, false);

    user_pref(“extensions.Softonic.admin”, false);

    user_pref(“extensions.Softonic.autoRvrt”, “false”);

    user_pref(“extensions.Softonic.rvrt”, “false”);

    user_pref(“extensions.Softonic.hmpg”, true);

    user_pref(“extensions.Softonic.hmpgUrl”, “http://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=&mi=a0c4b3330000000000000015af3ce758&toi=16090”);

    user_pref(“extensions.Softonic.dfltSrch”, true);

    user_pref(“extensions.Softonic.srchPrvdr”, “Search the web (Softonic)”);

    user_pref(“extensions.Softonic.kw_url”, “http://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&mi=a0c4b3330000000000000015af3ce758&toi=16090&q=”);

    user_pref(“extensions.Softonic.dnsErr”, true);

    user_pref(“extensions.Softonic.newTab”, true);

    user_pref(“extensions.Softonic.newTabUrl”, “http://search.softonic.com/MOY00011/tb_v1/?SearchSource=15&cc=&mi=a0c4b3330000000000000015af3ce758&toi=16090”);

    —- FireFox user.js and prefs.js backups —-

    user_23-01-2014_1113_.backup

    prefs_23-01-2014_1113_.backup

    ProfilePath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\m11mv1qi.default

    user.js not found

    —- FireFox user.js and prefs.js backups —-

    prefs_23-01-2014_1113_.backup

    ==== Deleting Files \ Folders ======================

    C:\Users\Bob en Hillie\AppData\Roaming\SecureSearch deleted

    C:\ProgramData\APN deleted

    C:\Users\Bob en Hillie\AppData\Local\kwaeqt.bat deleted

    C:\Users\Bob en Hillie\AppData\LocalLow\Softonic deleted

    C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\GoogleToolbarData deleted

    C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\m11mv1qi.default\.autoreg deleted

    C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\m11mv1qi.default\GoogleToolbarData deleted

    “C:\Users\Bob en Hillie\AppData\Local\{45BE776B-9F84-4691-97F8-72AEB8B959EF}” deleted

    “C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default\searchplugins\softonic.xml” deleted

    ==== System Specs ======================

    Windows: Windows Vista Home Basic Edition Service Pack 2 (Build 6002)

    Memory (RAM): 1791 MB

    CPU Info: Mobile AMD Sempron™ Processor 3600+

    CPU Speed: 1975,3 MHz

    Sound Card: Luidsprekers (Realtek High Defi |

    Realtek Digital Output (Realtek |

    Display Adapters: ATI Radeon Xpress 1200 | ATI Radeon Xpress 1200 | RDPDD Chained DD | RDP Encoder Mirror Driver

    Monitors: 1x; Algemeen PnP-beeldscherm |

    Screen Resolution: 1280 X 800 - 32 bit

    Network: Network Present

    Network Adapters: Atheros AR5007EG Wireless Network Adapter | Realtek RTL8139/810x Family Fast Ethernet NIC

    CD / DVD Drives: 1x (D: | ) D: MATSHITAUJ-850D

    Ports: COM Ports NOT Present. LPT Port NOT Present.

    Mouse: 5 Button Wheel Mouse Present

    Hard Disks: C: 103,8GB

    Hard Disks - Free: C: 55,4GB

    Manufacturer *: American Megatrends Inc.

    BIOS Info: AT/AT COMPATIBLE | 07/02/07 | PacBel - 20070702

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: PACKARD BELL BV T12UV

    Country: Nederland

    Language: NLD

    ==== System Specs (Software) ======================

    Anti-Virus: AVG AntiVirus 2014 On-access scanning disabled (Outdated)

    Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Anti-Spyware: AVG AntiVirus 2014 disabled (Outdated)

    Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

    Internet Explorer Version: 9.0.8112.16421

    Adobe Reader version: 8.3.1.289

    Shockwave Player version: 11.6r626

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    ====== C:\Users\BOBENH~1\AppData\Local\Temp ====

    2014-01-20 18:51:19 8363FEA33D20C9D1F0D6ABE8BA79F13C 4040952 —-a-w- C:\Users\Bob en Hillie\AppData\Local\Temp\e85b8a97-772f-41e9-b3fe-b1c671cf3038.exe

    2014-01-20 18:46:16 9C62C647FEF0F4E6B8E0B7E5AF337118 2085320 —-a-w- C:\Users\Bob en Hillie\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe

    ====== Java Cache =====

    ====== C:\Windows\system32 =====

    ====== C:\Windows\system32\drivers =====

    2014-01-22 18:47:37 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    ======= C: =====

    ====== C:\Users\Bob en Hillie\AppData\Roaming ======

    2014-01-20 20:01:09 ——– d—–w- C:\Users\Bob en Hillie\AppData\Roaming\LavasoftStatistics

    2014-01-20 18:26:06 ——– d—–w- C:\Users\Bob en Hillie\AppData\Roaming\AVG2014

    2014-01-20 18:25:18 ——– d—–w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2014

    2014-01-20 18:24:46 ——– d—–w- C:\Users\Bob en Hillie\AppData\Roaming\TuneUp Software

    2014-01-20 18:21:47 ——– d—–w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014

    2014-01-20 18:17:48 ——– d—–w- C:\Users\Bob en Hillie\AppData\Local\Avg2014

    ====== C:\Users\Bob en Hillie ======

    2014-01-22 21:55:57 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Bob en Hillie\Desktop\RSIT.exe

    2014-01-20 18:53:17 02C1EE40968BAA67C3A785CDA9807125 262 –sha-r- C:\Users\Bob en Hillie\ntuser.pol

    2014-01-20 18:24:47 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    2014-01-20 18:23:09 ——– d—–w- C:\ProgramData\AVG2014

    ====== C: exe-files ==

    === C: other files ==

    ==== Startup Registry Enabled ======================

    “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe”

    “WindowsWelcomeCenter”=“rundll32.exe oobefldr.dll,ShowWelcomeCenter”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”

    “WindowsWelcomeCenter”=“rundll32.exe oobefldr.dll,ShowWelcomeCenter”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”

    “Sidebar”=“C:\Program Files\windows sidebar\sidebar.exe /autoRun”

    “ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler”

    “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe”

    “RtHDVCpl”=“RtHDVCpl.exe”

    “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”

    “PCMService”=“c:\Program Files\Powercinema\PCMService.exe”

    “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    “Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”

    “SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    “Skytel”=“Skytel.exe”

    “AVG_UI”=“C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY”

    “Sidebar”=“C:\Program Files\windows sidebar\sidebar.exe /autoRun”

    “ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler”

    “AppInit_DLLs”=“C:\\PROGRA~1\\GOOGLE\\GOOGLE~3\\GOEC62~1.DLL”

    ==== Startup Registry Disabled ======================

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce”

    “item”=“AvgUninstallURL”

    “hkey”=“HKLM”

    “command”=“cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA\”&\“inst=NwA3AC0ANAAzADgANAAwADYANwA4ADQALQBUADQALQBYAEwAKwAxAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBGADkATQA2ACsAMQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAFgATwA5ACsAMQAtAEYAOQBNADMAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAyADgANwA2ADEALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGADkAMABVAFUARQArADMALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAFMAVABGADkAMABVAFUARQAxACsAMQAtAFMAVABGADkAMABVAFUARQAyACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxADEALQBWAEkAUAAxADIAKwAxAA\”&\“prod=90\”&\“ver=9.0.894”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“GrooveMonitor”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“HP Software Update”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“ISUSPM”

    “hkey”=“HKCU”

    “command”=“\”C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\“ -scheduler”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“RoxWatchTray”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Skytel”

    “hkey”=“HKLM”

    “command”=“Skytel.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“SmpcSys”

    “hkey”=“HKCU”

    “command”=“C:\\Program Files\\Packard Bell\\SetUpMyPC\\SmpSys.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“StartCCC”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“toolbar_eula_launcher”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Windows Defender”

    “hkey”=“HKLM”

    “command”=“%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Zune Launcher”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Zune\\ZuneLauncher.exe\“”

    “item”=“Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk)”

    “path”=“C:\\Users\\Bob en Hillie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk”

    “backup”=“C:\\Windows\\pss\\Inktwaarschuwingen controleren - HP Deskjet 3070 B611 series (netwerk).lnk.Startup”

    “backupExtension”=“.Startup”

    “command”=“C:\\Windows\\system32\\RunDll32.exe”

    “item”=“Mediacontrole Picture Motion Browser”

    “path”=“C:\\Users\\Bob en Hillie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Mediacontrole Picture Motion Browser.lnk”

    “backup”=“C:\\Windows\\pss\\Mediacontrole Picture Motion Browser.lnk.Startup”

    “backupExtension”=“.Startup”

    “command”=“C:\\PROGRA~1\\Sony\\SONYPI~1\\VOLUME~1\\SPUVOL~1.EXE”

    “item”=“OneNote 2007 Schermopname en Snel starten”

    “path”=“C:\\Users\\Bob en Hillie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk”

    “backup”=“C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup”

    “backupExtension”=“.Startup”

    “command”=“C:\\PROGRA~1\\MICROS~2\\Office12\\ONENOTEM.EXE”

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\HP Photo Creations Messager.job –a—— C:\ProgramData\HP Photo Creations\MessageCheck.exe

    C:\Windows\tasks\Recovery DVD Creator.job –a—— C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe

    C:\Windows\tasks\Uitgebreide garantie.job –a—— C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\system32\tasks\0”

    “C:\Windows\system32\tasks\4786”

    “C:\Windows\system32\tasks\Ad-Aware Update (Weekly)”

    “C:\Windows\system32\tasks\Adobe Flash Player Updater”

    “C:\Windows\system32\tasks\CCleanerSkipUAC”

    “C:\Windows\system32\tasks\CreateChoiceProcessTask”

    “C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore”

    “C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA”

    “C:\Windows\system32\tasks\HP Photo Creations Messager”

    “C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3070 B611 series”

    “C:\Windows\system32\tasks\Norton WSC Integration”

    “C:\Windows\system32\tasks\Recovery DVD Creator”

    “C:\Windows\system32\tasks\Start Registry Reviver”

    “C:\Windows\system32\tasks\Uitgebreide garantie”

    “C:\Windows\system32\tasks\User_Feed_Synchronization-{91E7323F-F0F2-486D-87D1-D81FB9C59212}”

    “C:\Windows\system32\tasks\{E13F7F08-0A30-42A8-BE1D-64B06BB237EA}”

    “C:\Windows\system32\tasks\Norton 360\Norton Error Analyzer”

    “C:\Windows\system32\tasks\Norton 360\Norton Error Processor”

    ==== Folders in C:\ProgramData 0-6 Months Old ======================

    2013-09-20 09:01:31 ——– d—–w- C:\ProgramData\Malwarebytes

    2013-09-20 12:39:42 ——– d—–w- C:\ProgramData\Sun

    2014-01-20 18:23:09 ——– d—–w- C:\ProgramData\AVG2014

    ==== Firefox Extensions Registry ======================

    “{20a82645-c095-46ed-80e3-08825760534b}”=“c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension”

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\Bob en Hillie\AppData\Roaming\Mozilla\Firefox\Profiles\deo5p4j7.default

    - Default Manager - %ProfilePath%\extensions\DefaultManager@Microsoft

    - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    - Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

    ProfilePath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\m11mv1qi.default

    - Undetermined - C:\PROGRA~1\MOZILL~1\extensions\packardbell@partners.mozilla.com

    - Undetermined - C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org

    - Undetermined - %ProfilePath%\extensions\staged-xpis

    - Undetermined - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

    AppDir: C:\Program Files\Mozilla Firefox

    - Google Toolbar for Firefox - %AppDir%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

    ==== Firefox Plugins ======================

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://www.startnederland.nl/”

    “DefaultScope”=“{E93104E9-280F-4C71-8979-19C3AF948457}”

    not found

    New Values:

    “Start Page”=“http://www.startnederland.nl/”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher deleted successfully

    ==== HijackThis Entries ======================

    O1 - Hosts: ::1 localhost

    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O4 - HKLM\..\Run: RtHDVCpl.exe

    O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: “c:\Program Files\Powercinema\PCMService.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

    O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: Skytel.exe

    O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2014\avgui.exe” /TRAYONLY

    O4 - HKCU\..\Run: C:\Program Files\windows sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-18\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘SYSTEEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘Default user’)

    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249135194638

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe

    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe

    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    ==== Empty IE Cache ======================

    C:\Users\Bob en Hillie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Bob en Hillie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

    ==== Empty FireFox Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\m11mv1qi.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    No Chrome User Data found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=13 folders=8 44181 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Users\Bob en Hillie\AppData\Local\Temp will be emptied at reboot

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\BOBENH~1\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    “C:\Users\Bob en Hillie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found

    ==== EOF on do 23-01-2014 at 11:29:59,41 ======================

  • fazantje

    Hoi LG,

    Ik was vergeten om de dubbele scanners er bij te zetten:o

    Zou je zoek nogmaals willen uitvoeren en de volgende code willen doen:

    C:\Program Files\Lavasoft;fs

    C:\ProgramData\Lavasoft;fs

    C:\ProgramData\Norton;fs

    c:\Program Files\Microsoft Security Client;fs

    MsMpSvc;s

    NisSrv;s

    Klik nogmaals op de knop “Run script”.

    Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    Post het geopende logje in het volgende bericht.

    Sorry en succes,

    Groetjes Huib;)

  • lg

    Tweede zoekexe

    Zoek.exe v5.0.0.0 Updated 22-Januari-2014

    Tool run by Bob en Hillie on do 23-01-2014 at 11:45:43,43.

    Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Bob en Hillie\Desktop\zoek.exe

    ==== Older Logs ======================

    C:\zoek-results2014-01-23-102959.log 34048 bytes

    ==== Deleting Services ======================

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc deleted successfully

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc deleted successfully

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\MsMpSvc deleted successfully

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\MsMpSvc deleted successfully

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MsMpSvc deleted successfully

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NisSrv deleted successfully

    ==== Deleting Files \ Folders ======================

    C:\Program Files\Lavasoft deleted

    C:\ProgramData\Lavasoft deleted

    “c:\Program Files\Microsoft Security Client\DbgHelp.dll” not deleted

    “c:\Program Files\Microsoft Security Client\EppManifest.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpAsDesc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpClient.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MpCommu.dll” not deleted

    “c:\Program Files\Microsoft Security Client\mpevmsg.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpOAv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpRTP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpSvc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpCom.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpEng.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpLics.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\msseces.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsseWat.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisIpsPlugin.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisLog.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisSrv.exe” not deleted

    “c:\Program Files\Microsoft Security Client\NisWFP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\Setup.exe” not deleted

    “c:\Program Files\Microsoft Security Client\SetupRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\shellext.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SqmApi.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.yes” not deleted

    “c:\Program Files\Microsoft Security Client\nl-nl\MsMpRes.dll.mui” deleted

    “c:\Program Files\Microsoft Security Client\nl-nl\shellext.dll.mui” deleted

    “C:\ProgramData\Norton” deleted

    “c:\Program Files\Microsoft Security Client” not deleted

    “c:\Program Files\Microsoft Security Client\nl-nl” not deleted

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=94 folders=36 40079747 bytes)

    ==== After Reboot ======================

    ==== Deleting Files / Folders ======================

    “c:\Program Files\Microsoft Security Client\DbgHelp.dll” not deleted

    “c:\Program Files\Microsoft Security Client\EppManifest.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpAsDesc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpClient.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MpCommu.dll” not deleted

    “c:\Program Files\Microsoft Security Client\mpevmsg.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpOAv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpRTP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpSvc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpCom.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpEng.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpLics.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\msseces.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsseWat.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisIpsPlugin.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisLog.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisSrv.exe” not deleted

    “c:\Program Files\Microsoft Security Client\NisWFP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\Setup.exe” not deleted

    “c:\Program Files\Microsoft Security Client\SetupRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\shellext.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SqmApi.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.yes” not deleted

    “c:\Program Files\Microsoft Security Client” not deleted

    ==== EOF on do 23-01-2014 at 11:50:34,40 ======================

  • Ben

    Hallo,

    Voer zoek.exe nogmaals uit met de volgende code;

    C:\Users\Bob en Hillie\AppData\Roaming\LavasoftStatistics;fs

    ;r

    “MSC”=-;r

    c:\Program Files\Microsoft Security Client;fs

    C:\Windows\system32\tasks\Ad-Aware Update (Weekly);f

    C:\Windows\system32\tasks\Norton WSC Integration;f

    C:\Windows\system32\tasks\Norton 360;f

    Plaats het verkregen logje.

    Download Ccleaner

    Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome (helaas) mee geinstalleerd.

    Je moet tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd word.

    Installeer CCleaner en start CCleaner op.

    • Klik in de linkse kolom op Cleaner.

    • Klik achtereenvolgens op Analyseren en Opschonen.

    • Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.

    • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.

    • Dan krijg je de vraag om een back-up te maken, klik op JA en kies dan Herstel alle geselecteerde fouten.

    • Sluit hierna CCleaner af.

  • lg

    Zoals gevraagd.

    Ccleaner wordt door mij altijd gebruikt voor dat ik begin, maar laat hem weer draaien.

    Zoek.exe v5.0.0.0 Updated 22-Januari-2014

    Tool run by Bob en Hillie on do 23-01-2014 at 12:10:25,82.

    Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Bob en Hillie\Desktop\zoek.exe

    ==== Older Logs ======================

    C:\zoek-results2014-01-23-102959.log 34048 bytes

    C:\zoek-results2014-01-23-105034.log 5438 bytes

    ==== Registry Fix Code ======================

    Windows Registry Editor Version 5.00

    “MSC”=-

    ==== Deleting Files \ Folders ======================

    C:\Users\Bob en Hillie\AppData\Roaming\LavasoftStatistics deleted

    “C:\Windows\system32\tasks\Ad-Aware Update (Weekly)” deleted

    “C:\Windows\system32\tasks\Norton WSC Integration” deleted

    “C:\Windows\system32\tasks\Norton 360\Norton Error Analyzer” deleted

    “C:\Windows\system32\tasks\Norton 360\Norton Error Processor” deleted

    “c:\Program Files\Microsoft Security Client\DbgHelp.dll” not deleted

    “c:\Program Files\Microsoft Security Client\EppManifest.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpAsDesc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpClient.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MpCommu.dll” not deleted

    “c:\Program Files\Microsoft Security Client\mpevmsg.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpOAv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpRTP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpSvc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpCom.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpEng.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpLics.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\msseces.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsseWat.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisIpsPlugin.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisLog.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisSrv.exe” not deleted

    “c:\Program Files\Microsoft Security Client\NisWFP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\Setup.exe” not deleted

    “c:\Program Files\Microsoft Security Client\SetupRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\shellext.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SqmApi.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.yes” not deleted

    “C:\Windows\system32\tasks\Norton 360” deleted

    “c:\Program Files\Microsoft Security Client” not deleted

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=99 folders=38 40094517 bytes)

    ==== After Reboot ======================

    ==== Deleting Files / Folders ======================

    “c:\Program Files\Microsoft Security Client\DbgHelp.dll” not deleted

    “c:\Program Files\Microsoft Security Client\EppManifest.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpAsDesc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpClient.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpCmdRun.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MpCommu.dll” not deleted

    “c:\Program Files\Microsoft Security Client\mpevmsg.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpOAv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpRTP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MpSvc.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpCom.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpEng.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpLics.dll” not deleted

    “c:\Program Files\Microsoft Security Client\MsMpRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\msseces.exe” not deleted

    “c:\Program Files\Microsoft Security Client\MsseWat.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisIpsPlugin.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisLog.dll” not deleted

    “c:\Program Files\Microsoft Security Client\NisSrv.exe” not deleted

    “c:\Program Files\Microsoft Security Client\NisWFP.dll” not deleted

    “c:\Program Files\Microsoft Security Client\Setup.exe” not deleted

    “c:\Program Files\Microsoft Security Client\SetupRes.dll” not deleted

    “c:\Program Files\Microsoft Security Client\shellext.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SqmApi.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.dll” not deleted

    “c:\Program Files\Microsoft Security Client\SymSrv.yes” not deleted

    “c:\Program Files\Microsoft Security Client” not deleted

    ==== EOF on do 23-01-2014 at 12:15:07,23 ======================

  • Ben

    >>> Ccleaner wordt door mij altijd gebruikt voor dat ik begin, maar laat hem weer draaien.<<<

    Dat kan je beter naderhand doen (tu)

    Zijn er nog verdere problemen?

  • lg

    Oké niets meer gezien van lavasoft.

    Laptop draait weer normaal

    Bedankt

    Lg

  • Ben

    Hallo,

    Dat is mooi, bedankt en graag gedaan ook namens Huib.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.