virusmelding van avast en vragen om opstartscan

  • Harry(O)

    hoi virus helpers

    Ik werk met een toshiba laptop met win 7 en avast als virusscanner.

    telkens na de opstart komt na enkele min. avast met een melding van een virus in:

    C:\user\……\OppData\local\mediaget LLC\Mediaget2\update.exe

    mediaget-atm-proxy.exe is geinfecteerd met Win 32: pup-gen (pup)

    C:\user\…..\OppData\local\Temp\half-open-check.exe

    Na het doen van een opstartscan komt de melding opnieuw.

    zelfs na enkele malen opnieuw scannen.

    Of het er mee te maken heeft weet ik niet maar ook heb ik veel last van pop up schermpjes in zowel firefox als Grome.

    Het betreffen advertentie pop ups

    Ook al een paar maand last van een melding bij het opstarten van: Runtime error 2 at 00004AD4

    dit kwam bij elke opstart. Alleen de laatste 2 dagen wordt deze melding minder en start de pc vaker op zonder deze melding dan met.

    Maar dit worden, denk ik, te veel meldingen in één topic

    dus svp liever eerst de avast melding en de pop ups

    (bij mijn hoofd PC met vista en avast heeft zich dit probleem ook voor gedaan maar was na een mbam scan en een opstartscan verholpen)

    hier de gevraagde logjes

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.02.13.02

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 10.0.9200.16736

    hov :: LAPPIE

    15-2-2014 18:16:23

    mbam-log-2014-02-15 (18-16-23).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 293138

    Verstreken tijd: 8 minuut/minuten, 49 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by hov at 2014-02-15 18:27:00

    Microsoft Windows 7 Home Premium Service Pack 1

    System drive C: has 67 GB (57%) free of 119 GB

    Total RAM: 2812 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 18:27:06, on 15-2-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v10.0 (10.00.9200.16736)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe

    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

    C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

    C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

    C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe

    C:\Program Files\trend micro\hov.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Lexmark 9300 Series\fm3032.exe” /s

    O4 - HKLM\..\Run: “C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe” autorun

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: “c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe” /WinStart

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Alwil Software\Avast5\AvastUI.exe” /nogui

    O4 - HKCU\..\Run: C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe –minimized

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=service

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-18\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘Default user’)

    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Update-agent.lnk = ?

    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O20 - AppInit_DLLs: c:\progra~2\sk-enh~1\psupport.dll c:\progra~3\webtect\webtect.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe

    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    O23 - Service: BsHelpCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: lxcq_device - - C:\Windows\system32\lxcqcoms.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 12790 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k NetworkService

    atieclxx

    “C:\Program Files\Alwil Software\Avast5\AvastSvc.exe”

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    “taskhost.exe”

    “C:\Windows\system32\Dwm.exe”

    C:\Windows\Explorer.EXE

    taskeng.exe {BB7F7A05-66F7-4DDD-AAD6-767A13440C16}

    “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /c

    “C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe”

    “C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe”

    “C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe”

    “C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe”

    “C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s

    “C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe” /FORPCEE3

    “C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe” –minimized

    “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=service

    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

    “C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe” autorun

    “C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe” /WinStart

    “C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE” /tsr

    “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM”

    “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”

    taskeng.exe {2DFCC268-3979-4328-9325-0486F536AEBA}

    “C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe”

    “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0

    “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

    “C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe”

    “C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe” -background 3220

    “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe”

    \??\C:\Windows\system32\conhost.exe "1512017962-870224217213549271-196367386191467618448286364-1067760340781265896

    C:\Windows\system32\lxcqcoms.exe -service

    “c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe”

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\TODDSrv.exe

    “C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe”

    “C:\Program Files\TOSHIBA\TECO\TecoService.exe”

    “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”

    “C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe”

    WLIDSvcM.exe 3816

    “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe”

    C:\Windows\system32\SearchIndexer.exe /Embedding

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    “C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe”

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    “C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe”

    “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    “C:\Program Files\Alwil Software\Avast5\AvastUI.exe” /nogui

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    “C:\Program Files (x86)\Mozilla Firefox\firefox.exe”

    “C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe”

    “C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe”

    C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

    “C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe” –channel=2496.1173ae00.1722163142 “C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll” -greomni “C:\Program Files (x86)\Mozilla Firefox\omni.ja” -appomni “C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja” -appdir “C:\Program Files (x86)\Mozilla Firefox\browser” E7CF176E110C211B 2496 “\\.\pipe\gecko-crash-server-pipe.2496” plugin

    “C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe” –proxy-stub-channel=Flash1752.5FF8C768.26828 –host-broker-channel=Flash1752.5FF8C768.12210 –host-pid=1752 –host-npapi-version=27 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll”

    “C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe” –channel=1868.003BF710.1993294198 –proxy-stub-channel=Flash1752.5FF8C768.26828 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll” –host-npapi-version=27 –type=renderer

    “C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe”

    “C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe”

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding

    “C:\Windows\notepad.exe” “C:\Users\hov\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2014-02-15 (18-16-23).txt”

    “C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”

    “C:\Windows\system32\SearchFilterHost.exe” 0 520 524 532 65536 528

    “C:\Users\hov\Downloads\RSITx64(3).exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    C:\Windows\tasks\Sk-Enhancer-S-5902107913.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default

    prefs.js - “browser.search.useDBForOrder” - true

    prefs.js - “browser.startup.homepage” - “startpagina.nl”

    prefs.js - “keyword.URL” - “”

    “Description”=Adobe® Flash® Player 12.0.0.44 Plugin

    “Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

    “Description”=Google Earth in your browser

    “Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    “Description”=Picasa3 plugin

    “Path”=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

    “Description”=Java™ Deployment Toolkit

    “Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

    “Description”=Oracle® Next Generation Java™ Plug-In

    “Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    “Description”=

    “Path”=disabled

    “Description”=Ag Player Plugin

    “Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

    “Description”=Office Live Update v1.5

    “Path”=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

    “Description”=WLPG Install MIME type

    “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    “Description”=WLPG Install MIME type

    “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    “Description”=WLPG Install MIME type

    “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    “Description”=Google Update

    “Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

    “Description”=Google Update

    “Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

    “Description”=Handles PDFs in-place in Firefox

    “Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

    “Description”=Adobe® Flash® Player 12.0.0.43 Plugin

    “Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll

    “Description”=

    “Path”=disabled

    “Description”=Ag Player Plugin

    “Path”=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

    C:\Program Files (x86)\Mozilla Firefox\plugins\

    NPOFF12.DLL

    nppdf32.dll

    C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\extensions\

    gkg_y@vjdjyeuo.co.uk

    sbgi@aqrdhx.net

    C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\searchplugins\

    bing.xml

    utorrentbarnl-customized-web-search.xml

    ======Registry dump======

    avast! Online Security - C:\Pr

    Happy2Savveu - C:\Pr

    DisCouuniTExttensi - C:\Pr

    Java™ Plug-In SSV Helper - C:\Pr

    avast! Online Security - C:\Pr

    Java™ Plug-In 2 SSV Helper - C:\Pr

    {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Pr

    {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Pr

    “lxcqmon.exe”=C:\Pr

    “EzPrint”=C:\Pr

    “WrtMon.exe”=C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe

    “LXCQCATS”=rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry

    “TPwrMain”=C:\Pr

    “TosWaitSrv”=C:\Pr

    “TosSENotify”=C:\Pr

    “TosNC”=C:\Pr

    “Toshiba TEMPRO”=C:\Pr

    “SmoothView”=C:\Pr

    “RtHDVCpl”=C:\Pr

    “RtHDVBg”=C:\Pr

    “HSON”=C:\Pr

    “00TCrdMain”=C:\Pr

    “TosVolRegulator”=C:\Pr

    “Teco”=C:\Pr

    “TosReelTimeMonitor”=C:\Pr

    “MediaGet2”=C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe

    “EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”=C:\Pr

    C:\Pr

    C:\Pr

    C:\Pr

    C:\Pr

    C:\Pr

    C:\Pr

    “Lexmark 9300 Series”=C:\Pr

    “TWebCamera”=C:\Pr

    “StartCCC”=C:\Pr

    “NBAgent”=c:\Pr

    “GrooveMonitor”=C:\Pr

    “BtTray”=C:\Pr

    “KeNotify”=C:\Pr

    “Adobe ARM”=C:\Pr

    “SunJavaUpdateSched”=C:\Pr

    “AvastUI.exe”=C:\Pr

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    Update-agent.lnk - C:\Program Files (x86)\KPN\Mobiel Internet Software\AutoUpdateSrv.exe

    C:\Users\hov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

    “AppInit_DLLs”=“ C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL C:\PROGRA~3\WebTect\WEBTEC~1.DLL C:\PROGRA~3\INTELE~1\INTELE~2.DLL”

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Pr

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “EnableLinkedConnections”=1

    “NoActiveDesktop”=1

    “NoActiveDesktopChanges”=1

    “ForceActiveDesktopOn”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “VIDC.UYVY”=msyuv.dll

    “VIDC.YUY2”=msyuv.dll

    “VIDC.YVYU”=msyuv.dll

    “VIDC.IYUV”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “VIDC.YVU9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “MSVideo8”=VfWWDM32.dll

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “aux1”=wdmaud.drv

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    “aux2”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2014-02-15 15:03:23 —-D—- C:\Program Files (x86)\Mozilla Firefox

    2014-01-21 18:03:51 —-A—- C:\Windows\SYSWOW64\javaws.exe

    2014-01-21 18:03:44 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

    2014-01-21 18:03:44 —-A—- C:\Windows\SYSWOW64\javaw.exe

    2014-01-21 18:03:44 —-A—- C:\Windows\SYSWOW64\java.exe

    2014-01-18 12:50:29 —-D—- C:\Program Files (x86)\McAfee Security Scan

    ======List of files/folders modified in the last 1 month======

    2014-02-15 18:27:06 —-D—- C:\Windows\Prefetch

    2014-02-15 18:27:04 —-D—- C:\Windows\Temp

    2014-02-15 18:27:04 —-D—- C:\Program Files\trend micro

    2014-02-15 18:10:40 —-A—- C:\Windows\SYSWOW64\LOCALSERVICE.INI

    2014-02-15 18:10:39 —-A—- C:\Windows\SYSWOW64\bscs.ini

    2014-02-15 18:08:57 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service

    2014-02-15 17:27:59 —-RD—- C:\Program Files (x86)

    2014-02-13 14:17:13 —-D—- C:\Windows\inf

    2014-02-13 14:16:58 —-D—- C:\Windows\system32\catroot2

    2014-02-13 14:15:23 —-D—- C:\Windows

    2014-02-13 10:17:06 —-D—- C:\Users\hov\AppData\Roaming\uTorrent

    2014-02-13 10:15:40 —-D—- C:\Windows\Panther

    2014-02-13 10:15:40 —-D—- C:\Windows\Logs

    2014-02-13 10:15:40 —-D—- C:\Windows\debug

    2014-02-12 23:59:32 —-D—- C:\Program Files\Lx_cats

    2014-02-12 22:43:53 —-D—- C:\Windows\system32\config

    2014-02-12 22:31:23 —-SHD—- C:\System Volume Information

    2014-02-11 11:07:49 —-D—- C:\Program Files (x86)\Sk-Enhancer

    2014-02-05 16:55:09 —-D—- C:\Windows\SysWOW64

    2014-02-05 16:55:07 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

    2014-01-28 10:06:26 —-HD—- C:\ProgramData

    2014-01-28 10:01:36 —-RD—- C:\Program Files

    2014-01-28 09:52:51 —-D—- C:\ProgramData\WebTect

    2014-01-28 09:52:51 —-D—- C:\ProgramData\Intelewin filter

    2014-01-28 09:51:26 —-D—- C:\ProgramData\Fast And Safe

    2014-01-24 16:18:47 —-D—- C:\Windows\system32\Tasks

    2014-01-24 16:18:38 —-A—- C:\Windows\system32\aswBoot.exe

    2014-01-24 09:47:16 —-D—- C:\Windows\System32

    2014-01-24 09:47:16 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-01-24 09:47:10 —-A—- C:\Windows\SYSWOW64\REMOTEDEVICE.INI

    2014-01-24 09:43:47 —-A—- C:\Windows\SYSWOW64\LOCALDEVICE.INI

    2014-01-21 18:04:20 —-D—- C:\ProgramData\Oracle

    2014-01-21 18:03:56 —-SHD—- C:\Windows\Installer

    2014-01-21 18:03:56 —-SHD—- C:\Config.Msi

    2014-01-21 18:03:44 —-D—- C:\Program Files (x86)\Java

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys

    R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys

    R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys

    R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys

    R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys

    R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys

    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS

    R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys

    R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys

    R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys

    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys

    R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys

    R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys

    R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys

    R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys

    R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys

    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys

    R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys

    R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys

    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys

    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys

    R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys

    R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys

    S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys

    S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys

    S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys

    S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys

    S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys

    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys

    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys

    S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys

    S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys

    S3 massfilter;MBB Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys

    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

    S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys

    S3 RTL8187Se;Realtek RTL8187SE PCIE-netwerkadapter voor draadloos LAN; C:\Windows\system32\DRIVERS\RTL8187Se.sys

    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys

    S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS

    S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS

    S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

    S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys

    S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

    S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

    S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\Windows\system32\DRIVERS\ZTEusbnet.sys

    S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

    S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Pr

    R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe

    R2 avast! Antivirus;avast! Antivirus; C:\Pr

    R2 BecHelperService;BecHelperService; C:\Pr

    R2 BlueSoleilCS;BlueSoleilCS; C:\Pr

    R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Pr

    R2 ConfigFree Service;ConfigFree Service; C:\Pr

    R2 lxcq_device;lxcq_device; C:\Windows\system32\lxcqcoms.exe

    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Pr

    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe

    R2 TosCoSrv;TOSHIBA Power Saver; C:\Pr

    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Pr

    R2 VMCService;Vodafone Mobile Connect Service; C:\Pr

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Pr

    R3 BsHelpCS;BsHelpCS; C:\Pr

    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Pr

    S2 25e4f9bf;WebTect; C:\Windows\syswow64\rundll32.exe

    S2 64af91bf;Fast And Safe; C:\Windows\syswow64\rundll32.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Updateservice (gupdate); C:\Pr

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 fsssvc;Windows Live Family Safety Service; C:\Pr

    S3 gupdatem;Google Update-service (gupdatem); C:\Pr

    S3 gusvc;Google Updater Service; C:\Pr

    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Pr

    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Pr

    S3 odserv;Microsoft Office Diagnostics Service; C:\Pr

    S3 ose;Office Source Engine; C:\Pr

    S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Pr

    S3 TMachInfo;TMachInfo; C:\Pr

    S3 TPCHSrv;TPCH Service; C:\Pr

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    —————–EOF—————–

  • Ben

    Hallo,

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    emptyclsid;

    torpigcheck;

    C:\Windows\tasks\Sk-Enhancer-S-5902107913.job;f

    ;r

    “MediaGet2”=-;r

    C:\Users\hov\AppData\Local\MediaGet2;fs

    ;r

    “AppInit_DLLs”=-;r

    C:\PROGRA~3\FASTAN~1;fs

    C:\PROGRA~3\WebTect;fs

    C:\PROGRA~3\INTELE~1;fs

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

  • Harry(O)

    Hoi Ben

    Na het downen van zoek.exe probeer ik de gegevens in het venster te plakken. Maar dan komt er een pop up van winrar.

    Als ik dan uitgepakt is en ik zoek het progje op kan ik het niet openen.

    Het progje komt dus wel op mijn pc maar ik kan er niets in plakken. bij rechts klikken komt er een pop up waar geen “plakken” in staat.

    en bij het progje zelf, als ik op de knop “invoegen van klembord” met links klik komt weer dat winrar bestandje omhoog.

    wat doe ik fout!!!

    groetjes Harry(O)

  • Ben

    Hallo,

    Je heb toch wel het exe bestand gedownload dat is de eerst groene button (links boven)

  • Harry(O)

    heb ik inderdaad gedaan daarom verwonderde het mij dat die winrar opkwam.

    maar na enkele pogeingen is het toch gelukt. is nu aan het scannen.

  • Ben

    Hallo,

    Oke rustig aan kan wel 45 min duren.

  • Harry(O)

    hoi Ben hier is het logje

    Zoek.exe v5.0.0.0 Updated 15-February-2014

    Tool run by hov on za 15-02-2014 at 20:49:50,15.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\hov\Downloads\zoek.exe

    ==== System Restore Info ======================

    15-2-2014 21:23:43 Zoek.exe System Restore Point Created Succesfully.

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\IVTCopyMonitor {F40807E9-BFD1-44F6-AEB0-27E063BD14CA} C:\Windows\System32\BsShell.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

    ==== Empty Folders Check ======================

    C:\PROGRA~2\MSXML 4.0 deleted successfully

    C:\PROGRA~2\Panda Security deleted successfully

    C:\PROGRA~2\Sk-Enhancer deleted successfully

    C:\PROGRA~2\surrf and! keep deleted successfully

    C:\Program Files\WinPcap deleted successfully

    C:\ProgramData\Media Get LLC deleted successfully

    C:\ProgramData\Oracle deleted successfully

    C:\ProgramData\surrf and! keep deleted successfully

    C:\Users\G. Ovink\AppData\Local\VirtualStore deleted successfully

    C:\Users\G.Ovink\AppData\Local\{01A51091-DF68-4DA1-A704-2C8BF808C6D1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{02695841-29AD-46E3-9EE7-51F3DC7BBA46} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{02DC01BC-02ED-469C-8C2C-7DD2BAF4EC4D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{067DBDBA-BD51-4E99-8654-F6BE300732B1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{074B8D0A-CC90-465C-9D12-E0DD5B05B56D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{0778CDDF-9DAD-4E0A-9EDA-A87010BA00F1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{0838816A-1A60-4995-B85E-3F96A00B848D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{0C1795DF-021F-4591-8F67-00BC313D0B68} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{0CEEE7B7-3F5D-497D-8C1A-340967380711} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1162B9CF-DA15-4FF9-8CA9-AB6A17EB91C9} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{11DF4220-ABA3-4BAF-9411-D39F51A33772} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1269896B-AE9F-4AF7-81F4-7850B8BF4758} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1375CFCA-3FA5-469B-8EC7-B5AE9DA81223} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{13F8EAA4-44FB-4543-8F0A-656EC1DC6CC8} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1911C01F-8FBE-4CA9-9295-3C6BC351615D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1A81780E-CBD5-478C-9153-84C22E4A23F4} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1B8F56AE-4DCE-4F8E-8C22-0FEDBC91BDC7} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{1D86C8AC-046D-4C4E-9176-915457751FF2} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{21BF7B93-8310-4E85-B69F-254E110C3A6D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{227E3CDA-FA01-4DB4-9D27-7E0A1108C45E} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{250F6D92-3DBC-47F4-88F9-596B31B8F803} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{25FF8618-3691-4CE6-8150-982DA212D374} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{26B69E46-B625-463E-A32F-1F410447CC5F} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{2A02372B-284F-4521-A500-848170F2326B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{2B663E54-CD5D-44C1-9FF5-8A2C59A84FE8} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{2C282313-110C-45FD-8E59-8AEAD83C849B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{2DE8E4D6-38F2-4D86-8340-A678B8549C42} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{30E2F753-FA14-463E-B300-D759779C441F} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{32ED9951-34F0-448C-93DB-EB6AF71F116A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{38925BAB-4D5F-4398-B6A0-D3D0853E14DE} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{394FD3DB-B76D-4634-9A45-149DCA8698D8} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{39A1B131-B6F9-409A-8F1F-F455BFDF3C63} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{39EEE951-A862-4D82-80B2-9BBB5EFCF04C} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{3D212DE7-EADE-4613-AEEC-51A6F8E21BA0} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{3D268CC2-9B9D-4DB8-8C6F-C3B4CA87FA0B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{3D5BFACE-6EFE-4170-AF77-FFA33F2CA366} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{3F9A0B3C-BA11-47CB-8C3F-FAA5AEAC14B5} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{402D8EAD-69D4-464B-803F-AA07ECD5B7EA} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{41B178D6-F6BA-4126-ADF6-A1286203899D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{420FCA70-F4D0-4772-BE20-DE876DF7E0DD} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{42862AB8-FEA6-4E0C-A462-C11FF47E7653} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{4321655E-43ED-48E7-B071-EC9A35A5DC3B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{4531B2DC-365D-41A2-80FB-8652115AC992} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{45D96B1D-0737-4BF5-B8B4-9EFC1BC5A651} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{47A57241-9E40-4809-8CDE-CD15006C7912} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{48267671-5C7D-4133-973E-B14B2E977742} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{484C2F52-C19B-4B2F-914A-CB527F839132} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{4A98DDF5-CED2-415A-BCB3-0F1A7095C3B9} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{4CF9EBE6-51CE-4917-B106-277761CB5847} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{53093987-4AE9-425F-B681-BA16AA607731} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{568246D3-F931-46BC-8847-EE9ED0444488} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{575231AB-7FA2-4A88-B930-0A252494BCB4} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{5802C72D-AD1A-475B-827C-A35D8A520D93} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{58646747-B627-450C-B3FA-6B59FF86603A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{5957F2AA-223B-4679-BD97-091C7C518DDA} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{5D865DB7-4C6A-42B7-BDDC-9AFABA99460A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{5FBF6581-4D55-41AE-A577-205BB80E0BF7} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{602784C5-4F7B-43B0-97C4-B3BAD8AECC8E} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{614EE111-818B-4CA2-8571-8E2E6B532C00} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{6188ED09-A578-4492-9265-F9E774D46932} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{65373E55-B9ED-4927-B33D-285EA315E314} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{6553ED79-CBD6-4F0F-BBF1-DA8AE53F46A6} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{67FC88F3-F21C-4570-976B-9FFF7C5B5F03} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{688258AE-5592-48C9-A3DC-528FF0180F8A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{6D3A322E-CC75-4098-B799-AC39F6DDBD4E} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{709FA56E-982F-49DC-828D-FAF5EF12B9FA} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{70E09ADB-3940-4DD8-BFB5-76D67AAF7E71} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{722F5233-5693-4C41-BBAB-CDB54EA9B04A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{736A7478-2C31-49CB-84FF-CAC27EEBADAA} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{76300400-37CC-4141-A43F-CF377DAE1B5B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{7ED9E1AB-468C-479E-BB72-427EE1979DC1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{7F239904-E325-44A2-B545-836E811D7D40} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{7FE39BF4-17D4-4FEB-AC47-FFDA3E62F228} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{7FED251B-50D7-4E75-A63A-F8ECCF2A106D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{80652A48-067A-425D-9F50-CD5162E1018B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{83B80527-3567-4B6D-A452-D4A13BD40071} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{85CF88FA-36C1-4E03-89A5-C11EB87681EF} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{878D6118-1C07-41EF-AAC5-56F199801F60} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{87A45345-295E-4B07-B3DB-23C8DBC62024} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{894ADB01-7A41-4A31-B04B-C1C80B6AF652} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{8DB25835-7025-453B-9326-AF5CB9B95B8C} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{8E26B9B8-3CFA-4A3E-9702-2A77DCF5CFFB} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{8FCCFC5D-AE44-40E3-ACF1-D4A7476D6B6B} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{91EE0331-E88A-46A6-A458-A16EEAD6803D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{92353275-B061-48E6-90E4-0EF6FD6354A9} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{92488301-064C-401F-B889-E5BDB42AF99D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{94271D9C-B70B-415C-8F62-4533BC1E1843} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{9611A9AC-B0E3-4398-AD6B-C63015F51B09} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{96A6F2E1-D601-498B-803A-A930EEF32771} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{97B09E31-A9CC-473F-B52A-C34B550495BC} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{9834598E-F4C2-4065-971F-92E8F6726CD7} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{99FD17FF-0629-4278-9846-DA52095AE56D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{9A7220E2-EB8A-43FC-902B-400ECA837380} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{9B127B6E-AC5B-41C8-87D7-45D6AB0ED03A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{9F20489E-F65A-4058-991F-868996C6931D} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A011E17D-AF9C-4D0E-9A1C-1EFDF344C5E3} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A150D6F4-0293-4DB4-B21D-359ACFB54941} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A21E9ACC-BB0B-4090-860C-38CBCACA5EF0} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A2FDD507-FCCA-4643-B1B4-1565328A43E5} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A340E27B-5922-4B6D-92C1-0A83AA16AAB8} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A48D5415-81F3-4A4F-8DE2-8AA36E7E5ADB} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A4FE3C60-B99D-4427-B6DD-E1A5791C9F11} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A761DCF6-A924-4F84-B60D-EA6B2ABADC17} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{A8F0BE35-84F0-4E30-9499-518E3E5C02D1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{AA004567-E7AF-43A5-A258-64F39D10C4CE} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{AE58B00E-5028-4872-B8B9-7FBDA3F0A7A0} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{B2FB4CB5-11E2-4F2C-B741-CCC7A95BD4F6} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{B3400CAE-D1A2-4B26-8081-DF799B258E3A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{B4CD7DFB-3A2C-4FDF-A290-9563AFB160F8} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{B574A500-A7A4-428C-811A-871228921388} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{BB185038-39DE-4824-A9C4-5CDA646750B0} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{BC43ABBB-8B22-4433-83F8-DF4537FCCC36} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{BC79825D-546B-404E-AE04-992B201D9CCC} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{BCBA9FEA-556E-4D6F-A94F-0E41286EA200} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{BD3B89F0-DC43-43CF-8618-1C469D26518F} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{BE77A393-95D3-420A-B375-31DDE45661BF} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C01FB701-C732-4E68-A7CD-D4B261A5039F} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C0AA8D9A-72AC-41CD-BC02-AD69AD357644} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C17C5E7C-3DF5-485D-9B95-5783F08C01D3} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C19F1272-3568-43F5-B85B-751B302B30D1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C21E44E6-F809-45D2-BF79-CA73ECEF3ADE} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C69F773E-6411-435C-B5DC-48644914FCFC} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{C9B58120-1F6E-4148-BAD6-75613F98314A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CA4E7750-064B-4C96-A660-3C4D26DED8BB} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CAEB24D1-1364-4E32-8B1A-2A9DA99E73D3} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CBF8EF92-6731-4703-8394-47748D440BA9} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CC52B7B9-5D0F-418B-959A-C14F771648D1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CCA9E036-87DF-416D-8811-9EEE20D64D9E} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CD1F7903-D700-4540-8092-041FE6AAEA63} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CD529F5F-21F3-4A79-8718-3D4BF9B96937} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CE649094-8CD3-4151-B43C-1C79D8191DA6} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CE8EB530-287F-45B7-AC91-F7602C8404D0} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{CEF66C83-62A5-4F15-B66F-CD288F9B7B8F} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{D419DB74-07EC-4D1D-B216-0A57F0471168} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{D6F6EFA6-512A-4156-A65F-6C246A0F3235} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{D704754D-BFEA-4C7B-AEEC-E1C9072032C5} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{D881BE36-FB27-4C26-AAB7-373E098426C1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{D9894E8D-A48D-4396-8E37-AD5400136FC4} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{DC02D60B-0561-4D93-86EC-DA89EE8CF3FB} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{DC7CEE7E-42FC-44FE-9C31-39E8E0A513C2} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{DC998AD9-3E0A-495A-80F1-43AA9D166268} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E09A635D-F52D-4638-99A7-20EE35D1FB00} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E14C4603-CE76-445A-8B82-B52ADCEBABE1} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E1610E2A-4BA8-498F-A729-A30D897ED8DE} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E42D3925-AAD4-43AF-93A5-6662CACFDF71} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E46E8BBB-2306-4B7C-9A0D-7BACFD99C1CF} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E6B0FAF5-4A1D-4601-AD62-84B56ACDB20A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E71E2872-C39A-42DE-86A3-981584BF8C70} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{E925D5E9-539D-4AC1-8794-E5210E6CDFEC} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{EAFEA369-8945-4F4F-B93C-D94950E0D54A} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{EB94EAB2-FB56-4C5A-95EA-046ECAC08F31} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{EBB73311-157E-476B-AB69-3359B2946634} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{EDB6AC71-0559-441E-9750-649968C859F8} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{EEB3F1B4-529C-4D18-AA33-383D50FBDCFF} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{EEC19D9F-8118-4736-86BC-6781D2DCCA29} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{F45F2F61-8339-437A-8026-7971BAC89F62} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{F55D65EB-1DC0-4E74-B78C-28D86C3702BB} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{F593DED3-508A-41D0-BF9A-F00F00BA220E} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{F5B82525-BA0A-4E3A-8399-AECD4B96110C} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{F69991F3-76CF-4505-8417-32C75EE548F3} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{F7872793-8E51-41F1-9F1F-93BA551ED022} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FADC9EDA-FB34-4598-9071-31464A3DB825} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FB05B629-298F-47F8-8529-1C841DAEDC76} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FC4A574E-FB6C-4582-94EA-C0F66AADE231} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FD10EF8C-FD8A-4EE2-ADED-180C289D9460} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FD54BD94-39A8-45DF-8DDD-F1292DFA93B7} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FDCEEAA3-4381-4AFC-8EA4-FEBE0E756E7E} deleted successfully

    C:\Users\G.Ovink\AppData\Local\{FF34387D-CDEE-445B-BD17-6CCC412FF7E2} deleted successfully

    C:\Users\hov\AppData\Local\MigWiz deleted successfully

    C:\Users\hov\AppData\Local\Samsung deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B83663F-F4DC-4A77-B6D7-4DBC35AE6D85} deleted successfully

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9A9FE01B-695D-4785-A490-9AEB88AA3510} deleted successfully

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully

    HKEY_CLASSES_ROOT\CLSID\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully

    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully

    HKEY_CLASSES_ROOT\CLSID\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully

    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully

    HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

    ==== Running Processes ======================

    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe

    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

    C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe

    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

    C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe

    C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe

    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

    C:\Users\hov\Downloads\zoek.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    ==== Deleting Services ======================

    ==== FireFox Fix ======================

    ProfilePath: C:\Users\G8F3B~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\nwhfuckz.default

    user.js not found

    —- FireFox user.js and prefs.js backups —-

    prefs_15-02-2014_2142_.backup

    ProfilePath: C:\Users\GC19D~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\kgv2njmc.default

    user.js not found

    —- FireFox user.js and prefs.js backups —-

    prefs_15-02-2014_2142_.backup

    ProfilePath: C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default

    user.js not found

    —- Lines babylon removed from prefs.js —-

    user_pref(“extensions.BabylonToolbar.prtkDS”, 0);

    user_pref(“extensions.BabylonToolbar.prtkHmpg”, 0);

    —- Lines Sweet removed from prefs.js —-

    user_pref(“sweetim.toolbar.previous.browser.search.defaultenginename”, “”);

    user_pref(“sweetim.toolbar.previous.browser.search.selectedEngine”, “”);

    user_pref(“sweetim.toolbar.previous.browser.startup.homepage”, “”);

    user_pref(“sweetim.toolbar.previous.keyword.URL”, “”);

    user_pref(“sweetim.toolbar.scripts.1.domain-blacklist”, “”);

    user_pref(“sweetim.toolbar.searchguard.enable”, “”);

    user_pref(“sweetim.toolbar.searchguard.UserRejectedGuard_DS”, “”);

    user_pref(“sweetim.toolbar.searchguard.UserRejectedGuard_HP”, “”);

    —- Lines extensions.f5eGRtcdNJd removed from prefs.js —-

    user_pref(“extensions.f5eGRtcdNJd.epoch”, “1392541039”);

    user_pref(“extensions.f5eGRtcdNJd.url”, "http://proxy5-jpi.info/sync2/?q=hfZ9ofqUrHsMCyVUojaMg708BNmGWj8pjchGheDUojwHrjsHrdwFrjrFqShIC7n0rjnErTw8rdY8q

    —- Lines extensions.qIysTg removed from prefs.js —-

    user_pref(“extensions.qIysTg.epoch”, “1392541039”);

    user_pref(“extensions.qIysTg.url”, "http://safefacile.net/sync2/?q=hfZ9oehSBfwMCyVUojaMg708BNmGWj8pjchGheDUojwHrjsHrdwFrjrGqchIC7n0rjnErTw8rdY8qTnGtNh

    —- FireFox user.js and prefs.js backups —-

    prefs_15-02-2014_2142_.backup

    ==== Registry Fix Code ======================

    Windows Registry Editor Version 5.00

    “MediaGet2”=-

    “AppInit_DLLs”=-

    ==== Deleting Files \ Folders ======================

    C:\PROGRA~3\FASTAN~1 deleted

    C:\PROGRA~3\WebTect deleted

    C:\PROGRA~3\INTELE~1 deleted

    C:\ProgramData\kfgngcjijinjbmhibmecigbdkkgpblin deleted

    C:\Users\G.Ovink\AppData\LocalLow\{81EFA0D0-D7FA-09CE-F196-310B213E496B} deleted

    C:\Users\hov\AppData\LocalLow\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted

    C:\Users\hov\AppData\LocalLow\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted

    C:\Users\hov\AppData\LocalLow\{9B55E4CC-1003-61A5-F839-37D4743F5471} deleted

    C:\Users\hov\AppData\LocalLow\{DE44FDCD-E30B-7740-2A44-B9A3E205B65F} deleted

    C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted

    C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted

    C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{9B55E4CC-1003-61A5-F839-37D4743F5471} deleted

    C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{DE44FDCD-E30B-7740-2A44-B9A3E205B65F} deleted

    C:\ProgramData\b7a7db7ebbe4ee4c deleted

    C:\ProgramData\Happy2Savveu deleted

    C:\ProgramData\DisCouuniTExttensi deleted

    C:\PROGRA~2\FoxTabAVIConverter deleted

    C:\ProgramData\SPL8B33.tmp deleted

    C:\ProgramData\InstallMate deleted

    C:\Windows\WinInit.Ini deleted

    C:\Windows\tasks\Sk-Enhancer-S-5902107913.job deleted

    C:\windows\SysNative\tasks\Sk-Enhancer-S-5902107913 deleted

    C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\searchplugins\utorrentbarnl-customized-web-search.xml deleted

    C:\Users\GC19D~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\kgv2njmc.default\extensions\gkg_y@vjdjyeuo.co.uk deleted

    C:\Users\GC19D~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\kgv2njmc.default\extensions\sbgi@aqrdhx.net deleted

    C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\extensions\gkg_y@vjdjyeuo.co.uk deleted

    C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\extensions\sbgi@aqrdhx.net deleted

    “C:\Users\hov\AppData\Local\{3665A230-AA52-4DAF-B81C-32FB98963952}” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\libeay32.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\libvlc.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\libvlccore.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtCore4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtDeclarative4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtGui4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtNetwork4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtScript4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtSql4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtWebKit4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtXml4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\QtXmlPatterns4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\ssleay32.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\imageformats\qgif4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\imageformats\qjpeg4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\imageformats\qmng4.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\access\libdshow_plugin.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\audio_output\libaout_directx_plugin.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\audio_output\libwaveout_plugin.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\control\libhotkeys_plugin.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\mmxext\libmemcpymmxext_plugin.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\video_output\libdirectx_plugin.dll” deleted

    “C:\Users\hov\AppData\Local\MediaGet2” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\imageformats” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\access” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\audio_output” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\control” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\mmxext” deleted

    “C:\Users\hov\AppData\Local\MediaGet2\plugins\video_output” deleted

    ==== System Specs ======================

    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

    Memory (RAM): 2812 MB

    CPU Info: AMD Athlon™ II P320 Dual-Core Processor

    CPU Speed: 2148,1 MHz

    Sound Card: Luidsprekers (Realtek High Defi |

    Display Adapters: ATI Mobility Radeon HD 4200 Series | ATI Mobility Radeon HD 4200 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 1x; Algemeen PnP-beeldscherm |

    Screen Resolution: 1600 X 900 - 32 bit

    Network: Network Present

    Network Adapters: Bluetooth PAN Network Adapter | Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 Wireless Network Adapter | Realtek PCIe FE Family Controller

    CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-L633C

    Ports: COM3 | COM4 | COM5 | COM6 | COM21 LPT Port NOT Present.

    Mouse: 2 Button Mouse Present

    Hard Disks: C: 116,4GB | D: 116,1GB

    Hard Disks - Free: C: 65,9GB | D: 92,8GB

    Manufacturer *: TOSHIBA

    BIOS Info: AT/AT COMPATIBLE | 02/05/10 | TOSCPL - 1072009

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: TOSHIBA NALAE

    Country: Nederland

    Language: NLD

    ==== System Specs (Software) ======================

    Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Anti-Spyware: avast! Antivirus disabled (Outdated)

    Default Browser: Firefox 27.0.1

    Internet Explorer Version: 10.0.9200.16736

    Mozilla Firefox version: 27.0.1 (x86 nl)

    Google Chrome version: 31.0.1650.63

    Adobe Reader version: 11.0.06.70

    Sun Java version: 1.7.0_51 (32-bit)

    Flash Player version: 12.0.0.44

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    ====== C:\Users\hov\AppData\Local\Temp ====

    2014-02-15 19:40:57 06A76E680E46E8424CA4B2B814AAFD7D 17640 ——w- C:\Users\hov\AppData\Local\Temp\half-open-limit-check.exe

    ====== Java Cache =====

    ====== C:\Windows\SysWOW64 =====

    ====== C:\Windows\SysWOW64\drivers =====

    ====== C:\Windows\Sysnative =====

    ====== C:\Windows\Sysnative\drivers =====

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    ======= C:\PROGRA~2 =====

    ======= C: =====

    ====== C:\Users\hov\AppData\Roaming ======

    ====== C:\Users\hov ======

    2014-02-15 17:26:21 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(3).exe

    2014-02-13 09:05:28 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(2).exe

    2014-02-05 06:47:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(1).exe

    2014-01-21 17:03:44 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

    ====== C: exe-files ==

    2014-02-15 19:40:57 06A76E680E46E8424CA4B2B814AAFD7D 17640 ——w- C:\Users\hov\AppData\Local\Temp\half-open-limit-check.exe

    2014-02-15 17:26:21 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(3).exe

    2014-02-15 10:48:56 B951607D1ED4B78184415FBAA7C683AE 62779704 —-a-w- C:\Users\hov\AppData\Local\Media Get LLC\MediaGet2\update.exe

    2014-02-13 09:05:28 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(2).exe

    === C: other files ==

    ==== Startup Registry Enabled ======================

    “TOSHIBA Online Product Information”=“C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –type=service”

    “TOSHIBA Online Product Information”=“C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “Lexmark 9300 Series”=“C:\Program Files (x86)\Lexmark 9300 Series\fm3032.exe /s”

    “TWebCamera”=“C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun”

    “StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”

    “NBAgent”=“c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart”

    “GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”

    “BtTray”=“C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”

    “KeNotify”=“C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe”

    “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    “AvastUI.exe”=“C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui”

    “EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –type=service”

    ==== Startup Registry Enabled x64 ======================

    “lxcqmon.exe”=“C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe”

    “EzPrint”=“C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe”

    “WrtMon.exe”=“C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe”

    “TPwrMain”=“%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE”

    “TosWaitSrv”=“%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe”

    “TosSENotify”=“C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe”

    “TosNC”=“%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe”

    “Toshiba TEMPRO”=“C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe”

    “SmoothView”=“%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe”

    “RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”

    “RtHDVBg”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3”

    “HSON”=“%ProgramFiles%\TOSHIBA\TBS\HSON.exe”

    “00TCrdMain”=“%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe”

    “TosVolRegulator”=“C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe”

    “Teco”=“%ProgramFiles%\TOSHIBA\TECO\Teco.exe /r”

    “TosReelTimeMonitor”=“%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe”

    “AppInit_DLLs”=“ C:\\PROGRA~3\\FASTAN~1\\FASTAN~2.DLL C:\\PROGRA~3\\WebTect\\WEBTEC~1.DLL C:\\PROGRA~3\\INTELE~1\\INTELE~2.DLL”

    ==== Startup Registry Disabled x64 ======================

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“KiesPDLR”

    “hkey”=“HKCU”

    “command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”

    “hkey”=“HKCU”

    “command”=“\”C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\“ –type=service”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“HWSetup”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe hwSetUP”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“KiesPDLR”

    “hkey”=“HKCU”

    “command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“KiesPreload”

    “hkey”=“HKCU”

    “command”=“C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload”

    “key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“SVPWUTIL”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files (x86)\\TOSHIBA\\Utilities\\SVPWUTIL.exe SVPwUTIL”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Toshiba Registration”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\Toshiba\\Registration\\ToshibaReminder.exe”

    ==== Startup Folders ======================

    2010-04-19 06:48:36 1258 —-a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

    2010-04-19 06:48:36 1258 —-a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

    2011-12-09 09:47:51 1321 —-a-w- C:\Users\hov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

    2011-07-10 11:39:41 930 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update-agent.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\SysNative\tasks\Adobe Flash Player Updater”

    “C:\Windows\SysNative\tasks\CCleanerSkipUAC”

    “C:\Windows\SysNative\tasks\ConfigFree Startup Programs”

    “C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”

    “C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”

    “C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0902C831-6FD6-473C-9EEB-DF20ACBB2588}”

    “C:\Windows\SysNative\tasks\User_Feed_Synchronization-{AED7B89A-4FDA-402B-933A-8A9E3ED067F9}”

    “C:\Windows\SysNative\tasks\{8D725789-058E-4978-A2CC-3F2EAA15F23F}”

    “C:\Windows\SysNative\tasks\{C60C194C-A330-4016-9FE3-861FF280EC26}”

    ==== Folders in C:\ProgramData 0-6 Months Old ======================

    No folders found aged 0-6 months

    ==== Firefox Extensions Registry ======================

    “wrc@avast.com”=“C:\Program Files\Alwil Software\Avast5\WebRep\FF”

    ==== Firefox Extensions ======================

    AppDir: C:\Program Files (x86)\Mozilla Firefox

    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default

    FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\hov\AppData\Local\Temp\crxB636.tmp

    gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx

    avast WebRep - G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

    Happy2Savveu - G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco

    avast Online Security - hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

    Happy2Savveu - hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco

    Google Wallet - hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    ==== Chrome Fix ======================

    C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco deleted successfully

    C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco deleted successfully

    C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kieloplihfmdljfkcjghhdgjnhcndnco_0.localstorage deleted successfully

    C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kieloplihfmdljfkcjghhdgjnhcndnco_0.localstorage-journal deleted successfully

    C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnopppmhmeaoemkcpcdafnglgdlhcpp deleted successfully

    C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbfopbngnljkpkbadmbgngfphfjkcfo deleted successfully

    C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpjojmkojegebmmebgegclhpificoip deleted successfully

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://www.startpagina.nl/”

    “Search Page”=“http://www.google.com”

    “Default_Search_URL”=“http://www.google.com/ie”

    @=“http://www.google.com/search?q=%s”

    “SearchAssistant”=“http://www.google.com/ie”

    “Default_Search_URL”=“http://www.google.com/ie”

    “DefaultScope”=“{0B97168A-F193-401D-847F-F4094DB974B9}”

    not found

    New Values:

    “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

    “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

    “Start Page”=“http://www.startpagina.nl/”

    “(Default)”=“http://search.msn.com/results.asp?q=%s”

    “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

    “SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”

    {6569A652-7D4A-44A3-9F17-374C13BA297B} Google Url=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    {6E7E674B-EFD7-405D-9337-052D108DF045} Amazon Url=“http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2”

    {B9D63DCD-1571-4FDF-A7B3-B38F1523B5E4} eBay Url=“http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}”

    {F6A686E6-2535-40B2-969C-337E50CD697D} Bing Url=“http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}”

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BAFBE8E-A164-FE99-4A55-9CF93EE9CEAF} deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{ef65f95a} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{25e4f9bf} deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully

    ==== HijackThis Entries ======================

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Lexmark 9300 Series\fm3032.exe” /s

    O4 - HKLM\..\Run: “C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe” autorun

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: “c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe” /WinStart

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “C:\Program Files\Alwil Software\Avast5\AvastUI.exe” /nogui

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=service

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-18\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘SYSTEM’)

    O4 - HKUS\.DEFAULT\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘Default user’)

    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)

    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Global Startup: Update-agent.lnk = ?

    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe

    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

    O23 - Service: BsHelpCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: lxcq_device - - C:\Windows\system32\lxcqcoms.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\G. Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\G. Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\G.Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\G.Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\G.Ovink\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\G.Ovink\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\hov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\hov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\G. Ovink\AppData\Local\Mozilla\Firefox\Profiles\nwhfuckz.default\Cache emptied successfully

    C:\Users\G.Ovink\AppData\Local\Mozilla\Firefox\Profiles\kgv2njmc.default\Cache emptied successfully

    C:\Users\hov\AppData\Local\Mozilla\Firefox\Profiles\zf4wi6bs.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache is not empty, a reboot is needed

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=414 folders=78 185453530 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\G. Ovink\AppData\Local\Temp emptied successfully

    C:\Users\G.Ovink\AppData\Local\Temp emptied successfully

    C:\Users\ovink\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Users\hov\AppData\Local\Temp will be emptied at reboot

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\hov\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    “C:\Users\G.Ovink\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3P4NNHMU\media.rtl.nl” not found

    ==== EOF on za 15-02-2014 at 21:57:57,75 ======================

  • Ben

    Hallo,

    Wat een opruiming, voer zoek.exe nogmaals uit met de volgende code;

    C:\Users\hov\AppData\Local\Media Get LLC;fs

    ;r64

    “AppInit_DLLs”=-;r64

    Plaats het verkregen logje.

    Download

    AdwCleaner by Xplode naar het bureaublad.

    *Sluit alle openstaande vensters.

    *Dubbelklik op AdwCleaner om hem te starten.

    *Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,

    *Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    *Klik vervolgens op Scan.

    *Klik vervolgens op Clean als er items zijn gevonden.

    *Klik bij Herstarten Noodzakelijk op OK

    Nadat de PC opnieuw is opgestart, opent meestal een logfile.

    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt

    Post aansluitend de inhoud van dit log in je volgende bericht.

  • Harry(O)

    progje loopt.

    tjonge das inderdaad een kaalslag was dat allemaal adware ?

    Of heeft dit nog niks te maken met al die pop ups in Firefox en grome.

    Heb het hyacktis logje ook even bekeken en zag daar een boelveel file missings.

    Kan de oorzaak van dat liggen bij CCleaner, als ik daar op“ register” scan komen er ook een boel fouten naar voren.

  • Ben

    tjonge das inderdaad een kaalslag was dat allemaal adware ?

    Of heeft dit nog niks te maken met al die pop ups in Firefox en grome.

    Zoek.exe heb ik malware/adware van je pc en uit al je browsers laten verwijderen.

    Heb het hyacktis logje ook even bekeken en zag daar een boelveel file missings.

    Kan de oorzaak van dat liggen bij CCleaner, als ik daar op“ register” scan komen er ook een boel fouten naar voren.

    Dat file missings komt omdat HijackThis niet met een 64 bit om kan gaan, Ccleaner kan je gewoon blijven gebruiken.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.