trage PC - 100% CPU

Rob26

06-03-2014 15:15

Logfile of random's system information tool 1.09 (written by random/random)
Run by Rob at 2014-03-06 14:32:17
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 16 GB (18%) free of 86 GB
Total RAM: 3454 MB (37% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-905063731-74274285-34031197-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-905063731-74274285-34031197-1000UA.job
C:\Windows\tasks\One-Click Optimizer.job
C:\Windows\tasks\PC Fresh.job
C:\Windows\tasks\SpeedyPC Pro Startup.job
C:\Windows\tasks\SpeedyPC Pro.job
C:\Windows\tasks\SpeedyPC Registration3.job
C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
C:\Windows\tasks\SpeedyPC Update Version3.job
======Registry dump======
IObit Apps Toolbar - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
AccelerateTab - C:\PROGRA~1\Secure Speed Dial\IE\SpeedDial.dll
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
ChromeFrame BHO - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
Adblock - C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
!{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - IObit Apps Toolbar - C:\Program Files\IObit Apps Toolbar\IE\8.8\iobitappsToolbarIE.dll
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
“Ashampoo WinOptimizer Live-Tuner”=C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe
“”=
“G Data AntiVirus Tray”=C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
“GDFirewallTray”=C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Silvercrest MTS2118 driver\StartAutorun.exe
C:\Program Files\GO!Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe
C:\Program Files\OTB_util\OTB_util.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\USIM Editor\iconcs746203.exe
SDWinLogon.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“undockwithoutlogon”=1
“ShutdownWithoutLogon”=0
“NoDispCPL”=0
“NoDispSettingsPage”=0
“NoDispScrSavPage”=0
“ConsentPromptBehaviorAdmin”=5
“NoInstrumentation”=1
“NoDriveTypeAutoRun”=145
“NoResolveSearch”=1
“NoResolveTrack”=1
“NoViewContextMenu”=0
“NoFileAssociate”=0
“NoRun”=0
“NoClose”=0
“StartMenuLogoff”=0
“NoResolveTrack”=1
“C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe”=“C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon”
“C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe”=“C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service”
“C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe”=“C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater”
“C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe”=“C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service”
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave3”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer3”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave4”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer4”=wdmaud.drv
“aux2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - NOTEPAD.EXE “%1”
.reg - open - NOTEPAD.EXE “%1”
.scr - open - “C:\Windows\system32\notepad.exe” “%1”
.scr - install -
.scr - config -
.vbs - open - NOTEPAD.EXE “%1”
======List of files/folders created in the last 1 month======
2014-03-06 14:32:18 —-D—- C:\Program Files\trend micro
2014-03-06 14:32:16 —-D—- C:\rsit
2014-03-04 21:40:34 —-A—- C:\Windows\system32\drivers\PktIcpt.sys
2014-03-04 21:38:26 —-A—- C:\Windows\system32\drivers\gdwfpcd32.sys
2014-03-04 21:38:17 —-A—- C:\Windows\system32\drivers\HookCentre.sys
2014-03-04 21:38:16 —-A—- C:\Windows\system32\drivers\MiniIcpt.sys
2014-03-04 21:38:16 —-A—- C:\Windows\system32\drivers\GDBehave.sys
2014-03-04 17:50:40 —-D—- C:\Program Files\Application Updater
2014-03-04 17:50:39 —-D—- C:\Program Files\IObit Apps Toolbar
2014-03-04 16:46:34 —-A—- C:\Windows\system32\sdnclean.exe
2014-03-04 16:46:28 —-D—- C:\ProgramData\Spybot - Search & Destroy
2014-03-04 16:46:10 —-D—- C:\Program Files\Spybot - Search & Destroy 2
2014-02-28 20:41:47 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2014-02-27 15:41:01 —-D—- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-27 15:10:04 —-D—- C:\Windows\Migration
2014-02-22 10:27:29 —-D—- C:\backup
2014-02-20 13:17:46 —-D—- C:\Users\Rob\AppData\Roaming\Spotify
2014-02-19 12:58:18 —-D—- C:\Windows\Replay Music 6
2014-02-19 12:58:17 —-D—- C:\Program Files\Replay Music 6
2014-02-16 22:14:14 —-A—- C:\Windows\system32\ieui.dll
2014-02-16 22:14:14 —-A—- C:\Windows\system32\ie4uinit.exe
2014-02-16 22:14:13 —-A—- C:\Windows\system32\msrating.dll
2014-02-16 22:14:13 —-A—- C:\Windows\system32\jsproxy.dll
2014-02-16 22:14:13 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-02-16 22:14:12 —-A—- C:\Windows\system32\ieUnatt.exe
2014-02-16 22:14:12 —-A—- C:\Windows\system32\iesetup.dll
2014-02-16 22:14:12 —-A—- C:\Windows\system32\iernonce.dll
2014-02-16 22:14:12 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-02-16 22:14:11 —-A—- C:\Windows\system32\jscript9diag.dll
2014-02-16 22:14:11 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-02-16 22:14:11 —-A—- C:\Windows\system32\ieapfltr.dll
2014-02-16 22:14:10 —-A—- C:\Windows\system32\msfeeds.dll
2014-02-16 22:14:09 —-A—- C:\Windows\system32\wininet.dll
2014-02-16 22:14:09 —-A—- C:\Windows\system32\iertutil.dll
2014-02-16 22:14:08 —-A—- C:\Windows\system32\urlmon.dll
2014-02-16 22:14:07 —-A—- C:\Windows\system32\ieframe.dll
2014-02-16 22:14:06 —-A—- C:\Windows\system32\mshtml.dll
2014-02-16 22:14:05 —-A—- C:\Windows\system32\jscript9.dll
2014-02-16 11:14:23 —-A—- C:\Windows\system32\msxml3r.dll
2014-02-16 11:14:23 —-A—- C:\Windows\system32\msxml3.dll
2014-02-15 12:18:45 —-A—- C:\Windows\system32\FNTCACHE.DAT
2014-02-14 10:38:09 —-A—- C:\Windows\system32\drivers\GdPhyMem.sys
2014-02-13 07:32:12 —-A—- C:\Windows\system32\vbscript.dll
2014-02-12 23:29:57 —-D—- C:\Users\Rob\AppData\Roaming\G Data
2014-02-12 23:26:05 —-D—- C:\Program Files\G Data
2014-02-12 23:26:00 —-D—- C:\Program Files\Common Files\G Data
2014-02-12 23:19:00 —-D—- C:\ProgramData\G Data
2014-02-12 22:31:05 —-A—- C:\Windows\system32\d3d10warp.dll
2014-02-12 22:31:05 —-A—- C:\Windows\system32\d2d1.dll
2014-02-12 22:31:02 —-A—- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 22:31:02 —-A—- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 22:31:02 —-A—- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 22:31:02 —-A—- C:\Windows\system32\RMActivate.exe
2014-02-12 22:31:01 —-A—- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 22:31:01 —-A—- C:\Windows\system32\secproc_ssp.dll
2014-02-12 22:31:01 —-A—- C:\Windows\system32\secproc_isv.dll
2014-02-12 22:31:01 —-A—- C:\Windows\system32\secproc.dll
2014-02-12 22:31:01 —-A—- C:\Windows\system32\msdrm.dll
2014-02-12 15:13:08 —-D—- C:\Windows\IswTmp
2014-02-12 14:47:04 —-D—- C:\Users\Rob\AppData\Roaming\CheckPoint
2014-02-12 14:46:50 —-A—- C:\Windows\system32\drivers\kl1.sys
2014-02-12 14:46:47 —-A—- C:\Windows\system32\drivers\klif.sys
2014-02-12 14:46:47 —-A—- C:\Windows\system32\drivers\klflt.sys
2014-02-12 14:31:42 —-D—- C:\Program Files\CheckPoint
2014-02-12 14:26:37 —-D—- C:\ProgramData\CheckPoint
2014-02-11 18:03:21 —-D—- C:\Users\Rob\AppData\Roaming\AVG2014
2014-02-11 18:02:26 —-D—- C:\ProgramData\AVG2014
2014-02-11 10:41:21 —-A—- C:\Windows\system32\GDIPFONTCACHEV1.DAT
======List of files/folders modified in the last 1 month======
2014-03-06 14:32:18 —-RD—- C:\Program Files
2014-03-06 14:32:16 —-D—- C:\Windows\temp
2014-03-06 14:12:42 —-D—- C:\Windows\system32\catroot2
2014-03-06 14:12:42 —-D—- C:\Windows
2014-03-06 13:48:01 —-D—- C:\ProgramData\MFAData
2014-03-06 13:22:22 —-D—- C:\Windows\system32\config
2014-03-06 12:50:09 —-D—- C:\Windows\system32\Tasks
2014-03-06 08:18:21 —-D—- C:\Program Files\Opera
2014-03-06 08:18:20 —-D—- C:\ProgramData\LogMeIn
2014-03-06 07:19:17 —-D—- C:\Windows\SoftwareDistribution
2014-03-06 07:15:13 —-D—- C:\Users\Rob\AppData\Roaming\iolo
2014-03-05 22:37:20 —-D—- C:\Users\Rob\AppData\Roaming\Opera Software
2014-03-05 22:30:18 —-SHD—- C:\Boot
2014-03-05 16:12:01 —-D—- C:\Program Files\Handbrake
2014-03-05 13:24:46 —-SHD—- C:\Windows\Installer
2014-03-05 13:23:44 —-D—- C:\Windows\System32
2014-03-04 21:40:34 —-D—- C:\Windows\system32\drivers
2014-03-04 21:25:42 —-D—- C:\Windows\system32\wbem
2014-03-04 21:25:20 —-D—- C:\Windows\system32\spool
2014-03-04 21:23:15 —-D—- C:\Windows\system32\catroot
2014-03-04 21:23:01 —-D—- C:\Windows\system32\winevt
2014-03-04 21:23:01 —-D—- C:\Windows\system32\WinBioPlugIns
2014-03-04 21:23:01 —-D—- C:\Windows\system32\wdi
2014-03-04 21:23:00 —-D—- C:\Windows\system32\SMI
2014-03-04 21:23:00 —-D—- C:\Windows\system32\Setup
2014-03-04 21:22:59 —-HD—- C:\Windows\system32\GroupPolicy
2014-03-04 21:22:59 —-D—- C:\Windows\system32\MUI
2014-03-04 21:22:59 —-D—- C:\Windows\system32\LogFiles
2014-03-04 21:22:55 —-D—- C:\Windows\system32\com
2014-03-04 20:44:51 —-D—- C:\Windows\Prefetch
2014-03-04 17:51:38 —-D—- C:\Config.Msi
2014-03-04 17:50:39 —-D—- C:\Program Files\Common Files\Spigot
2014-03-04 16:46:49 —-SD—- C:\ProgramData\Microsoft
2014-03-04 16:46:28 —-HD—- C:\ProgramData
2014-03-04 15:02:14 —-D—- C:\Program Files\Secure Speed Dial
2014-03-04 09:28:28 —-D—- C:\Windows\Downloaded Program Files
2014-03-03 23:03:41 —-D—- C:\Windows\inf
2014-03-03 08:42:28 —-D—- C:\Windows\Minidump
2014-03-03 08:05:42 —-D—- C:\Users\Rob\AppData\Roaming\Dropbox
2014-03-01 23:30:23 —-D—- C:\IDrive
2014-02-28 20:41:50 —-D—- C:\Windows\Tasks
2014-02-28 09:39:55 —-D—- C:\Windows\Microsoft.NET
2014-02-27 23:46:59 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-02-27 15:41:23 —-D—- C:\Program Files\iTunes
2014-02-27 15:41:01 —-D—- C:\Program Files\Common Files\Apple
2014-02-27 15:20:49 —-D—- C:\ProgramData\ProductData
2014-02-27 15:13:06 —-RSD—- C:\Windows\assembly
2014-02-27 15:10:14 —-D—- C:\Windows\system32\en-US
2014-02-27 13:42:54 —-D—- C:\ProgramData\Fighters
2014-02-27 13:42:50 —-D—- C:\Program Files\Common Files
2014-02-27 13:42:47 —-D—- C:\Program Files\Fighters
2014-02-26 10:55:36 —-D—- C:\ProgramData\ParetoLogic
2014-02-25 23:48:48 —-D—- C:\ProgramData\Adobe
2014-02-25 23:48:46 —-D—- C:\Program Files\Common Files\Adobe
2014-02-25 23:48:45 —-D—- C:\Program Files\Adobe
2014-02-25 08:33:38 —-D—- C:\Windows\rescache
2014-02-24 14:10:48 —-D—- C:\Users\Rob\AppData\Roaming\vlc
2014-02-24 14:05:37 —-D—- C:\Users\Rob\AppData\Roaming\dvdcss
2014-02-24 08:19:54 —-RD—- C:\Users
2014-02-19 17:21:41 —-D—- C:\Program Files\East-Tec Eraser 2010
2014-02-19 13:58:37 —-AD—- C:\ProgramData\TEMP
2014-02-17 13:41:33 —-D—- C:\Windows\winsxs
2014-02-17 13:37:52 —-D—- C:\Program Files\Internet Explorer
2014-02-16 22:17:32 —-D—- C:\ProgramData\Microsoft Help
2014-02-14 08:12:42 —-D—- C:\Users\Rob\AppData\Roaming\BitTorrent
2014-02-14 07:55:28 —-A—- C:\Windows\system32\MRT.exe
2014-02-13 08:58:54 —-D—- C:\ProgramData\Berowsye2soavve
2014-02-13 07:32:49 —-A—- C:\Windows\win.ini
2014-02-13 07:22:56 —-D—- C:\Windows\system32\nl-NL
2014-02-12 21:39:40 —-D—- C:\Windows\system32\DriverStore
2014-02-12 15:41:36 —-SHD—- C:\System Volume Information
2014-02-12 14:46:50 —-DC—- C:\Windows\system32\DRVSTORE
2014-02-11 18:02:26 —-HD—- C:\$AVG
2014-02-11 18:02:13 —-D—- C:\Program Files\AVG
2014-02-11 10:53:51 —-D—- C:\ProgramData\AVG2013
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys
R0 GDBehave;GDBehave; C:\Windows\system32\drivers\GDBehave.sys
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys
R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS
R1 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys
R1 gdwfpcd;G Data WFP CD; C:\Windows\system32\drivers\gdwfpcd32.sys
R1 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys
R2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver; \??\C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor32.sys
R2 DokanCEDriver;DokanCEDriver; \??\C:\Program Files\PogoplugBackup\dokance.sys
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver; \??\C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor32.sys
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys
R2 PDFsFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys
R3 BrSerIb;Brother Serial Interface Driver(WDM); C:\Windows\system32\DRIVERS\BrSerIb.sys
R3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\Windows\system32\DRIVERS\BrUsbSIb.sys
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\Windows\system32\DRIVERS\cmiucr.SYS
R3 GDPkIcpt;GDPkIcpt; \??\C:\Windows\system32\drivers\PktIcpt.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys
R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys
R3 sxuptp;SXUPTP Driver; C:\Windows\system32\DRIVERS\sxuptp.sys
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\Windows\System32\Drivers\BrSerIf.sys
S3 cpuz134;cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
S3 cpuz135;cpuz135; C:\Windows\system32\drivers\cpuz135.sys
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys
S3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 rt70x86;RT2500 USB Wireless LAN Driver for Vista; C:\Windows\system32\DRIVERS\netr70.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
R2 ACT2_Service;Ashampoo Core Tuner 2 Service; C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe
R2 AVKProxy;G Data AntiVirus Proxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
R2 AVKService;G Data Scheduler; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
R2 AVKWCtl;G Data Bestandssysteembewaker; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
R2 Belkin Home Base Control Center Service;Belkin Home Base Control Center Service; C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
R2 DDService;Drobo Dashboard Service; C:\Program Files\Drobo\Drobo Dashboard\DDService.exe
R2 DokanCEMounter;DokanCEMounter; C:\Program Files\PogoplugBackup\dokanmnt.exe
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe
R2 IDriveE Service;IDriveE Service; C:\IDrive\IDriveE Service.exe
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Silvercrest MTS2118 driver\KMWDSrv.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\Ralink\Common\RaRegistry.exe
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
R2 Update LemurLeap;Update LemurLeap; C:\Program Files\LemurLeap\updateLemurLeap.exe
R2 Util LemurLeap;Util LemurLeap; C:\Program Files\LemurLeap\bin\utilLemurLeap.exe
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe
R3 GDFwSvc;G Data Personal Firewall; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
R3 GDScan;G Data Scanner; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
S2 Panorama9 Agent Updater;Panorama9 Agent Updater; C:\Program Files\Panorama9\Panorama9.Agent.UpdateService.exe
S2 SecureUpdateSvc;SecureUpdate; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S3 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
S3 CGVPNCliSrvc;CyberGhost VPN Client; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S4 AshampooDefragService;Ashampoo Defrag Service; C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
S4 Belkin Local Backup Service;Belkin Local Backup Service; C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
S4 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe
—————–EOF—————–
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.04.04.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Rob :: ROB-PC
6/03/2014 14:40:33
mbam-log-2014-03-06 (14-40-33).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 282923
Verstreken tijd: 18 minuut/minuten, 6 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Data: http://u-search.net/?a=1&e=1 -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: (NOTEPAD.EXE “%1”) Goed: (regedit.exe “%1”) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Ben

06-03-2014 15:25

Hallo,
Verwijder Spybot - Search & Destroy 2 deze vertraagt meer dan dat hij verwijderd.
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
C:\Windows\tasks\PC Fresh.job;f
C:\Windows\tasks\SpeedyPC Pro Startup.job;f
C:\Windows\tasks\SpeedyPC Pro.job;f
C:\Windows\tasks\SpeedyPC Registration3.job;f
C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job;f
C:\Windows\tasks\SpeedyPC Update Version3.job;f
;r
C:\PROGRA~1\Secure Speed Dial;fs
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Rob26

06-03-2014 17:16

ik heb zoek.exe gedownloaded naar het bureaublad als een zipfile. Heb de file extrected en getracht ze te openen als administrator. Ik krijg evenwel volgende melding: “kan geen toegang krijgen tot jet opgegeven apparaat, pad of bestand. Mogelijk hebt u geen toegangsmachtiging voor het item”.
Wat nu?Er gebeurt echter niets maar slaag er niet in zoek.exe
Ben

06-03-2014 17:42

Hallo,
Als je de zip heb gedownload doe het volgende;
Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Rob26

06-03-2014 21:31

Option Explicit
Dim fs, objFSO, objLogFile, oFolder
Set fs = CreateObject(“scripting.filesystemobject”)
oFolder = Wscript.Arguments.Item(0)
Const ForAppending = 2
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objLogFile = objFSO.OpenTextFile(“test.txt”, ForAppending, True)
objLogFile.Write(oFolder & “ (F=”)
objLogFile.Write CountFiles(oFolder)
objLogFile.Write(“ D=”)
objLogFile.Write CountFolders(oFolder)
objLogFile.Write(“ ”)
objLogFile.Write FolderSize(oFolder)
objLogFile.Write(“ bytes)” & vbCrLf )
objLogFile.Close
Function CountFolders (ByVal StrFolder)
Dim ParentFld
Dim SubFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.SubFolders.Count
For Each SubFld In ParentFld.SubFolders
IntCount = IntCount + CountFolders(SubFld.Path)
Next
CountFolders = IntCount
End Function
Function FolderSize (ByVal StrFolder)
Dim ParentFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.size
FolderSize = IntCount
End Function
Function CountFiles (ByVal StrFolder)
Dim ParentFld
Dim SubFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.Files.Count
For Each SubFld In ParentFld.SubFolders
IntCount = IntCount + CountFiles(SubFld.Path)
Next
CountFiles = IntCount
End Function
Ben

06-03-2014 21:36

Hallo,
Het lijkt wel een Engelse versie.
Je heb zoek.exe hier toch gedownload: http://www.hijackthis.nl/smeenk/
Verwijder alles van zoek en installeer zoek.exe, dat is de links groene knop boven in.
En voer het dan nog eens uit, laat hem scannen totdat er een logje komt (na een herstart)
Rob26

06-03-2014 21:52

Zoek.exe v5.0.0.0 Updated 02-March-2014
Tool run by Rob on do 06/03/2014 at 20:17:03,69.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rob\Desktop\zoek\zoek.exe
==== System Restore Info ======================
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Belkin HistoryBrowser Drop {CAE41CE0-1855-4985-A332-7D83704A45B6} undetermined path
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} F:\FileZilla FTP Client\fzshellext.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
2009-07-14 02:37:05 d—–w- \Windows
2013-02-28 13:39:43 958 —-a-w- 9DE5B2CF3280665C55D576F885BA89D0 \windows\beidgui.conf
2010-11-20 21:29:04 65024 —-a-w- DBD14D0DB0382DFE96D7B5007DDD5ABE \windows\bfsvc.exe
2014-03-06 17:13:29 67584 –s-a-w- 4C420EA4E7C35E8EEF55742FC5ECFE82 \windows\bootstat.dat
2003-11-28 16:57:12 0 —-a-w- D41D8CD98F00B204E9800998ECF8427E \windows\brdfxspd.dat
2013-08-19 11:35:08 66 —-a-w- 7D6E128FDC85D9EC2130ECAEC7FB7C76 \windows\Brfaxrx.ini
2013-03-25 18:44:02 0 —-a-w- D41D8CD98F00B204E9800998ECF8427E \windows\brmx2001.ini
2013-03-25 18:42:13 74 —-a-w- 107B93695D14301398F09B787D5B33F8 \windows\Brownie.ini
2013-08-19 11:35:43 93 —-a-w- A9400028F8C8E63686101E896C7B35DE \windows\brpcfx.ini
2013-10-25 15:43:58 748 —-a-w- 578099013C7FC9B2C9E1C33A5EE353C2 \windows\Brpfx04a.ini
2013-12-01 09:48:30 27 —-a-w- 084251E575FCCE473C5BAC08C412F196 \windows\BRPP2KA.INI
2013-12-01 09:48:30 434 —-a-w- EC18EF8FA864F4B276879EEACAB7D5E1 \windows\BRWMARK.INI
2007-02-07 11:02:58 65536 —-a-w- A505137B24C176A308DF67844EAD5081 \windows\cmiboot.exe
2006-12-19 10:04:30 241664 —-a-w- A6AC80E66B5F113BEF77F9F73A17378E \windows\CmUCREye.exe
2012-06-20 06:05:22 2052 —-a-w- E21B90BD14AFFC13D50A2E8A26336561 \windows\epplauncher.mif
2011-02-25 05:30:54 2616320 —-a-w- 8B88EBBB05A0E56B7DCC708498C02B3E \windows\explorer.exe
2009-07-14 01:14:20 13824 —-a-w- F9202335BBA03A02F084FE588564BBF5 \windows\fveupdate.exe
2009-07-14 01:14:21 497152 —-a-w- 2FF3A32F01DF61836FED59D441D8B9DF \windows\HelpPane.exe
2009-07-14 01:14:21 15360 —-a-w- 9B90B0C78671A4881D06C91941F6F379 \windows\hh.exe
2009-07-13 22:58:08 43131 —-a-w- 23AF90D2355D8C83AA4567EF1763B467 \windows\mib.bin
2009-06-10 21:19:27 1405 —-a-w- B9FB94A8DA62711C6955825DEFB25C5A \windows\msdfmap.ini
2009-04-01 09:48:16 53478 —-a-w- D84209D3FB6FC9A1FD1519CAE28DC9E7 \windows\mvtcpui.ini
2009-07-14 01:14:27 179712 —-a-w- D378BFFB70923139D6A4F546864AA61C \windows\notepad.exe
2009-06-10 21:14:33 53551 —-a-w- FFB8B91BD19E5BC10A3344AAF34880F3 \windows\Professional.xml
2009-07-14 01:14:30 398336 —-a-w- 8A4883F5E7AC37444F23279239553878 \windows\regedit.exe
2013-09-18 14:09:28 308 —-a-w- BA3AFC9419A11D6C28E80ECD524F0380 \windows\setup.iss
2013-11-18 10:52:30 109144 —-a-w- DED12D4F9B22902A597F347F7EB36965 \windows\SleeN1864.sys
2009-06-10 21:14:45 48201 —-a-w- 9060C3C745E7B2D8E1A81DD061021546 \windows\Starter.xml
2009-06-10 21:46:28 219 —-a-w- 286A9EDB379DC3423A528B0864A0F111 \windows\system.ini
2009-06-10 21:41:17 94784 —-a-w- 0BEA3F79A36B1F67B2CE0F595524C77C \windows\twain.dll
2010-11-20 21:29:41 51200 —-a-w- 163A95975E1D8819E653AA3E961371CA \windows\twain_32.dll
2009-06-10 21:41:17 49680 —-a-w- F36A271706EDD23C94956AFB56981184 \windows\twunk_16.exe
2009-07-14 01:14:42 31232 —-a-w- 0BD6E68F3EA0DD62CD86283D86895381 \windows\twunk_32.exe
2012-07-10 18:44:37 4142392 —-a-w- 5009B6E8EAD5FCBB6C08F50F24CF0FD8 \windows\uninst.exe
2014-02-13 06:32:49 541 —-a-w- 69FA465B51AD15C1C73387F6778933D2 \windows\win.ini
2009-07-14 04:41:57 749 —ha-r- 5A5CFF37F1BD0F86B9BDAAD7A9445882 \windows\WindowsShell.Manifest
2014-03-06 18:59:44 1364148 —-a-w- 9BB83B1FA36CC2AED6C0EFE912BB295D \windows\WindowsUpdate.log
2009-06-10 21:42:20 256192 —-a-w- 8E6F7D51A5CB299C25621C6C1AB57E84 \windows\winhelp.exe
2009-07-14 01:14:45 9728 —-a-w- 1D420D66250BCAAAED05724FB34008CF \windows\winhlp32.exe
2014-03-06 15:32:05 79 —-a-w- 73FE8285D075FE7F0CD980870A09AF3D \windows\wininit.ini
2009-06-10 21:34:23 316640 —-a-w- DC17DD0189B0C36D863B4DD0A036C10F \windows\WMSysPr9.prx
2009-07-14 01:14:49 9216 —-a-w- 6E8EACC0B339365D79A2C06896865D3D \windows\write.exe
2009-06-10 21:42:49 707 —-a-w- B317B33694BAC49D492DD3F23E374899 \windows\_default.pif
2012-01-06 09:07:14 20 —-a-w- F9F4905664C5B42B49E78EFA12D1A6B6 \windows\Ì÷b
==== Empty Folders Check ======================
C:\Program Files\AVS4YOU deleted successfully
C:\Program Files\Spybot - Search & Destroy 2 deleted successfully
C:\Program Files\trend micro deleted successfully
C:\Program Files\Common Files\Windows Live deleted successfully
C:\Users\Rob\AppData\Roaming\Contact Sms Transfer deleted successfully
C:\Users\Rob\AppData\Roaming\Drobo deleted successfully
C:\Users\Rob\AppData\Roaming\IrfanView deleted successfully
C:\Users\Rob\AppData\Roaming\Opera Software deleted successfully
C:\Users\Rob\AppData\Roaming\OTB_util deleted successfully
C:\Users\Rob\AppData\Roaming\PC Cleaners deleted successfully
C:\Users\Rob\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Rob\AppData\Local\CrashDumps deleted successfully
C:\Users\Rob\AppData\Local\Downloaded Installations deleted successfully
C:\Users\Rob\AppData\Local\Opera Software deleted successfully
C:\Users\Rob\AppData\Local\photoOptimizeHistoryDataBase deleted successfully
C:\Users\UpdatusUser\AppData\Local\CrashDumps deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3973E125-3969-46DB-ACCD-A4A37D640D6A} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A88232C-6407-4308-A790-5BF5CAEDD09B} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B6411735-8BE4-4290-8843-418C35B5AF85} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D7DB1D50-58B8-420D-8576-5C662C56F345} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D8D9ACC-F6D7-4362-8876-A275CA929591} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
C:\Program Files\Drobo\Drobo Dashboard\DDService.exe
C:\Program Files\PogoplugBackup\dokanmnt.exe
C:\Windows\system32\HPSIsvc.exe
C:\IDrive\IDriveE Service.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Silvercrest MTS2118 driver\KMWDSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\PC Fresh\PC Fresh.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\Explorer.EXE
C:\IDrive\IDrivePlugin.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\Program Files\LemurLeap\updateLemurLeap.exe
C:\Program Files\LemurLeap\bin\utilLemurLeap.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe
C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Rob\Desktop\zoek\zoek.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k secsvcs
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\update LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\util LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\application updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\application updater deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default
—- Lines BabylonToolbar removed from prefs.js —-
user_pref(“extensions.BabylonToolbar.admin”, false);
user_pref(“extensions.BabylonToolbar.aflt”, “babsst”);
user_pref(“extensions.BabylonToolbar.babExt”, “”);
user_pref(“extensions.BabylonToolbar.babTrack”, “affID=109217&tt=010712_8”);
user_pref(“extensions.BabylonToolbar.bbDpng”, 6);
user_pref(“extensions.BabylonToolbar.dfltLng”, “nl”);
user_pref(“extensions.BabylonToolbar.dfltSrch”, true);
user_pref(“extensions.BabylonToolbar.hmpg”, true);
user_pref(“extensions.BabylonToolbar.id”, “980102ae0000000000000016172a0ff8”);
user_pref(“extensions.BabylonToolbar.instlDay”, “15523”);
user_pref(“extensions.BabylonToolbar.instlRef”, “sst”);
user_pref(“extensions.BabylonToolbar.keyWordUrl”, "http://search.babylon.com/?affID=109217&tt=010712_8&babsrc=KW_ss&mntrId=980102ae0000000000000016172
user_pref(“extensions.BabylonToolbar.lastDP”, 6);
user_pref(“extensions.BabylonToolbar.lastVrsnTs”, “1.5.3.1716:11:53”);
user_pref(“extensions.BabylonToolbar.mntrFFxVrsn”, “27.0”);
user_pref(“extensions.BabylonToolbar.newTab”, true);
user_pref(“extensions.BabylonToolbar.newTabUrl”, “http://search.babylon.com/?babsrc=NT_FFUP”);
user_pref(“extensions.BabylonToolbar.noFFXTlbr”, false);
user_pref(“extensions.BabylonToolbar.prdct”, “BabylonToolbar”);
user_pref(“extensions.BabylonToolbar.propectorlck”, 132693634);
user_pref(“extensions.BabylonToolbar.prtkDS”, 1);
user_pref(“extensions.BabylonToolbar.prtkHmpg”, 1);
user_pref(“extensions.BabylonToolbar.prtnrId”, “babylon”);
user_pref(“extensions.BabylonToolbar.ptch_0717”, true);
user_pref(“extensions.BabylonToolbar.smplGrp”, “tzb”);
user_pref(“extensions.BabylonToolbar.srcExt”, “ss”);
user_pref(“extensions.BabylonToolbar.tlbrId”, “base”);
user_pref(“extensions.BabylonToolbar.vrsn”, “1.5.3.17”);
user_pref(“extensions.BabylonToolbar.vrsnTs”, “1.5.3.1716:11:53”);
user_pref(“extensions.BabylonToolbar.vrsni”, “1.5.3.17”);
user_pref(“extensions.BabylonToolbar_i.aflt”, “babsst”);
user_pref(“extensions.BabylonToolbar_i.babExt”, “”);
user_pref(“extensions.BabylonToolbar_i.babTrack”, “affID=109217&tt=010712_8”);
user_pref(“extensions.BabylonToolbar_i.hardId”, “980102ae0000000000000016172a0ff8”);
user_pref(“extensions.BabylonToolbar_i.id”, “980102ae0000000000000016172a0ff8”);
user_pref(“extensions.BabylonToolbar_i.instlDay”, “15523”);
user_pref(“extensions.BabylonToolbar_i.instlRef”, “sst”);
user_pref(“extensions.BabylonToolbar_i.prdct”, “BabylonToolbar”);
user_pref(“extensions.BabylonToolbar_i.prtnrId”, “babylon”);
user_pref(“extensions.BabylonToolbar_i.smplGrp”, “none”);
user_pref(“extensions.BabylonToolbar_i.srcExt”, “ss”);
user_pref(“extensions.BabylonToolbar_i.tlbrId”, “base”);
user_pref(“extensions.BabylonToolbar_i.vrsn”, “1.5.3.17”);
user_pref(“extensions.BabylonToolbar_i.vrsnTs”, “1.5.3.1716:11:53”);
user_pref(“extensions.BabylonToolbar_i.vrsni”, “1.5.3.17”);
—- Lines delta removed from user.js —-
user_pref(“extensions.delta.tlbrSrchUrl”, “”);
user_pref(“extensions.delta.id”, “980102ae00000000000000ff96138ea7”);
user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
user_pref(“extensions.delta.instlDay”, “15973”);
user_pref(“extensions.delta.vrsn”, “1.8.24.6”);
user_pref(“extensions.delta.vrsni”, “1.8.24.6”);
user_pref(“extensions.delta.vrsnTs”, “1.8.24.615:56:31”);
user_pref(“extensions.delta.prtnrId”, “delta”);
user_pref(“extensions.delta.prdct”, “delta”);
user_pref(“extensions.delta.aflt”, “babsst”);
user_pref(“extensions.delta.smplGrp”, “none”);
user_pref(“extensions.delta.tlbrId”, “coupon2”);
user_pref(“extensions.delta.instlRef”, “sst”);
user_pref(“extensions.delta.dfltLng”, “nl”);
user_pref(“extensions.delta.excTlbr”, false);
user_pref(“extensions.delta.ffxUnstlRst”, true);
user_pref(“extensions.delta.admin”, false);
user_pref(“extensions.delta_i.babTrack”, “affID=124780&tt=250913_cpn2&tsp=5016”);
user_pref(“extensions.delta_i.babExt”, “”);
user_pref(“extensions.delta_i.srcExt”, “ss”);
user_pref(“extensions.delta.autoRvrt”, “false”);
user_pref(“extensions.delta.rvrt”, “false”);
user_pref(“extensions.delta.newTab”, false);
—- Lines u-Search removed from user.js —-
user_pref(“browser.search.defaultengine”, “u-Search”);
user_pref(“browser.search.order.1”, “u-Search”);
user_pref(“browser.newtab.url”, “http://u-search.net/?a=1&e=1”);
—- FireFox user.js and prefs.js backups —-
user_20140603_2050_.backup
prefs_20140603_2050_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“bProtectorDefaultScope”=-
==== Deleting Files \ Folders ======================
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\OneClickDownload@OneClickDownload.com not found
C:\Program Files\LyricsPal deleted
C:\Program Files\GUM2F63.tmp deleted
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml deleted
C:\Program Files\Application Updater deleted
C:\Program Files\IObit Apps Toolbar deleted
C:\Program Files\Free Download Manager deleted
C:\Program Files\NCH Software\Components\NCHToolbars deleted
C:\Program Files\Minibar deleted
C:\Program Files\Mozilla Firefox\.autoreg deleted
C:\Program Files\SpeedyPC Software deleted
C:\Program Files\iLivid deleted
C:\Program Files\1ClickDownload deleted
C:\Program Files\AVG Secure Search deleted
C:\Program Files\Common Files\Spigot deleted
C:\Program Files\Common Files\AVG Secure Search deleted
C:\Program Files\Common Files\SpeedyPC Software deleted
C:\found.000 deleted
C:\Users\Rob\AppData\Roaming\SpeedyPC Software deleted
C:\Users\Rob\AppData\Roaming\eIntaller deleted
C:\Users\Rob\AppData\Roaming\ParetoLogic deleted
C:\Users\Rob\AppData\Roaming\DriverCure deleted
C:\Users\Rob\AppData\Roaming\Babylon deleted
C:\Users\Rob\AppData\Roaming\File Scout deleted
C:\Users\Rob\AppData\Roaming\Registry Mechanic deleted
C:\Users\Rob\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar deleted
C:\Users\Rob\AppData\Roaming\OpenCandy deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\Users\Rob\AppData\Local\Ilivid Player deleted
C:\Users\Rob\AppData\Local\CRE deleted
C:\Users\Rob\AppData\Local\WhiteListing deleted
C:\Users\Rob\AppData\Local\FilesFrog Update Checker deleted
C:\Users\Rob\AppData\Local\NativeMessaging deleted
C:\Users\Rob\AppData\Local\avgchrome deleted
C:\Users\Rob\AppData\Local\WebPlayer\AppsHat deleted
C:\Users\Rob\AppData\Local\Minibar deleted
C:\Users\Rob\AppData\Local\AppsHat Mobile Apps deleted
C:\Users\Rob\AppData\Local\Bundled software uninstaller deleted
C:\Users\Rob\AppData\Local\Conduit deleted
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin Home Base Control Center deleted
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software deleted
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat deleted
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker deleted
C:\Users\Rob\Downloads\SoftonicDownloader_voor_bittorrent.exe deleted
C:\Users\Rob\Downloads\SoftonicDownloader_voor_vlc-media-player.exe deleted
C:\Users\Rob\AppData\LocalLow\IObit Apps deleted
C:\Users\Rob\AppData\LocalLow\Minibar deleted
C:\Users\Rob\AppData\LocalLow\Search Settings deleted
C:\Users\Rob\AppData\LocalLow\Delta deleted
C:\Users\Rob\AppData\LocalLow\Conduit deleted
C:\Users\Rob\AppData\LocalLow\NCH_EN deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\SpeedyPC Pro Startup.job deleted
C:\Windows\tasks\SpeedyPC Pro.job deleted
C:\Windows\tasks\SpeedyPC Registration3.job deleted
C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job deleted
C:\Windows\tasks\SpeedyPC Update Version3.job deleted
C:\user.js deleted
C:\Windows\system32\roboot.exe deleted
C:\Users\Rob\Documents\Optimizer Pro deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\searchplugins\babylon.xml deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\searchplugins\Search_Results.xml deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\searchplugins\u-search.xml deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\126 deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\ffxtlbr@babylon.com deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\Invalidprefs.js deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\bProtector_extensions.sqlite deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\bProtector_prefs.js deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\searchqutoolbar deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\jetpack deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\CT2801948 deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\CT2849859 deleted
C:\Users\Rob\Desktop\SNELKOPPELINGEN\iLivid.lnk deleted
C:\Users\Rob\Desktop\PROGRAMMAS\SoftonicDownloader_voor_free-wav-to-mp3-converter.exe deleted
C:\Users\Rob\Desktop\PROGRAMMAS\SoftonicDownloader_voor_nitro-pdf-reader.exe deleted
C:\Users\Rob\Desktop\PROGRAMMAS\SoftonicDownloader_voor_zonealarm-free-antivirus-firewall.exe deleted
C:\Users\Rob\Desktop\PROGRAMMAS\PC WIZARD\SoftonicDownloader_voor_pc-wizard.exe deleted
C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} deleted
C:\Users\Rob\clickx.exe deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\gmpxkqmh@qbunpxcjvrfg.com deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\searchads@instair.net deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF} deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\conduitCommon deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\smartbar deleted
“C:\Windows\tasks\PC Fresh.job” deleted
“C:\Windows\Installer\55968.msi” deleted
“C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\searchplugins\conduit.xml” deleted
“C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\OneClickDownload@OneClickDownload.com.xpi” deleted
“C:\Program Files\LemurLeap\updateLemurLeap.exe” deleted
“C:\Program Files\LemurLeap\updateLemurLeap.exe” deleted
“C:\Program Files\LemurLeap\updateLemurLeap.exe” deleted
“C:\PROGRA~1\Secure Speed Dial\IE\SpeedDial.dll” deleted
“C:\Program Files\LemurLeap\bin\utilLemurLeap.exe” deleted
“C:\Program Files\Secure Speed Dial\IE\SpeedDial.dll” deleted
“C:\Program Files\LemurLeap\bin\utilLemurLeap.exe” deleted
“C:\Program Files\LemurLeap\bin\utilLemurLeap.exe” deleted
“C:\PROGRA~1\Secure Speed Dial” not deleted
“C:\Program Files\LemurLeap” not deleted
“C:\Program Files\Secure Speed Dial” not deleted
“C:\Program Files\LemurLeap” not deleted
“C:\Program Files\LemurLeap” not deleted
“C:\PROGRA~1\Secure Speed Dial\IE” not deleted
“C:\Program Files\LemurLeap\bin” not deleted
“C:\Program Files\Secure Speed Dial\IE” not deleted
“C:\Program Files\LemurLeap\bin” not deleted
“C:\Program Files\LemurLeap\bin” not deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601)
Memory (RAM): 3455 MB
CPU Info: Intel(R) Pentium(R) D CPU 3.00GHz
CPU Speed: 2990,9 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce 6700 XL | NVIDIA GeForce 6700 XL | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | LogMeIn Mirror Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC
CD / DVD Drives: 2x (J: | K: | ) J: SONY DVD RW DW-G121A | K: SONY DVD-ROM DDU1615
Ports: COM3 | COM1 | COM2 | COM7 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 83,8GB | D: 199,1GB | E: 204,4GB | F: 41,6GB | G: 107,4GB | H: 244,1GB
Hard Disks - Free: C: 15,6GB | D: 66,9GB | E: 21,4GB | F: 2,3GB | G: 97,3GB | H: 217,3GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 01/13/06 | IntelR - 42302e31
Time Zone: Romance (standaardtijd)
Motherboard *: MICRO-STAR INTERNATIONAL CO., LTD MS-7204
Country: Belgi‰
Language: NLB
==== System Specs (Software) ======================
Anti-Virus: G Data InternetSecurity 2014 On-access scanning disabled (Outdated)
Anti-Spyware: G Data InternetSecurity 2014 disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: G Data Personal Firewall disabled
Default Browser: Firefox 27.0.1
Internet Explorer Version: 11.0.9600.16518
Mozilla Firefox version: 27.0.1 (x86 nl)
Google Chrome version: 33.0.1750.146
Adobe Reader version: 11.0.0.379
Sun Java version: 1.6.0_31 (32-bit)
Flash Player version: 12.0.0.70
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Rob\AppData\Local\Temp ====
2014-03-06 19:08:31 A96F0963FF7CAA4D623BF57385801F55 17858952 —-a-w- C:\Users\Rob\AppData\Local\Temp\fp_pl_pfs_installer.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2014-02-28 19:41:47 FD38EBD137378FE594E7EFEBB5B3E096 71048 —-a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-02-28 19:41:47 72F76B12C09B36F26219920D0B2E7EF3 692616 —-a-w- C:\Windows\System32\FlashPlayerApp.exe
====== C:\Windows\system32\drivers =====
2014-03-06 16:27:05 96E03B927F928048A868364406928ABC 30040 —-a-w- C:\Windows\System32\drivers\GRD.sys
2014-03-06 13:39:13 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-04 20:40:34 780E4290AE95F7766AEB3B1C1467DEA3 52056 —-a-w- C:\Windows\System32\drivers\PktIcpt.sys
2014-03-04 20:38:26 A224F5EB3D9C49F58E199F4D72B46181 54104 —-a-w- C:\Windows\System32\drivers\gdwfpcd32.sys
2014-03-04 20:38:17 6D2F9B98ED50ED617040485B02957176 51032 —-a-w- C:\Windows\System32\drivers\HookCentre.sys
2014-03-04 20:38:16 A9F617B922319A7B27551D0F0AEF1E8A 45912 —-a-w- C:\Windows\System32\drivers\GDBehave.sys
2014-03-04 20:38:16 66AB4FCBB20CF760E331E7F394245DCD 96600 —-a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2014-02-14 09:38:09 BC2E102C3FB24B666C511DD71F6D0D6D 16048 —-a-w- C:\Windows\System32\drivers\GdPhyMem.sys
2014-02-12 13:46:50 2503B1AAAC2840A4708EC3578CC67928 136024 —-a-w- C:\Windows\System32\drivers\kl1.sys
2014-02-12 13:46:47 A99560EB704DE3D66B9F0D6C83635CB0 75608 —-a-w- C:\Windows\System32\drivers\klflt.sys
2014-02-12 13:46:47 79EBC6B88D0E0835C42AED5F5EE6C8F9 589144 —-a-w- C:\Windows\System32\drivers\klif.sys
====== C:\Windows\Tasks ======
2014-03-04 20:26:13 ——– d—–w- C:\Windows\system32\Tasks\WPD
2014-03-04 15:47:40 ——– d—–w- C:\Windows\system32\Tasks\Safer-Networking
2014-02-28 19:41:50 8A57A66D0D8ACBE42A95A4259B8F065B 3878 —-a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater
2014-02-28 19:41:50 47FD81423A2497DAEEE5DD3AB8AA5608 940 —-a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-06 17:03:32 ——– d—–w- C:\Program Files\Mozilla Maintenance Service
2014-02-19 11:58:17 ——– d—–w- C:\Program Files\Replay Music 6
2014-02-12 22:26:05 ——– d—–w- C:\Program Files\G Data
2014-02-12 22:26:00 ——– d—–w- C:\Program Files\Common Files\G Data
2014-02-12 13:31:42 ——– d—–w- C:\Program Files\CheckPoint
======= C: =====
====== C:\Users\Rob\AppData\Roaming ======
2014-03-06 19:40:55 ——– d—–w- C:\Users\Rob\AppData\Local\CrashDumps
2014-03-05 10:35:58 ——– d—–w- C:\Windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2014-03-04 20:25:19 ——– d—–w- C:\Windows\system32\config\systemprofile\AppData\Roaming\iolo
2014-02-24 07:20:24 ——– d—–w- C:\Users\TEMP.Rob-PC\AppData\Locallow\Microsoft
2014-02-24 07:20:07 ——– d—–w- C:\Users\TEMP.Rob-PC\AppData\Local\Google
2014-02-20 12:20:06 ——– d—–w- C:\Users\Rob\AppData\Local\Spotify
2014-02-20 12:17:46 ——– d—–w- C:\Users\Rob\AppData\Roaming\Spotify
2014-02-15 11:20:38 142418187D806CBC1A454A721C17B78C 139656 —-a-w- C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 08:24:37 ——– d—–w- C:\Users\Rob\AppData\Local\G DATA
2014-02-12 22:29:57 ——– d—–w- C:\Users\Rob\AppData\Roaming\G Data
2014-02-12 13:47:04 ——– d—–w- C:\Users\Rob\AppData\Roaming\CheckPoint
2014-02-11 09:40:54 ——– d—–w- C:\Users\TEMP\AppData\Roaming\Microsoft
====== C:\Users\Rob ======
2014-03-06 17:03:33 ——– d—–w- C:\ProgramData\Mozilla
2014-03-06 16:45:02 10EA446EBB0F48D9D4BD1BD2631D7ADF 283064 —-a-w- C:\Users\Rob\Desktop\Firefox Setup Stub 27.0.1.exe
2014-03-06 13:38:42 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-06 13:31:54 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Rob\Desktop\RSIT.exe
2014-02-27 14:41:01 ——– d—–w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-25 22:12:07 609B83259466F78EC2014119B22100F8 930952 —-a-w- C:\Users\Rob\Desktop\cbsidlm-cbsi183-PDF_Reader_for_Windows_7-ORG-75012479.exe
2014-02-24 07:19:55 ——– d–h–w- C:\Users\TEMP.Rob-PC\AppData
2014-02-12 22:19:00 ——– d—–w- C:\ProgramData\G Data
2014-02-12 13:26:37 ——– d—–w- C:\ProgramData\CheckPoint
2014-02-11 17:02:26 ——– d—–w- C:\ProgramData\AVG2014
2014-02-11 09:40:54 ——– d–h–w- C:\Users\TEMP\AppData
====== C: exe-files ==
2014-03-06 19:08:31 A96F0963FF7CAA4D623BF57385801F55 17858952 —-a-w- C:\Users\Rob\AppData\Local\Temp\fp_pl_pfs_installer.exe
2014-03-06 17:03:34 FC558F42CA98DAB4465263FDE812A5B2 106212 —-a-w- C:\Program Files\Mozilla Maintenance Service\Uninstall.exe
2014-03-06 17:03:32 338037EFA0E8E8699B2667D57B751574 118896 —-a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
2014-03-06 16:45:02 10EA446EBB0F48D9D4BD1BD2631D7ADF 283064 —-a-w- C:\Users\Rob\Desktop\Firefox Setup Stub 27.0.1.exe
2014-03-06 13:38:42 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-06 13:31:54 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Rob\Desktop\RSIT.exe
2014-03-04 17:13:09 5CD717468088F48A2EFBF8B3F19235CB 7638232 —-a-w- C:\Users\Rob\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.146\33.0.1750.146_32.0.1700.107_chrome_updater.exe
2014-03-04 16:51:27 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 —-atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-03-04 16:51:27 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-03-04 16:51:27 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 —-atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-03-04 16:49:48 EA8B5B41163A06FFA8930F5316473035 273800 —-atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-03-04 16:49:43 C98ACDE22458C8F46FD0503CB9E2D01F 223112 —-atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-03-04 16:49:28 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-03-04 16:49:25 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
2014-03-04 09:01:46 6B2DC0ED17771CF937B83D40C542EA5D 1043744 —-a-w- C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe
2014-03-03 07:07:49 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 —-atw- C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-03-03 07:07:49 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 —-atw- C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-03-03 07:07:48 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-03-03 07:07:04 EA8B5B41163A06FFA8930F5316473035 273800 —-atw- C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-03-03 07:07:03 C98ACDE22458C8F46FD0503CB9E2D01F 223112 —-atw- C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-03-03 07:07:00 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-03-03 07:03:46 BA5C08130D2EFBD4E546912646DC4461 847640 —-a-w- C:\Users\Rob\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
2014-02-28 19:41:47 72F76B12C09B36F26219920D0B2E7EF3 692616 —-a-w- C:\Windows\System32\FlashPlayerApp.exe
=== C: other files ==
2014-03-06 16:27:05 96E03B927F928048A868364406928ABC 30040 —-a-w- C:\Windows\System32\drivers\GRD.sys
2014-03-06 13:39:13 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-04 20:40:34 780E4290AE95F7766AEB3B1C1467DEA3 52056 —-a-w- C:\Windows\System32\drivers\PktIcpt.sys
2014-03-04 20:38:26 A224F5EB3D9C49F58E199F4D72B46181 54104 —-a-w- C:\Windows\System32\drivers\gdwfpcd32.sys
2014-03-04 20:38:17 6D2F9B98ED50ED617040485B02957176 51032 —-a-w- C:\Windows\System32\drivers\HookCentre.sys
2014-03-04 20:38:16 A9F617B922319A7B27551D0F0AEF1E8A 45912 —-a-w- C:\Windows\System32\drivers\GDBehave.sys
2014-03-04 20:38:16 66AB4FCBB20CF760E331E7F394245DCD 96600 —-a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2014-03-01 21:55:36 27FAF502F2489C44F26A2CCFEC4E6979 1668 —-a-w- C:\Windows\System32\config\SM Registry Backup\03-01-2014 22.55.31\restore.bat
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“UIWatcher”=“C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe”
“DefragTaskBar”=“C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ”
“CommonToolkitTray”=“C:\Program Files\Fighters\Tray\FightersTray.exe”
“BCSSync”=“C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SearchSettings”=“C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“APISupport”=“C:\Windows\system32\Rundll32.exe C:\Users\Rob\AppData\Local\Conduit\APISupport\APISupport.dll,DLLRunAPISupport”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“Apps Hat”=“C:\Users\Rob\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe”
“AppsHat”=“C:\Users\Rob\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s”
“Ashampoo WinOptimizer Live-Tuner”=“C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe -TRAY”
“G Data AntiVirus Tray”=“C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe”
“GDFirewallTray”=“C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe”
“Ashampoo HDD Control Guard”=“C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“APISupport”=“C:\Windows\system32\Rundll32.exe C:\Users\Rob\AppData\Local\Conduit\APISupport\APISupport.dll,DLLRunAPISupport”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“Apps Hat”=“C:\Users\Rob\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe”
“AppsHat”=“C:\Users\Rob\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe”
==== Startup Registry Disabled ======================
tweede deel volgt
Rob26

06-03-2014 21:53

“command”=“\”C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\“ /startup ”
“hkey”=“HKLM”
“item”=“Google Desktop Search”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Program Files\\Silvercrest MTS2118 driver\\StartAutorun.exe KMConfig.exe”
“hkey”=“HKLM”
“item”=“KMCONFIG”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Program Files\\GO!Suite\\Deployment\\Functions\\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\\OMEA.exe”
“hkey”=“HKLM”
“item”=“OMEA”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Program Files\\OTB_util\\OTB_util.exe”
“hkey”=“HKLM”
“item”=“OTB_util”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“\”C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\“”
“hkey”=“HKLM”
“item”=“SDTray”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“command”=“C:\\Program Files\\USIM Editor\\iconcs746203.exe RunFromReg”
“hkey”=“HKLM”
“item”=“USBestCR”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“Google Update”=“\”C:\\Users\\Rob\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\“ /c”
“DDAssist”=“C:\\Program Files\\Drobo\\Drobo Dashboard\\DDAssist.exe”
“Pogoplug Backup”=“\”C:\\Program Files\\PogoplugBackup\\ppbrowser.exe\“ –starthidden”
“iCloudServices”=“C:\\Program Files\\Common Files\\Apple\\Internet Services\\iCloudServices.exe”
“Sidebar”=“C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun”
“Spotify Web Helper”=“\”C:\\Users\\Rob\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\“”
“Spotify”=“\”C:\\Users\\Rob\\AppData\\Roaming\\Spotify\\spotify.exe\“ /uri spotify:autostart”
“SunJavaUpdateSched”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
“QuickTime Task”=“\”C:\\Program Files\\QuickTime\\QTTask.exe\“ -atboottime”
“iTunesHelper”=“\”C:\\Program Files\\iTunes\\iTunesHelper.exe\“”
“LogMeIn GUI”=“\”C:\\Program Files\\LogMeIn\\x86\\LogMeInSystray.exe\“”
“SSBkgdUpdate”=“\”C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\“ -Embedding -boot”
“PPort14reminder”=“\”F:\\Program Files\\Nuance\\PaperPort\\Ereg\\Ereg.exe\“ -r \”C:\\ProgramData\\ScanSoft\\PaperPort\\14\\Config\\Ereg\\Ereg.ini\“”
“PPort11reminder”=“\”F:\\Program Files\\Nuance\\PaperPort\\Ereg\\Ereg.exe\“ -r \”C:\\ProgramData\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini\“”
“AirPort Base Station Agent”=“\”F:\\AirPort\\APAgent.exe\“”
“IndexSearch”=“\”F:\\Program Files\\Nuance\\PaperPort\\IndexSearch.exe\“”
“PaperPort PTD”=“\”F:\\Program Files\\Nuance\\PaperPort\\pptd40nt.exe\“”
“APSDaemon”=“\”C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”
“BrMfcWnd”=“C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN”
“Cmiboot”=“C:\\Windows\\cmiboot.exe”
“ControlCenter3”=“C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun”
“HPUsageTrackingLEDM”=“\”C:\\Program Files\\HP\\HP UT LEDM\\bin\\hppusg.exe\“ \”C:\\Program Files\\HP\\HP UT LEDM\\\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-905063731-74274285-34031197-1000Core.job –a—— C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-905063731-74274285-34031197-1000UA.job –a—— C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\One-Click Optimizer.job –a—— C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe
==== Other Scheduled Tasks ======================
“C:\Windows\system32\tasks\Adobe Flash Player Updater”
“C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma”
“C:\Windows\system32\tasks\Apple Diagnostics”
“C:\Windows\system32\tasks\ASC7_PerformanceMonitor”
“C:\Windows\system32\tasks\ASC7_SkipUac_Rob”
“C:\Windows\system32\tasks\CCleanerSkipUAC”
“C:\Windows\system32\tasks\CreateChoiceProcessTask”
“C:\Windows\system32\tasks\Google Updater and Installer”
“C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-905063731-74274285-34031197-1000Core”
“C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-905063731-74274285-34031197-1000UA”
“C:\Windows\system32\tasks\Java Update Scheduler”
“C:\Windows\system32\tasks\ModemBooster_networkMonitor”
“C:\Windows\system32\tasks\ModemBooster_Run”
“C:\Windows\system32\tasks\One-Click Optimizer”
“C:\Windows\system32\tasks\ScanSoft Background Update”
“C:\Windows\system32\tasks\SidebarExecute”
“C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013”
“C:\Windows\system32\tasks\User_Feed_Synchronization-{A4572369-D7E9-472A-8D77-2232EE299C34}”
“C:\Windows\system32\tasks\{0C82D2CB-69FA-456E-9EBF-000FDB7B960B}”
“C:\Windows\system32\tasks\{17D3BBB3-B6A5-4654-A742-C6FBF1B87B6F}”
“C:\Windows\system32\tasks\{18B6C59A-792C-4602-9616-52330797B1BF}”
“C:\Windows\system32\tasks\{5816BE3D-6FC3-4530-9343-590A2F5590DA}”
“C:\Windows\system32\tasks\{72BB2B16-0447-4233-9290-8C60A4E9501A}”
“C:\Windows\system32\tasks\{9A448AF3-535F-4320-97DC-62A415650036}”
“C:\Windows\system32\tasks\{C946F00A-D0F6-4E6A-95B0-05C67B856F53}”
“C:\Windows\system32\tasks\{D7F6F811-DA52-4DC9-96AE-B937E8A3527C}”
“C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate”
“C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”
==== Firefox Extensions Registry ======================
“gmpxkqmh@qbunpxcjvrfg.com”=“C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\gmpxkqmh@qbunpxcjvrfg.com”
“{9309FA47-1B48-4768-AFA4-9E0556F5DC81}”=“C:\Program Files\LyricsPal\128.xpi”
==== Firefox Extensions ======================
ProfilePath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- AccelerateTab - %ProfilePath%\extensions\speeddial@instair.net
- AutocompletePro - Your handy search suggestions tool - %ProfilePath%\extensions\support@predictad.com
- Start Page - %ProfilePath%\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
- AP Suggestor - %ProfilePath%\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
A9C86900D2A61728C8326FE7147617C5 - C:\Users\Rob\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
6EA3310070AEFD3E0CE2668DB3FF8BDE - C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll - Advanced SystemCare 7 Opera Plugin
F4045A73A07A12EEDF1F43021AC4F3C8 - C:\Program Files\IObit\Surfing Protection\BrowerProtect\NPASCSafariPluginProtect.dll - Advanced SystemCare 7
86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
34E3709244736B8976820F730E5A8815 - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U31
A878453A1714870EAADA83E6434BDB77 - C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll - Java Deployment Toolkit 6.0.310.5
1390A96377062FEC14A126BD28C19B48 - C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll - DocuCom PDF Plus
1390A96377062FEC14A126BD28C19B48 - C:\Program Files\Nuance\PDF Viewer Plus\Bin\nppdf.dll - DocuCom PDF Plus
==== Deleted Firefox Extensions ======================
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\support@predictad.com deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\speeddial@instair.net deleted
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\flrwng60.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
defdhglnppeioeflggkmglipcecffkhk - No path found
hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx
ibnmbpihhamedhophbnjjpidokcknoid - No path found
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx
jlnfdbbladgcmhhamgkioifhbobjaoof - C:\Program Files\LemurLeap\jlnfdbbladgcmhhamgkioifhbobjaoof.crx
kdidombaedgpfiiedeimiebkmbilgmlc - No path found
mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Rob\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx
nfengeggddojhakldhlpjdlddgkkjkdd - No path found
pfndaklgolladniicklehhancnlgocpp - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files\1ClickDownload\oneclickdownloader10.crx
pnbbffeddnekkhjmokkhdebbfbibbflc - C:\Program Files\LyricsPal\128.crx
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Rob\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx
YouTube - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Berowsye2soavve - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfiliaelaaommemiijhpoclcpnpepeec
Ebay Shopping Assistant by Spigot - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Domain Error Assistant - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
AccelerateTab - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak
LemurLeap - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof
DefaultTab - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
AD Block - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb
Slick Savings - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Minibar - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo
BittorrentBar_NL - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
Google Wallet - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Amazon Shopping Assistant by Spigot - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Gmail - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
OneClickDownload - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Lyrics-Pal - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc
DefaultTab - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
==== Chrome Fix ======================
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jlnfdbbladgcmhhamgkioifhbobjaoof_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlnfdbbladgcmhhamgkioifhbobjaoof deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmlghpafmmnmmkjdhacccolfgnkiboco_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpcknfcdcgpffjddjeceioobdelceffo_0.localstorage deleted successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfiliaelaaommemiijhpoclcpnpepeec deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gfiliaelaaommemiijhpoclcpnpepeec_0.localstorage deleted successfully
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gfiliaelaaommemiijhpoclcpnpepeec deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.be/”
@=“http://www.google.com/cse?cx=partner-pub-6697027465779297:4912766677&ie=ISO-8859-1&sa=Search&q=%s”
“SearchAssistant”=“http://www.inklineglobal.com/google/google_pp.html”
“SearchAssistant”=“http://www.google.com/ie”
“Default_Search_URL”=“http://www.google.com/ie”
“DefaultScope”=“{D7DB1D50-58B8-420D-8576-5C662C56F345}”
not found
New Values:
“Start Page”=“http://www.google.be/”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&r=109”
{0915B385-8FBC-4BCF-BFE2-7BAA2AC84741} Google Url=“http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}”
{1630DD62-C11C-403D-BF40-85D548D59264} Search By ZoneAlarm Url=“http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=e8e9bd0b55444a87ac93341a391ef716&tu=10NQ000CT2B0008&sku=&tstsId=&ver=&&r=593”
{5E37E4EA-A31F-44F1-AEB4-40534B1C14C0} Zoeken met Wittegids.be (Visual Search) Url=“http://truvo.reference.be/IE8/VisualSearch.aspx?search={searchTerms}&countryCode=BE&languagecode=nl&type=white”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url=“http://127.0.0.1:4664/search&s=dtStNcmC6tjAnotc84KelGCCDMM?q={searchTerms}”
{F813F595-1DA6-4476-915D-E3C2FDF0B758} SearchMyWeb Url=“http://www.google.com/cse?cx=partner-pub-6697027465779297:4912766677&ie=ISO-8859-1&sa=Search&q={searchTerms}”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{415419C3-DAD0-4DF1-AC37-22C72AD81878} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{415419C3-DAD0-4DF1-AC37-22C72AD81878} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{415419C3-DAD0-4DF1-AC37-22C72AD81878} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5F59BA-B2AB-48D8-9747-54DF806C73B8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_USERS\S-1-5-21-905063731-74274285-34031197-1000\Software\mozilla\Firefox\Extensions\{9309FA47-1B48-4768-AFA4-9E0556F5DC81} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\gmpxkqmh@qbunpxcjvrfg.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\19363A2B9A3A3924882B8A62E37C8F56 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ibnmbpihhamedhophbnjjpidokcknoid deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2A36391-A3A9-4293-88B2-A8263EC7F865} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LemurLeap deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\19363A2B9A3A3924882B8A62E37C8F56 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OMEA deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe,
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe” -TRAY
O4 - HKLM\..\Run: C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Windows\system32\Rundll32.exe” “C:\Users\Rob\AppData\Local\Conduit\APISupport\APISupport.dll”,DLLRunAPISupport
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-21-905063731-74274285-34031197-1004\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-905063731-74274285-34031197-1004\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: Accelerated graphics
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - https://secure.logmein.com/activex/ractrl.cab?lmi=724
O17 - HKLM\System\CCS\Services\Tcpip\..\{139B9F17-933A-4CBE-BC1B-C3F30BCB6B55}: NameServer = 8.8.4.4
,195.130.131.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{139B9F17-933A-4CBE-BC1B-C3F30BCB6B55}: NameServer = 8.8.4.4
,195.130.131.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{139B9F17-933A-4CBE-BC1B-C3F30BCB6B55}: NameServer = 8.8.4.4
,195.130.131.131
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Ashampoo Core Tuner 2 Service (ACT2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Belkin Home Base Control Center Service - Unknown owner - C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Drobo Dashboard Service (DDService) - Drobo, Inc. - C:\Program Files\Drobo\Drobo Dashboard\DDService.exe
O23 - Service: DokanCEMounter - Cloud Engines - C:\Program Files\PogoplugBackup\dokanmnt.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\IDrive\IDriveE Service.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest MTS2118 driver\KMWDSrv.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Panorama9 Agent Updater - Panorama9 - C:\Program Files\Panorama9\Panorama9.Agent.UpdateService.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
==== Empty IE Cache ======================
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0C65K3G will be deleted at reboot
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TE0T14JB will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Rob\AppData\Local\Mozilla\Firefox\Profiles\flrwng60.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully
C:\Users\Rob\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Rob\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
“C:\PROGRA~1\Secure Speed Dial” not found
“C:\Program Files\LemurLeap” not found
“C:\Program Files\Secure Speed Dial” not found
“C:\Program Files\LemurLeap” not found
“C:\Program Files\LemurLeap” not found
“C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc” not found
“C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco” deleted
“C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0C65K3G” not found
“C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TE0T14JB” not found
==== EOF on do 06/03/2014 at 21:36:08,58 ======================
Ben

07-03-2014 08:58

Hallo,
Dat is een beste opruiming;
Voer zoek.exe nogmaals uit met de volgende code;
C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1;f
;r
Plaats het verkregen logje.
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scan.
* Klik vervolgens op Clean als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Rob26

07-03-2014 10:59

Option Explicit
Dim fs, objFSO, objLogFile, oFolder
Set fs = CreateObject(“scripting.filesystemobject”)
oFolder = Wscript.Arguments.Item(0)
Const ForAppending = 2
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objLogFile = objFSO.OpenTextFile(“test.txt”, ForAppending, True)
objLogFile.Write(oFolder & “ (F=”)
objLogFile.Write CountFiles(oFolder)
objLogFile.Write(“ D=”)
objLogFile.Write CountFolders(oFolder)
objLogFile.Write(“ ”)
objLogFile.Write FolderSize(oFolder)
objLogFile.Write(“ bytes)” & vbCrLf )
objLogFile.Close
Function CountFolders (ByVal StrFolder)
Dim ParentFld
Dim SubFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.SubFolders.Count
For Each SubFld In ParentFld.SubFolders
IntCount = IntCount + CountFolders(SubFld.Path)
Next
CountFolders = IntCount
End Function
Function FolderSize (ByVal StrFolder)
Dim ParentFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.size
FolderSize = IntCount
End Function
Function CountFiles (ByVal StrFolder)
Dim ParentFld
Dim SubFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.Files.Count
For Each SubFld In ParentFld.SubFolders
IntCount = IntCount + CountFiles(SubFld.Path)
Next
CountFiles = IntCount
End Function

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

trage PC - 100% CPU

Rob26

Ben

Rob26

Ben

Rob26

Ben

Rob26

Rob26

Ben

Rob26