virusmelding van avast en vragen om opstartscan

Harry(O)

15-02-2014 19:08

hoi virus helpers
Ik werk met een toshiba laptop met win 7 en avast als virusscanner.
telkens na de opstart komt na enkele min. avast met een melding van een virus in:
C:\user\……\OppData\local\mediaget LLC\Mediaget2\update.exe
mediaget-atm-proxy.exe is geinfecteerd met Win 32: pup-gen (pup)
C:\user\…..\OppData\local\Temp\half-open-check.exe
Na het doen van een opstartscan komt de melding opnieuw.
zelfs na enkele malen opnieuw scannen.
Of het er mee te maken heeft weet ik niet maar ook heb ik veel last van pop up schermpjes in zowel firefox als Grome.
Het betreffen advertentie pop ups
Ook al een paar maand last van een melding bij het opstarten van: Runtime error 2 at 00004AD4
dit kwam bij elke opstart. Alleen de laatste 2 dagen wordt deze melding minder en start de pc vaker op zonder deze melding dan met.
Maar dit worden, denk ik, te veel meldingen in één topic
dus svp liever eerst de avast melding en de pop ups
(bij mijn hoofd PC met vista en avast heeft zich dit probleem ook voor gedaan maar was na een mbam scan en een opstartscan verholpen)
hier de gevraagde logjes
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.02.13.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
hov :: LAPPIE
15-2-2014 18:16:23
mbam-log-2014-02-15 (18-16-23).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 293138
Verstreken tijd: 8 minuut/minuten, 49 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by hov at 2014-02-15 18:27:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 67 GB (57%) free of 119 GB
Total RAM: 2812 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:06, on 15-2-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Program Files\trend micro\hov.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Lexmark 9300 Series\fm3032.exe” /s
O4 - HKLM\..\Run: “C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe” autorun
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe” /WinStart
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Alwil Software\Avast5\AvastUI.exe” /nogui
O4 - HKCU\..\Run: C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe –minimized
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=service
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Update-agent.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\sk-enh~1\psupport.dll c:\progra~3\webtect\webtect.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxcq_device - - C:\Windows\system32\lxcqcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12790 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
“C:\Program Files\Alwil Software\Avast5\AvastSvc.exe”
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
taskeng.exe {BB7F7A05-66F7-4DDD-AAD6-767A13440C16}
“C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /c
“C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe”
“C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe”
“C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe”
“C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe”
“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe” -s
“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe” /FORPCEE3
“C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe” –minimized
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=service
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
“C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe” autorun
“C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe” /WinStart
“C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE” /tsr
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM”
“C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”
taskeng.exe {2DFCC268-3979-4328-9325-0486F536AEBA}
“C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe”
“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe”
“C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe” -background 3220
“C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe”
\??\C:\Windows\system32\conhost.exe "1512017962-870224217213549271-196367386191467618448286364-1067760340781265896
C:\Windows\system32\lxcqcoms.exe -service
“c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe”
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
“C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe”
“C:\Program Files\TOSHIBA\TECO\TecoService.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe”
WLIDSvcM.exe 3816
“C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe”
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“C:\Program Files\Alwil Software\Avast5\AvastUI.exe” /nogui
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe”
“C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe”
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
“C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe” –channel=2496.1173ae00.1722163142 “C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll” -greomni “C:\Program Files (x86)\Mozilla Firefox\omni.ja” -appomni “C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja” -appdir “C:\Program Files (x86)\Mozilla Firefox\browser” E7CF176E110C211B 2496 “\\.\pipe\gecko-crash-server-pipe.2496” plugin
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe” –proxy-stub-channel=Flash1752.5FF8C768.26828 –host-broker-channel=Flash1752.5FF8C768.12210 –host-pid=1752 –host-npapi-version=27 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll”
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe” –channel=1868.003BF710.1993294198 –proxy-stub-channel=Flash1752.5FF8C768.26828 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll” –host-npapi-version=27 –type=renderer
“C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe”
“C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe”
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
“C:\Windows\notepad.exe” “C:\Users\hov\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2014-02-15 (18-16-23).txt”
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 520 524 532 65536 528
“C:\Users\hov\Downloads\RSITx64(3).exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Sk-Enhancer-S-5902107913.job
=========Mozilla firefox=========
ProfilePath - C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default
prefs.js - “browser.search.useDBForOrder” - true
prefs.js - “browser.startup.homepage” - “startpagina.nl”
prefs.js - “keyword.URL” - “”
“Description”=Adobe® Flash® Player 12.0.0.44 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
“Description”=Google Earth in your browser
“Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
“Description”=Picasa3 plugin
“Path”=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
“Description”=Office Live Update v1.5
“Path”=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 12.0.0.43 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\extensions\
gkg_y@vjdjyeuo.co.uk
sbgi@aqrdhx.net
C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\searchplugins\
bing.xml
utorrentbarnl-customized-web-search.xml
======Registry dump======
avast! Online Security - C:\Pr
Happy2Savveu - C:\Pr
DisCouuniTExttensi - C:\Pr
Java™ Plug-In SSV Helper - C:\Pr
avast! Online Security - C:\Pr
Java™ Plug-In 2 SSV Helper - C:\Pr
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Pr
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Pr
“lxcqmon.exe”=C:\Pr
“EzPrint”=C:\Pr
“WrtMon.exe”=C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
“LXCQCATS”=rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
“TPwrMain”=C:\Pr
“TosWaitSrv”=C:\Pr
“TosSENotify”=C:\Pr
“TosNC”=C:\Pr
“Toshiba TEMPRO”=C:\Pr
“SmoothView”=C:\Pr
“RtHDVCpl”=C:\Pr
“RtHDVBg”=C:\Pr
“HSON”=C:\Pr
“00TCrdMain”=C:\Pr
“TosVolRegulator”=C:\Pr
“Teco”=C:\Pr
“TosReelTimeMonitor”=C:\Pr
“MediaGet2”=C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe
“EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”=C:\Pr
C:\Pr
C:\Pr
C:\Pr
C:\Pr
C:\Pr
C:\Pr
“Lexmark 9300 Series”=C:\Pr
“TWebCamera”=C:\Pr
“StartCCC”=C:\Pr
“NBAgent”=c:\Pr
“GrooveMonitor”=C:\Pr
“BtTray”=C:\Pr
“KeNotify”=C:\Pr
“Adobe ARM”=C:\Pr
“SunJavaUpdateSched”=C:\Pr
“AvastUI.exe”=C:\Pr
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Update-agent.lnk - C:\Program Files (x86)\KPN\Mobiel Internet Software\AutoUpdateSrv.exe
C:\Users\hov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
“AppInit_DLLs”=“ C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL C:\PROGRA~3\WebTect\WEBTEC~1.DLL C:\PROGRA~3\INTELE~1\INTELE~2.DLL”
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Pr
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableLinkedConnections”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-02-15 15:03:23 —-D—- C:\Program Files (x86)\Mozilla Firefox
2014-01-21 18:03:51 —-A—- C:\Windows\SYSWOW64\javaws.exe
2014-01-21 18:03:44 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-01-21 18:03:44 —-A—- C:\Windows\SYSWOW64\javaw.exe
2014-01-21 18:03:44 —-A—- C:\Windows\SYSWOW64\java.exe
2014-01-18 12:50:29 —-D—- C:\Program Files (x86)\McAfee Security Scan
======List of files/folders modified in the last 1 month======
2014-02-15 18:27:06 —-D—- C:\Windows\Prefetch
2014-02-15 18:27:04 —-D—- C:\Windows\Temp
2014-02-15 18:27:04 —-D—- C:\Program Files\trend micro
2014-02-15 18:10:40 —-A—- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2014-02-15 18:10:39 —-A—- C:\Windows\SYSWOW64\bscs.ini
2014-02-15 18:08:57 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 17:27:59 —-RD—- C:\Program Files (x86)
2014-02-13 14:17:13 —-D—- C:\Windows\inf
2014-02-13 14:16:58 —-D—- C:\Windows\system32\catroot2
2014-02-13 14:15:23 —-D—- C:\Windows
2014-02-13 10:17:06 —-D—- C:\Users\hov\AppData\Roaming\uTorrent
2014-02-13 10:15:40 —-D—- C:\Windows\Panther
2014-02-13 10:15:40 —-D—- C:\Windows\Logs
2014-02-13 10:15:40 —-D—- C:\Windows\debug
2014-02-12 23:59:32 —-D—- C:\Program Files\Lx_cats
2014-02-12 22:43:53 —-D—- C:\Windows\system32\config
2014-02-12 22:31:23 —-SHD—- C:\System Volume Information
2014-02-11 11:07:49 —-D—- C:\Program Files (x86)\Sk-Enhancer
2014-02-05 16:55:09 —-D—- C:\Windows\SysWOW64
2014-02-05 16:55:07 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-01-28 10:06:26 —-HD—- C:\ProgramData
2014-01-28 10:01:36 —-RD—- C:\Program Files
2014-01-28 09:52:51 —-D—- C:\ProgramData\WebTect
2014-01-28 09:52:51 —-D—- C:\ProgramData\Intelewin filter
2014-01-28 09:51:26 —-D—- C:\ProgramData\Fast And Safe
2014-01-24 16:18:47 —-D—- C:\Windows\system32\Tasks
2014-01-24 16:18:38 —-A—- C:\Windows\system32\aswBoot.exe
2014-01-24 09:47:16 —-D—- C:\Windows\System32
2014-01-24 09:47:16 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-01-24 09:47:10 —-A—- C:\Windows\SYSWOW64\REMOTEDEVICE.INI
2014-01-24 09:43:47 —-A—- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2014-01-21 18:04:20 —-D—- C:\ProgramData\Oracle
2014-01-21 18:03:56 —-SHD—- C:\Windows\Installer
2014-01-21 18:03:56 —-SHD—- C:\Config.Msi
2014-01-21 18:03:44 —-D—- C:\Program Files (x86)\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys
R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys
S3 massfilter;MBB Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys
S3 RTL8187Se;Realtek RTL8187SE PCIE-netwerkadapter voor draadloos LAN; C:\Windows\system32\DRIVERS\RTL8187Se.sys
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\Windows\system32\DRIVERS\ZTEusbnet.sys
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Pr
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 avast! Antivirus;avast! Antivirus; C:\Pr
R2 BecHelperService;BecHelperService; C:\Pr
R2 BlueSoleilCS;BlueSoleilCS; C:\Pr
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Pr
R2 ConfigFree Service;ConfigFree Service; C:\Pr
R2 lxcq_device;lxcq_device; C:\Windows\system32\lxcqcoms.exe
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Pr
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe
R2 TosCoSrv;TOSHIBA Power Saver; C:\Pr
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Pr
R2 VMCService;Vodafone Mobile Connect Service; C:\Pr
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Pr
R3 BsHelpCS;BsHelpCS; C:\Pr
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Pr
S2 25e4f9bf;WebTect; C:\Windows\syswow64\rundll32.exe
S2 64af91bf;Fast And Safe; C:\Windows\syswow64\rundll32.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Pr
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Pr
S3 gupdatem;Google Update-service (gupdatem); C:\Pr
S3 gusvc;Google Updater Service; C:\Pr
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Pr
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Pr
S3 odserv;Microsoft Office Diagnostics Service; C:\Pr
S3 ose;Office Source Engine; C:\Pr
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Pr
S3 TMachInfo;TMachInfo; C:\Pr
S3 TPCHSrv;TPCH Service; C:\Pr
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
—————–EOF—————–
Ben

15-02-2014 20:20

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
C:\Windows\tasks\Sk-Enhancer-S-5902107913.job;f
;r
“MediaGet2”=-;r
C:\Users\hov\AppData\Local\MediaGet2;fs
;r
“AppInit_DLLs”=-;r
C:\PROGRA~3\FASTAN~1;fs
C:\PROGRA~3\WebTect;fs
C:\PROGRA~3\INTELE~1;fs
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Harry(O)

15-02-2014 21:12

Hoi Ben
Na het downen van zoek.exe probeer ik de gegevens in het venster te plakken. Maar dan komt er een pop up van winrar.
Als ik dan uitgepakt is en ik zoek het progje op kan ik het niet openen.
Het progje komt dus wel op mijn pc maar ik kan er niets in plakken. bij rechts klikken komt er een pop up waar geen “plakken” in staat.
en bij het progje zelf, als ik op de knop “invoegen van klembord” met links klik komt weer dat winrar bestandje omhoog.
wat doe ik fout!!!
groetjes Harry(O)
Ben

15-02-2014 21:22

Hallo,
Je heb toch wel het exe bestand gedownload dat is de eerst groene button (links boven)
Harry(O)

15-02-2014 21:30

heb ik inderdaad gedaan daarom verwonderde het mij dat die winrar opkwam.
maar na enkele pogeingen is het toch gelukt. is nu aan het scannen.
Ben

15-02-2014 21:33

Hallo,
Oke rustig aan kan wel 45 min duren.
Harry(O)

15-02-2014 22:00

hoi Ben hier is het logje
Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by hov on za 15-02-2014 at 20:49:50,15.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\hov\Downloads\zoek.exe
==== System Restore Info ======================
15-2-2014 21:23:43 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\IVTCopyMonitor {F40807E9-BFD1-44F6-AEB0-27E063BD14CA} C:\Windows\System32\BsShell.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Panda Security deleted successfully
C:\PROGRA~2\Sk-Enhancer deleted successfully
C:\PROGRA~2\surrf and! keep deleted successfully
C:\Program Files\WinPcap deleted successfully
C:\ProgramData\Media Get LLC deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\ProgramData\surrf and! keep deleted successfully
C:\Users\G. Ovink\AppData\Local\VirtualStore deleted successfully
C:\Users\G.Ovink\AppData\Local\{01A51091-DF68-4DA1-A704-2C8BF808C6D1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{02695841-29AD-46E3-9EE7-51F3DC7BBA46} deleted successfully
C:\Users\G.Ovink\AppData\Local\{02DC01BC-02ED-469C-8C2C-7DD2BAF4EC4D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{067DBDBA-BD51-4E99-8654-F6BE300732B1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{074B8D0A-CC90-465C-9D12-E0DD5B05B56D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{0778CDDF-9DAD-4E0A-9EDA-A87010BA00F1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{0838816A-1A60-4995-B85E-3F96A00B848D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{0C1795DF-021F-4591-8F67-00BC313D0B68} deleted successfully
C:\Users\G.Ovink\AppData\Local\{0CEEE7B7-3F5D-497D-8C1A-340967380711} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1162B9CF-DA15-4FF9-8CA9-AB6A17EB91C9} deleted successfully
C:\Users\G.Ovink\AppData\Local\{11DF4220-ABA3-4BAF-9411-D39F51A33772} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1269896B-AE9F-4AF7-81F4-7850B8BF4758} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1375CFCA-3FA5-469B-8EC7-B5AE9DA81223} deleted successfully
C:\Users\G.Ovink\AppData\Local\{13F8EAA4-44FB-4543-8F0A-656EC1DC6CC8} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1911C01F-8FBE-4CA9-9295-3C6BC351615D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1A81780E-CBD5-478C-9153-84C22E4A23F4} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1B8F56AE-4DCE-4F8E-8C22-0FEDBC91BDC7} deleted successfully
C:\Users\G.Ovink\AppData\Local\{1D86C8AC-046D-4C4E-9176-915457751FF2} deleted successfully
C:\Users\G.Ovink\AppData\Local\{21BF7B93-8310-4E85-B69F-254E110C3A6D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{227E3CDA-FA01-4DB4-9D27-7E0A1108C45E} deleted successfully
C:\Users\G.Ovink\AppData\Local\{250F6D92-3DBC-47F4-88F9-596B31B8F803} deleted successfully
C:\Users\G.Ovink\AppData\Local\{25FF8618-3691-4CE6-8150-982DA212D374} deleted successfully
C:\Users\G.Ovink\AppData\Local\{26B69E46-B625-463E-A32F-1F410447CC5F} deleted successfully
C:\Users\G.Ovink\AppData\Local\{2A02372B-284F-4521-A500-848170F2326B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{2B663E54-CD5D-44C1-9FF5-8A2C59A84FE8} deleted successfully
C:\Users\G.Ovink\AppData\Local\{2C282313-110C-45FD-8E59-8AEAD83C849B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{2DE8E4D6-38F2-4D86-8340-A678B8549C42} deleted successfully
C:\Users\G.Ovink\AppData\Local\{30E2F753-FA14-463E-B300-D759779C441F} deleted successfully
C:\Users\G.Ovink\AppData\Local\{32ED9951-34F0-448C-93DB-EB6AF71F116A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{38925BAB-4D5F-4398-B6A0-D3D0853E14DE} deleted successfully
C:\Users\G.Ovink\AppData\Local\{394FD3DB-B76D-4634-9A45-149DCA8698D8} deleted successfully
C:\Users\G.Ovink\AppData\Local\{39A1B131-B6F9-409A-8F1F-F455BFDF3C63} deleted successfully
C:\Users\G.Ovink\AppData\Local\{39EEE951-A862-4D82-80B2-9BBB5EFCF04C} deleted successfully
C:\Users\G.Ovink\AppData\Local\{3D212DE7-EADE-4613-AEEC-51A6F8E21BA0} deleted successfully
C:\Users\G.Ovink\AppData\Local\{3D268CC2-9B9D-4DB8-8C6F-C3B4CA87FA0B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{3D5BFACE-6EFE-4170-AF77-FFA33F2CA366} deleted successfully
C:\Users\G.Ovink\AppData\Local\{3F9A0B3C-BA11-47CB-8C3F-FAA5AEAC14B5} deleted successfully
C:\Users\G.Ovink\AppData\Local\{402D8EAD-69D4-464B-803F-AA07ECD5B7EA} deleted successfully
C:\Users\G.Ovink\AppData\Local\{41B178D6-F6BA-4126-ADF6-A1286203899D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{420FCA70-F4D0-4772-BE20-DE876DF7E0DD} deleted successfully
C:\Users\G.Ovink\AppData\Local\{42862AB8-FEA6-4E0C-A462-C11FF47E7653} deleted successfully
C:\Users\G.Ovink\AppData\Local\{4321655E-43ED-48E7-B071-EC9A35A5DC3B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{4531B2DC-365D-41A2-80FB-8652115AC992} deleted successfully
C:\Users\G.Ovink\AppData\Local\{45D96B1D-0737-4BF5-B8B4-9EFC1BC5A651} deleted successfully
C:\Users\G.Ovink\AppData\Local\{47A57241-9E40-4809-8CDE-CD15006C7912} deleted successfully
C:\Users\G.Ovink\AppData\Local\{48267671-5C7D-4133-973E-B14B2E977742} deleted successfully
C:\Users\G.Ovink\AppData\Local\{484C2F52-C19B-4B2F-914A-CB527F839132} deleted successfully
C:\Users\G.Ovink\AppData\Local\{4A98DDF5-CED2-415A-BCB3-0F1A7095C3B9} deleted successfully
C:\Users\G.Ovink\AppData\Local\{4CF9EBE6-51CE-4917-B106-277761CB5847} deleted successfully
C:\Users\G.Ovink\AppData\Local\{53093987-4AE9-425F-B681-BA16AA607731} deleted successfully
C:\Users\G.Ovink\AppData\Local\{568246D3-F931-46BC-8847-EE9ED0444488} deleted successfully
C:\Users\G.Ovink\AppData\Local\{575231AB-7FA2-4A88-B930-0A252494BCB4} deleted successfully
C:\Users\G.Ovink\AppData\Local\{5802C72D-AD1A-475B-827C-A35D8A520D93} deleted successfully
C:\Users\G.Ovink\AppData\Local\{58646747-B627-450C-B3FA-6B59FF86603A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{5957F2AA-223B-4679-BD97-091C7C518DDA} deleted successfully
C:\Users\G.Ovink\AppData\Local\{5D865DB7-4C6A-42B7-BDDC-9AFABA99460A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{5FBF6581-4D55-41AE-A577-205BB80E0BF7} deleted successfully
C:\Users\G.Ovink\AppData\Local\{602784C5-4F7B-43B0-97C4-B3BAD8AECC8E} deleted successfully
C:\Users\G.Ovink\AppData\Local\{614EE111-818B-4CA2-8571-8E2E6B532C00} deleted successfully
C:\Users\G.Ovink\AppData\Local\{6188ED09-A578-4492-9265-F9E774D46932} deleted successfully
C:\Users\G.Ovink\AppData\Local\{65373E55-B9ED-4927-B33D-285EA315E314} deleted successfully
C:\Users\G.Ovink\AppData\Local\{6553ED79-CBD6-4F0F-BBF1-DA8AE53F46A6} deleted successfully
C:\Users\G.Ovink\AppData\Local\{67FC88F3-F21C-4570-976B-9FFF7C5B5F03} deleted successfully
C:\Users\G.Ovink\AppData\Local\{688258AE-5592-48C9-A3DC-528FF0180F8A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{6D3A322E-CC75-4098-B799-AC39F6DDBD4E} deleted successfully
C:\Users\G.Ovink\AppData\Local\{709FA56E-982F-49DC-828D-FAF5EF12B9FA} deleted successfully
C:\Users\G.Ovink\AppData\Local\{70E09ADB-3940-4DD8-BFB5-76D67AAF7E71} deleted successfully
C:\Users\G.Ovink\AppData\Local\{722F5233-5693-4C41-BBAB-CDB54EA9B04A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{736A7478-2C31-49CB-84FF-CAC27EEBADAA} deleted successfully
C:\Users\G.Ovink\AppData\Local\{76300400-37CC-4141-A43F-CF377DAE1B5B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{7ED9E1AB-468C-479E-BB72-427EE1979DC1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{7F239904-E325-44A2-B545-836E811D7D40} deleted successfully
C:\Users\G.Ovink\AppData\Local\{7FE39BF4-17D4-4FEB-AC47-FFDA3E62F228} deleted successfully
C:\Users\G.Ovink\AppData\Local\{7FED251B-50D7-4E75-A63A-F8ECCF2A106D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{80652A48-067A-425D-9F50-CD5162E1018B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{83B80527-3567-4B6D-A452-D4A13BD40071} deleted successfully
C:\Users\G.Ovink\AppData\Local\{85CF88FA-36C1-4E03-89A5-C11EB87681EF} deleted successfully
C:\Users\G.Ovink\AppData\Local\{878D6118-1C07-41EF-AAC5-56F199801F60} deleted successfully
C:\Users\G.Ovink\AppData\Local\{87A45345-295E-4B07-B3DB-23C8DBC62024} deleted successfully
C:\Users\G.Ovink\AppData\Local\{894ADB01-7A41-4A31-B04B-C1C80B6AF652} deleted successfully
C:\Users\G.Ovink\AppData\Local\{8DB25835-7025-453B-9326-AF5CB9B95B8C} deleted successfully
C:\Users\G.Ovink\AppData\Local\{8E26B9B8-3CFA-4A3E-9702-2A77DCF5CFFB} deleted successfully
C:\Users\G.Ovink\AppData\Local\{8FCCFC5D-AE44-40E3-ACF1-D4A7476D6B6B} deleted successfully
C:\Users\G.Ovink\AppData\Local\{91EE0331-E88A-46A6-A458-A16EEAD6803D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{92353275-B061-48E6-90E4-0EF6FD6354A9} deleted successfully
C:\Users\G.Ovink\AppData\Local\{92488301-064C-401F-B889-E5BDB42AF99D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{94271D9C-B70B-415C-8F62-4533BC1E1843} deleted successfully
C:\Users\G.Ovink\AppData\Local\{9611A9AC-B0E3-4398-AD6B-C63015F51B09} deleted successfully
C:\Users\G.Ovink\AppData\Local\{96A6F2E1-D601-498B-803A-A930EEF32771} deleted successfully
C:\Users\G.Ovink\AppData\Local\{97B09E31-A9CC-473F-B52A-C34B550495BC} deleted successfully
C:\Users\G.Ovink\AppData\Local\{9834598E-F4C2-4065-971F-92E8F6726CD7} deleted successfully
C:\Users\G.Ovink\AppData\Local\{99FD17FF-0629-4278-9846-DA52095AE56D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{9A7220E2-EB8A-43FC-902B-400ECA837380} deleted successfully
C:\Users\G.Ovink\AppData\Local\{9B127B6E-AC5B-41C8-87D7-45D6AB0ED03A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{9F20489E-F65A-4058-991F-868996C6931D} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A011E17D-AF9C-4D0E-9A1C-1EFDF344C5E3} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A150D6F4-0293-4DB4-B21D-359ACFB54941} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A21E9ACC-BB0B-4090-860C-38CBCACA5EF0} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A2FDD507-FCCA-4643-B1B4-1565328A43E5} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A340E27B-5922-4B6D-92C1-0A83AA16AAB8} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A48D5415-81F3-4A4F-8DE2-8AA36E7E5ADB} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A4FE3C60-B99D-4427-B6DD-E1A5791C9F11} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A761DCF6-A924-4F84-B60D-EA6B2ABADC17} deleted successfully
C:\Users\G.Ovink\AppData\Local\{A8F0BE35-84F0-4E30-9499-518E3E5C02D1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{AA004567-E7AF-43A5-A258-64F39D10C4CE} deleted successfully
C:\Users\G.Ovink\AppData\Local\{AE58B00E-5028-4872-B8B9-7FBDA3F0A7A0} deleted successfully
C:\Users\G.Ovink\AppData\Local\{B2FB4CB5-11E2-4F2C-B741-CCC7A95BD4F6} deleted successfully
C:\Users\G.Ovink\AppData\Local\{B3400CAE-D1A2-4B26-8081-DF799B258E3A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{B4CD7DFB-3A2C-4FDF-A290-9563AFB160F8} deleted successfully
C:\Users\G.Ovink\AppData\Local\{B574A500-A7A4-428C-811A-871228921388} deleted successfully
C:\Users\G.Ovink\AppData\Local\{BB185038-39DE-4824-A9C4-5CDA646750B0} deleted successfully
C:\Users\G.Ovink\AppData\Local\{BC43ABBB-8B22-4433-83F8-DF4537FCCC36} deleted successfully
C:\Users\G.Ovink\AppData\Local\{BC79825D-546B-404E-AE04-992B201D9CCC} deleted successfully
C:\Users\G.Ovink\AppData\Local\{BCBA9FEA-556E-4D6F-A94F-0E41286EA200} deleted successfully
C:\Users\G.Ovink\AppData\Local\{BD3B89F0-DC43-43CF-8618-1C469D26518F} deleted successfully
C:\Users\G.Ovink\AppData\Local\{BE77A393-95D3-420A-B375-31DDE45661BF} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C01FB701-C732-4E68-A7CD-D4B261A5039F} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C0AA8D9A-72AC-41CD-BC02-AD69AD357644} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C17C5E7C-3DF5-485D-9B95-5783F08C01D3} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C19F1272-3568-43F5-B85B-751B302B30D1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C21E44E6-F809-45D2-BF79-CA73ECEF3ADE} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C69F773E-6411-435C-B5DC-48644914FCFC} deleted successfully
C:\Users\G.Ovink\AppData\Local\{C9B58120-1F6E-4148-BAD6-75613F98314A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CA4E7750-064B-4C96-A660-3C4D26DED8BB} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CAEB24D1-1364-4E32-8B1A-2A9DA99E73D3} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CBF8EF92-6731-4703-8394-47748D440BA9} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CC52B7B9-5D0F-418B-959A-C14F771648D1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CCA9E036-87DF-416D-8811-9EEE20D64D9E} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CD1F7903-D700-4540-8092-041FE6AAEA63} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CD529F5F-21F3-4A79-8718-3D4BF9B96937} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CE649094-8CD3-4151-B43C-1C79D8191DA6} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CE8EB530-287F-45B7-AC91-F7602C8404D0} deleted successfully
C:\Users\G.Ovink\AppData\Local\{CEF66C83-62A5-4F15-B66F-CD288F9B7B8F} deleted successfully
C:\Users\G.Ovink\AppData\Local\{D419DB74-07EC-4D1D-B216-0A57F0471168} deleted successfully
C:\Users\G.Ovink\AppData\Local\{D6F6EFA6-512A-4156-A65F-6C246A0F3235} deleted successfully
C:\Users\G.Ovink\AppData\Local\{D704754D-BFEA-4C7B-AEEC-E1C9072032C5} deleted successfully
C:\Users\G.Ovink\AppData\Local\{D881BE36-FB27-4C26-AAB7-373E098426C1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{D9894E8D-A48D-4396-8E37-AD5400136FC4} deleted successfully
C:\Users\G.Ovink\AppData\Local\{DC02D60B-0561-4D93-86EC-DA89EE8CF3FB} deleted successfully
C:\Users\G.Ovink\AppData\Local\{DC7CEE7E-42FC-44FE-9C31-39E8E0A513C2} deleted successfully
C:\Users\G.Ovink\AppData\Local\{DC998AD9-3E0A-495A-80F1-43AA9D166268} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E09A635D-F52D-4638-99A7-20EE35D1FB00} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E14C4603-CE76-445A-8B82-B52ADCEBABE1} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E1610E2A-4BA8-498F-A729-A30D897ED8DE} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E42D3925-AAD4-43AF-93A5-6662CACFDF71} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E46E8BBB-2306-4B7C-9A0D-7BACFD99C1CF} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E6B0FAF5-4A1D-4601-AD62-84B56ACDB20A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E71E2872-C39A-42DE-86A3-981584BF8C70} deleted successfully
C:\Users\G.Ovink\AppData\Local\{E925D5E9-539D-4AC1-8794-E5210E6CDFEC} deleted successfully
C:\Users\G.Ovink\AppData\Local\{EAFEA369-8945-4F4F-B93C-D94950E0D54A} deleted successfully
C:\Users\G.Ovink\AppData\Local\{EB94EAB2-FB56-4C5A-95EA-046ECAC08F31} deleted successfully
C:\Users\G.Ovink\AppData\Local\{EBB73311-157E-476B-AB69-3359B2946634} deleted successfully
C:\Users\G.Ovink\AppData\Local\{EDB6AC71-0559-441E-9750-649968C859F8} deleted successfully
C:\Users\G.Ovink\AppData\Local\{EEB3F1B4-529C-4D18-AA33-383D50FBDCFF} deleted successfully
C:\Users\G.Ovink\AppData\Local\{EEC19D9F-8118-4736-86BC-6781D2DCCA29} deleted successfully
C:\Users\G.Ovink\AppData\Local\{F45F2F61-8339-437A-8026-7971BAC89F62} deleted successfully
C:\Users\G.Ovink\AppData\Local\{F55D65EB-1DC0-4E74-B78C-28D86C3702BB} deleted successfully
C:\Users\G.Ovink\AppData\Local\{F593DED3-508A-41D0-BF9A-F00F00BA220E} deleted successfully
C:\Users\G.Ovink\AppData\Local\{F5B82525-BA0A-4E3A-8399-AECD4B96110C} deleted successfully
C:\Users\G.Ovink\AppData\Local\{F69991F3-76CF-4505-8417-32C75EE548F3} deleted successfully
C:\Users\G.Ovink\AppData\Local\{F7872793-8E51-41F1-9F1F-93BA551ED022} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FADC9EDA-FB34-4598-9071-31464A3DB825} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FB05B629-298F-47F8-8529-1C841DAEDC76} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FC4A574E-FB6C-4582-94EA-C0F66AADE231} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FD10EF8C-FD8A-4EE2-ADED-180C289D9460} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FD54BD94-39A8-45DF-8DDD-F1292DFA93B7} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FDCEEAA3-4381-4AFC-8EA4-FEBE0E756E7E} deleted successfully
C:\Users\G.Ovink\AppData\Local\{FF34387D-CDEE-445B-BD17-6CCC412FF7E2} deleted successfully
C:\Users\hov\AppData\Local\MigWiz deleted successfully
C:\Users\hov\AppData\Local\Samsung deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B83663F-F4DC-4A77-B6D7-4DBC35AE6D85} deleted successfully
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9A9FE01B-695D-4785-A490-9AEB88AA3510} deleted successfully
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3587777859-3536404053-1060696331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
==== Running Processes ======================
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Users\hov\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\G8F3B~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\nwhfuckz.default
user.js not found
—- FireFox user.js and prefs.js backups —-
prefs_15-02-2014_2142_.backup
ProfilePath: C:\Users\GC19D~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\kgv2njmc.default
user.js not found
—- FireFox user.js and prefs.js backups —-
prefs_15-02-2014_2142_.backup
ProfilePath: C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default
user.js not found
—- Lines babylon removed from prefs.js —-
user_pref(“extensions.BabylonToolbar.prtkDS”, 0);
user_pref(“extensions.BabylonToolbar.prtkHmpg”, 0);
—- Lines Sweet removed from prefs.js —-
user_pref(“sweetim.toolbar.previous.browser.search.defaultenginename”, “”);
user_pref(“sweetim.toolbar.previous.browser.search.selectedEngine”, “”);
user_pref(“sweetim.toolbar.previous.browser.startup.homepage”, “”);
user_pref(“sweetim.toolbar.previous.keyword.URL”, “”);
user_pref(“sweetim.toolbar.scripts.1.domain-blacklist”, “”);
user_pref(“sweetim.toolbar.searchguard.enable”, “”);
user_pref(“sweetim.toolbar.searchguard.UserRejectedGuard_DS”, “”);
user_pref(“sweetim.toolbar.searchguard.UserRejectedGuard_HP”, “”);
—- Lines extensions.f5eGRtcdNJd removed from prefs.js —-
user_pref(“extensions.f5eGRtcdNJd.epoch”, “1392541039”);
user_pref(“extensions.f5eGRtcdNJd.url”, "http://proxy5-jpi.info/sync2/?q=hfZ9ofqUrHsMCyVUojaMg708BNmGWj8pjchGheDUojwHrjsHrdwFrjrFqShIC7n0rjnErTw8rdY8q
—- Lines extensions.qIysTg removed from prefs.js —-
user_pref(“extensions.qIysTg.epoch”, “1392541039”);
user_pref(“extensions.qIysTg.url”, "http://safefacile.net/sync2/?q=hfZ9oehSBfwMCyVUojaMg708BNmGWj8pjchGheDUojwHrjsHrdwFrjrGqchIC7n0rjnErTw8rdY8qTnGtNh
—- FireFox user.js and prefs.js backups —-
prefs_15-02-2014_2142_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“MediaGet2”=-
“AppInit_DLLs”=-
==== Deleting Files \ Folders ======================
C:\PROGRA~3\FASTAN~1 deleted
C:\PROGRA~3\WebTect deleted
C:\PROGRA~3\INTELE~1 deleted
C:\ProgramData\kfgngcjijinjbmhibmecigbdkkgpblin deleted
C:\Users\G.Ovink\AppData\LocalLow\{81EFA0D0-D7FA-09CE-F196-310B213E496B} deleted
C:\Users\hov\AppData\LocalLow\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted
C:\Users\hov\AppData\LocalLow\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted
C:\Users\hov\AppData\LocalLow\{9B55E4CC-1003-61A5-F839-37D4743F5471} deleted
C:\Users\hov\AppData\LocalLow\{DE44FDCD-E30B-7740-2A44-B9A3E205B65F} deleted
C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{5159A648-36BD-0F99-438E-0CB6F2BAC02F} deleted
C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{89817DE5-58D3-6F75-B0F6-B0C2C66AE7F1} deleted
C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{9B55E4CC-1003-61A5-F839-37D4743F5471} deleted
C:\Users\hov\AppData\Local\Packages\windows_ie_ac_001\AC\{DE44FDCD-E30B-7740-2A44-B9A3E205B65F} deleted
C:\ProgramData\b7a7db7ebbe4ee4c deleted
C:\ProgramData\Happy2Savveu deleted
C:\ProgramData\DisCouuniTExttensi deleted
C:\PROGRA~2\FoxTabAVIConverter deleted
C:\ProgramData\SPL8B33.tmp deleted
C:\ProgramData\InstallMate deleted
C:\Windows\WinInit.Ini deleted
C:\Windows\tasks\Sk-Enhancer-S-5902107913.job deleted
C:\windows\SysNative\tasks\Sk-Enhancer-S-5902107913 deleted
C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\searchplugins\utorrentbarnl-customized-web-search.xml deleted
C:\Users\GC19D~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\kgv2njmc.default\extensions\gkg_y@vjdjyeuo.co.uk deleted
C:\Users\GC19D~1.OVI\AppData\Roaming\Mozilla\Firefox\Profiles\kgv2njmc.default\extensions\sbgi@aqrdhx.net deleted
C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\extensions\gkg_y@vjdjyeuo.co.uk deleted
C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default\extensions\sbgi@aqrdhx.net deleted
“C:\Users\hov\AppData\Local\{3665A230-AA52-4DAF-B81C-32FB98963952}” deleted
“C:\Users\hov\AppData\Local\MediaGet2\libeay32.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\libvlc.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\libvlccore.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\mediaget.exe” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtCore4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtDeclarative4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtGui4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtNetwork4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtScript4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtSql4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtWebKit4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtXml4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\QtXmlPatterns4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\ssleay32.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\imageformats\qgif4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\imageformats\qjpeg4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\imageformats\qmng4.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\access\libdshow_plugin.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\audio_output\libaout_directx_plugin.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\audio_output\libwaveout_plugin.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\control\libhotkeys_plugin.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\mmxext\libmemcpymmxext_plugin.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\video_output\libdirectx_plugin.dll” deleted
“C:\Users\hov\AppData\Local\MediaGet2” deleted
“C:\Users\hov\AppData\Local\MediaGet2\imageformats” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\access” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\audio_output” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\control” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\mmxext” deleted
“C:\Users\hov\AppData\Local\MediaGet2\plugins\video_output” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2812 MB
CPU Info: AMD Athlon™ II P320 Dual-Core Processor
CPU Speed: 2148,1 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Display Adapters: ATI Mobility Radeon HD 4200 Series | ATI Mobility Radeon HD 4200 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Bluetooth PAN Network Adapter | Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 Wireless Network Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-L633C
Ports: COM3 | COM4 | COM5 | COM6 | COM21 LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 116,4GB | D: 116,1GB
Hard Disks - Free: C: 65,9GB | D: 92,8GB
Manufacturer *: TOSHIBA
BIOS Info: AT/AT COMPATIBLE | 02/05/10 | TOSCPL - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: TOSHIBA NALAE
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 27.0.1
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 27.0.1 (x86 nl)
Google Chrome version: 31.0.1650.63
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 12.0.0.44
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\hov\AppData\Local\Temp ====
2014-02-15 19:40:57 06A76E680E46E8424CA4B2B814AAFD7D 17640 ——w- C:\Users\hov\AppData\Local\Temp\half-open-limit-check.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\hov\AppData\Roaming ======
====== C:\Users\hov ======
2014-02-15 17:26:21 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(3).exe
2014-02-13 09:05:28 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(2).exe
2014-02-05 06:47:39 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(1).exe
2014-01-21 17:03:44 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-02-15 19:40:57 06A76E680E46E8424CA4B2B814AAFD7D 17640 ——w- C:\Users\hov\AppData\Local\Temp\half-open-limit-check.exe
2014-02-15 17:26:21 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(3).exe
2014-02-15 10:48:56 B951607D1ED4B78184415FBAA7C683AE 62779704 —-a-w- C:\Users\hov\AppData\Local\Media Get LLC\MediaGet2\update.exe
2014-02-13 09:05:28 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\hov\Downloads\RSITx64(2).exe
=== C: other files ==
==== Startup Registry Enabled ======================
“TOSHIBA Online Product Information”=“C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –type=service”
“TOSHIBA Online Product Information”=“C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“Lexmark 9300 Series”=“C:\Program Files (x86)\Lexmark 9300 Series\fm3032.exe /s”
“TWebCamera”=“C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”
“NBAgent”=“c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart”
“GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“BtTray”=“C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”
“KeNotify”=“C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“AvastUI.exe”=“C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui”
“EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”=“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe –type=service”
==== Startup Registry Enabled x64 ======================
“lxcqmon.exe”=“C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe”
“EzPrint”=“C:\Program Files (x86)\Lexmark 9300 Series\ezprint.exe”
“WrtMon.exe”=“C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe”
“TPwrMain”=“%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE”
“TosWaitSrv”=“%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe”
“TosSENotify”=“C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe”
“TosNC”=“%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe”
“Toshiba TEMPRO”=“C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe”
“SmoothView”=“%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe”
“RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“RtHDVBg”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3”
“HSON”=“%ProgramFiles%\TOSHIBA\TBS\HSON.exe”
“00TCrdMain”=“%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe”
“TosVolRegulator”=“C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe”
“Teco”=“%ProgramFiles%\TOSHIBA\TECO\Teco.exe /r”
“TosReelTimeMonitor”=“%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe”
“AppInit_DLLs”=“ C:\\PROGRA~3\\FASTAN~1\\FASTAN~2.DLL C:\\PROGRA~3\\WebTect\\WEBTEC~1.DLL C:\\PROGRA~3\\INTELE~1\\INTELE~2.DLL”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPDLR”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“EC5A6BA57C4FDADF8A595B3E69A8FDC4E5E23109._service_run”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\“ –type=service”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HWSetup”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe hwSetUP”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPDLR”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPreload”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SVPWUTIL”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\TOSHIBA\\Utilities\\SVPWUTIL.exe SVPwUTIL”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Toshiba Registration”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Toshiba\\Registration\\ToshibaReminder.exe”
==== Startup Folders ======================
2010-04-19 06:48:36 1258 —-a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2010-04-19 06:48:36 1258 —-a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2011-12-09 09:47:51 1321 —-a-w- C:\Users\hov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2011-07-10 11:39:41 930 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update-agent.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\ConfigFree Startup Programs”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0902C831-6FD6-473C-9EEB-DF20ACBB2588}”
“C:\Windows\SysNative\tasks\User_Feed_Synchronization-{AED7B89A-4FDA-402B-933A-8A9E3ED067F9}”
“C:\Windows\SysNative\tasks\{8D725789-058E-4978-A2CC-3F2EAA15F23F}”
“C:\Windows\SysNative\tasks\{C60C194C-A330-4016-9FE3-861FF280EC26}”
==== Folders in C:\ProgramData 0-6 Months Old ======================
No folders found aged 0-6 months
==== Firefox Extensions Registry ======================
“wrc@avast.com”=“C:\Program Files\Alwil Software\Avast5\WebRep\FF”
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\hov\AppData\Roaming\Mozilla\Firefox\Profiles\zf4wi6bs.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\hov\AppData\Local\Temp\crxB636.tmp
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx
avast WebRep - G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Happy2Savveu - G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco
avast Online Security - hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Happy2Savveu - hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco
Google Wallet - hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Chrome Fix ======================
C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco deleted successfully
C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Extensions\kieloplihfmdljfkcjghhdgjnhcndnco deleted successfully
C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kieloplihfmdljfkcjghhdgjnhcndnco_0.localstorage deleted successfully
C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kieloplihfmdljfkcjghhdgjnhcndnco_0.localstorage-journal deleted successfully
C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnopppmhmeaoemkcpcdafnglgdlhcpp deleted successfully
C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbfopbngnljkpkbadmbgngfphfjkcfo deleted successfully
C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpjojmkojegebmmebgegclhpificoip deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startpagina.nl/”
“Search Page”=“http://www.google.com”
“Default_Search_URL”=“http://www.google.com/ie”
@=“http://www.google.com/search?q=%s”
“SearchAssistant”=“http://www.google.com/ie”
“Default_Search_URL”=“http://www.google.com/ie”
“DefaultScope”=“{0B97168A-F193-401D-847F-F4094DB974B9}”
not found
New Values:
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.startpagina.nl/”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{6569A652-7D4A-44A3-9F17-374C13BA297B} Google Url=“http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{6E7E674B-EFD7-405D-9337-052D108DF045} Amazon Url=“http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2”
{B9D63DCD-1571-4FDF-A7B3-B38F1523B5E4} eBay Url=“http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}”
{F6A686E6-2535-40B2-969C-337E50CD697D} Bing Url=“http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BAFBE8E-A164-FE99-4A55-9CF93EE9CEAF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{ef65f95a} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{25e4f9bf} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully
==== HijackThis Entries ======================
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Lexmark 9300 Series\fm3032.exe” /s
O4 - HKLM\..\Run: “C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe” autorun
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe” /WinStart
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Alwil Software\Avast5\AvastUI.exe” /nogui
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=service
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User ‘Default user’)
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User ‘Default user’)
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Update-agent.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxcq_device - - C:\Windows\system32\lxcqcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\G. Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\G. Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\G.Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\G.Ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\G.Ovink\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\G.Ovink\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\hov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\hov\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\ovink\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\G. Ovink\AppData\Local\Mozilla\Firefox\Profiles\nwhfuckz.default\Cache emptied successfully
C:\Users\G.Ovink\AppData\Local\Mozilla\Firefox\Profiles\kgv2njmc.default\Cache emptied successfully
C:\Users\hov\AppData\Local\Mozilla\Firefox\Profiles\zf4wi6bs.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\G.Ovink\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\hov\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=414 folders=78 185453530 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\G. Ovink\AppData\Local\Temp emptied successfully
C:\Users\G.Ovink\AppData\Local\Temp emptied successfully
C:\Users\ovink\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\hov\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\hov\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\G.Ovink\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3P4NNHMU\media.rtl.nl” not found
==== EOF on za 15-02-2014 at 21:57:57,75 ======================
Ben

15-02-2014 22:10

Hallo,
Wat een opruiming, voer zoek.exe nogmaals uit met de volgende code;
C:\Users\hov\AppData\Local\Media Get LLC;fs
;r64
“AppInit_DLLs”=-;r64
Plaats het verkregen logje.
Download
AdwCleaner by Xplode naar het bureaublad.
*Sluit alle openstaande vensters.
*Dubbelklik op AdwCleaner om hem te starten.
*Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
*Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
*Klik vervolgens op Scan.
*Klik vervolgens op Clean als er items zijn gevonden.
*Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Harry(O)

15-02-2014 22:27

progje loopt.
tjonge das inderdaad een kaalslag was dat allemaal adware ?
Of heeft dit nog niks te maken met al die pop ups in Firefox en grome.
Heb het hyacktis logje ook even bekeken en zag daar een boelveel file missings.
Kan de oorzaak van dat liggen bij CCleaner, als ik daar op“ register” scan komen er ook een boel fouten naar voren.
Ben

15-02-2014 22:31

tjonge das inderdaad een kaalslag was dat allemaal adware ?
Of heeft dit nog niks te maken met al die pop ups in Firefox en grome.
Zoek.exe heb ik malware/adware van je pc en uit al je browsers laten verwijderen.
Heb het hyacktis logje ook even bekeken en zag daar een boelveel file missings.
Kan de oorzaak van dat liggen bij CCleaner, als ik daar op“ register” scan komen er ook een boel fouten naar voren.
Dat file missings komt omdat HijackThis niet met een 64 bit om kan gaan, Ccleaner kan je gewoon blijven gebruiken.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

virusmelding van avast en vragen om opstartscan

Harry(O)

Ben

Harry(O)

Ben

Harry(O)

Ben

Harry(O)

Ben

Harry(O)

Ben