vastlopers in windows

[Art Blanche]

Hallo,

De laatste dagen wil de pc, windows 7, niet zo goed meer werken.

Met MBAM een aantal bedreigingen verwijderd, allen beginnend met PUP.

Maar om zeker te zijn dat de pc weer schoon is, heb ik een hijack log gemaakt.

Zou iemand mij hiermee willen helpen?

Groet,

JanWillem

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:15:43, on 5-4-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16470)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TapinRadio\TapinRadio.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.netlog.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Netlog

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - http://picasaweb.google.com/s/v/61.12/uploader2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12383 bytes

5 april 2013 aangepast door Art Blanche

[juisterr]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)

O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map :

C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

- - - Updated - - -

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

  startupall;
  filesrcm;
  
  
  

  
  

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
  • 
    
    
  • Running processes
    
  • Recently Created
    
  • Shortcut Fix
    
  • IE Defaults
    
  • Auto Clean
    
    

  [*] Klik daarna op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

[Art Blanche]

Hallo juisterr,

Ik heb hijackthis en zoek.exe laten lopen.

Bij zoek.exe komt de popup: shortcut.exe - Ongeldige installatiekopie:

Door deze popup gaat het programma, zoek.exe niet verder.

Ik heb verscheidene keren op OK geklikt en op het kruisje, maar de popup blijft terugkomen.

Wat nu te doen?

[Art Blanche]

Uiteindelijk na ca. 30 keer op OK klikken, bleef de popup weg.

Het Zoek.exe venster verdween ook.

Maar als ik nu zoek.exe opstart, geeft AVG aan dat er een dreiging is van cmd.exe, en die heb ik dan maar laten verwijderen.

Zoek.exe wordt helaas niet meer opgestart.

Ik heb ook DLL Suite gedownload en laten scannen ivm Propsys.dll.

Maar de scan geeft veel errors, behalve propsys.dll.

Die durf ik niet te verwijderen.

Ik zit nu vast.

8 april 2013 aangepast door Art Blanche

[juisterr]

Heb je alle beveiligings programma afgesloten, echt uitzetten dus want alleen wegklikken is niet afdoende. Ik vermoed dat avg gewoon nog aanstaat.

Als het niet lukt probeer zoek.exe dan in veilige modus te starten.

[Art Blanche]

Hallo,

De zoek.exe actie is gelukt.

Hieronder is het logje:

Groet, JanWillem

Zoek.exe Version 4.0.0.2 Updated 05-April-2013

Tool run by Marianne on wo 10-04-2013 at 13:30:36,74.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode No Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\splwow64.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\Marianne\Downloads\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

==== Older Logs ======================

C:\zoek-results08-04-2013-1442.log 43283 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-03-12 11:17:40 46DDE3252D1FEB88B366269C9EE543C8 284245968 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Marianne\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-03-26 11:01:25 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-25 13:35:14 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0

2013-03-25 13:34:45 -------- d-----w- C:\Program Files\Microsoft.NET

2013-03-25 13:28:49 -------- d-----w- C:\Program Files\Microsoft SQL Server

2013-03-14 10:24:05 -------- d-----w- C:\Program Files\Microsoft Silverlight

======= C:\Program Files (x86) =====

2013-04-08 12:36:53 -------- d-----w- C:\Program Files (x86)\DLLSuite

2013-04-05 13:27:15 -------- d-----w- C:\Program Files (x86)\Greatis

2013-04-05 13:04:35 -------- d-----w- C:\Program Files (x86)\PosteRazor

2013-04-05 12:12:25 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-04-03 10:35:01 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer

2013-03-25 13:35:15 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 9.0

2013-03-20 16:06:55 -------- d-----w- C:\Program Files (x86)\Slideshow Creator

2013-03-14 10:24:05 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight

======= C: =====

====== C:\Users\Marianne\AppData\Roaming ======

2013-04-08 12:42:37 -------- d-----w- C:\users\Marianne\AppData\Local\Temp

2013-04-05 13:05:38 AC6A22BC434D71A6DA06468820E32F03 53 ----a-w- C:\users\Marianne\AppData\Roaming\mbam.context.scan

2013-04-05 13:04:35 -------- d-----w- C:\users\Marianne\AppData\Roaming\CasaPortale.de

2013-03-25 13:11:26 -------- d-----w- C:\users\Marianne\AppData\Roaming\TeamViewer

2013-03-20 16:06:59 -------- d-----w- C:\users\Marianne\AppData\Local\BolideSoftware

2013-03-20 15:59:44 -------- d-----w- C:\users\Marianne\AppData\Roaming\GetRightToGo

====== C:\Users\Marianne ======

====== C: exe-files ==

2013-04-08 12:36:53 D6A9B94A668D3093A340CBCE7B5A060C 7459328 ----a-w- C:\Program Files (x86)\DLLSuite\2013\DLLSuite.exe

2013-04-08 12:36:53 12F2AB2B7EE8EA6466F44ED58BB05771 1205187 ----a-w- C:\Program Files (x86)\DLLSuite\2013\unins000.exe

2013-04-08 11:50:18 815EE8A374F95D8C2CFF4EA2AF93B58D 16214030 ----a-w- C:\Users\Marianne\Downloads\DLLSuite_Setup.exe

2013-04-05 13:04:35 88121F44A397DBB71725F71DA011CADF 696873 ----a-w- C:\Program Files (x86)\PosteRazor\unins000.exe

2013-04-05 13:04:35 38AB732442B18F4CE237968377C17682 488960 ----a-w- C:\Program Files (x86)\PosteRazor\PosteRazor.exe

2013-04-05 13:03:51 1153A9790E5E67646CA64CAB032B5C4E 833900 ----a-w- C:\Users\Marianne\Downloads\PosteRazor-1.5.2-Win32-Installer.exe

2013-04-03 15:49:26 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\Users\Marianne\Downloads\mbam-setup-1.70.0.1100.exe

2013-04-03 15:47:25 E6111E6D0B99286F99C35B09835DB9BA 5115824 ----a-w- C:\Users\Marianne\Documents\mbam-setup.exe

=== C: other files ==

2013-04-08 13:59:19 BC0629757FCB111DDC8D59CA10510905 51463 ----a-w- C:\ProgramData\AVG2012\IDS\quarantine\5536f150-9659-47d3-932d-d16dc7297c07.zip

2013-04-08 12:51:08 112CE214CF7D7453DE1596E8104D50DB 2214 ----a-w- C:\ProgramData\AVG2012\IDS\quarantine\7e9f5120-9658-47d3-932d-d16dc7297c07.zip

2013-04-08 12:45:12 BE3C710428ED291A7854679CFD751347 2209 ----a-w- C:\ProgramData\AVG2012\IDS\quarantine\4e0afdf0-9658-47d3-932d-d16dc7297c07.zip

2013-04-08 12:44:44 BFAAEAC685A5D62AE87B25589539020B 2195 ----a-w- C:\ProgramData\AVG2012\IDS\quarantine\30efaab0-9658-47d3-932d-d16dc7297c07.zip

2013-04-08 12:43:14 260644D0874EF9534689EEE73AB561C7 745809 ----a-w- C:\ProgramData\AVG2012\IDS\quarantine\722939f0-9630-47d3-932d-d16dc7297c07.zip

2013-04-05 13:05:19 7CFEC91A4328E30C6C1E2B2E241AEB4B 354677 ----a-w- C:\Users\Marianne\Downloads\PosterIt.zip

2013-04-05 12:44:24 FE3E870AB01462459315FCBD9BCD92F9 25813102 ----a-w- C:\Users\Marianne\Downloads\foto's(2).zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-398114860-1700768556-1890694975-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover"

"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"

"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"

"DATAMNGR"="C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe Photo Downloader"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Easybits Recovery"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="hpsysdrv"

"hkey"="HKLM"

"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LightScribe Control Panel"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NortonOnlineBackupReminder"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="StartCCC"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"

"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\MCAFEE~1\\202B13~1.181\\SSSCHE~1.EXE "

"item"="McAfee Security Scan Plus"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\fba_Nieuwe back-up.job --a------ C:\Program Files (x86)\FBackup 4\fbaSchedStarter.exe [10-01-2013 10:30]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undertermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-04-2011 13:28]

C:\Windows\tasks\HPCeeScheduleForMarianne.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07-10-2009 05:22]

C:\Windows\tasks\Norton Security Scan for Marianne.job --ah----- C:\PROGRA2\NORTON2\Engine\3511.8\Nss.exe []

C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [02-07-2009 13:04]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\m2hyjw2g.default

- RAMBack - %ProfilePath%\extensions\ramback@pavlov.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\m2hyjw2g.default

9AC863FD5976316C29D4CB5E4C9EFD9C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll - Shockwave Flash

855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx[26-07-2012 03:23]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[19-02-2013 11:50]

AVG Safe Search - Marianne - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

AVG Security Toolbar - Marianne - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{38D8AA4E-CCA8-4D29-ACE3-9C21858B8B3C} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl"

{4ECAF820-6BFD-4941-AA38-066DDCE43A89} Netlog (NL) Url="http://nl.netlog.com/opensearch/view=search&q={searchTerms}"

{5E301857-0D61-49CA-A583-C3853D01B084} Kelkoo Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935"

{692CCB69-997C-45A2-86F2-28D2586C96C4} Yahoo//nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{8E02D41C-5924-4816-9490-33CCD28BEB72} Yahoo//search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=vmngemv2yach&q={searchTerms}"

{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={493F32E6-BCB0-4454-AFE3-B46E8CEB9607}&mid=d9417d903e5e47d6bdced16dc7297c07-d852ed5829c638533d719b466580ec6ddf487385〈=nl&ds=AVG&pr=fr&d=2012-07-22"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\FastStone Image Viewer.lnk - C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013\DllSuite.lnk - C:\Program Files (x86)\DLLSuite\2013\DLLSuite.exe

C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013\Uninstall.lnk - C:\Program Files (x86)\DLLSuite\2013\unins000.exe

C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Suite 2013\Website.lnk - C:\Program Files (x86)\DLLSuite\2013\config\website.url

C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Marianne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer\FastStone Image Viewer.lnk - C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer\Help.lnk - C:\Program Files (x86)\FastStone Image Viewer\FSViewerHelp.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer\Uninstall.lnk - C:\Program Files (x86)\FastStone Image Viewer\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greatis\Poster It\Home Page.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greatis\Poster It\License Agreements.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greatis\Poster It\Order License.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greatis\Poster It.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greatis\Poster It\Read Me.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greatis\Poster It\Uninstall.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center (64-bit).lnk - C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\LandingPage.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2\Import and Export Data (64-bit).lnk - C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\DTSWizard.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2\Configuration Tools\SQL Server Configuration Manager.lnk - C:\Windows\SysWOW64\mmc.exe /32 c:\Windows\SysWOW64\SQLServerManager10.msc

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2\Configuration Tools\SQL Server Error and Usage Reporting.lnk - C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2\Configuration Tools\SQL Server Installation Center (64-bit).lnk - C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x64\LandingPage.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PosteRazor\License.lnk - C:\Program Files (x86)\PosteRazor\LICENSE.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PosteRazor\PosteRazor.lnk - C:\Program Files (x86)\PosteRazor\PosteRazor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PosteRazor\Verwijder PosteRazor.lnk - C:\Program Files (x86)\PosteRazor\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slideshow Creator\Slideshow Creator.lnk - C:\Program Files (x86)\Slideshow Creator\SlideShow.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slideshow Creator\Uninstall Slideshow Creator.lnk - C:\Program Files (x86)\Slideshow Creator\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slideshow Creator\Visit Bolide Software.lnk - C:\Program Files (x86)\Slideshow Creator\bolide.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slideshow Creator\Visit Slideshow-Creator.com.lnk - C:\Program Files (x86)\Slideshow Creator\website.url

==== shortcuts in Quick Launch ======================

C:\Users\Marianne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Marianne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marianne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Marianne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3B7YGRT will be deleted at reboot

C:\Users\Marianne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Marianne\AppData\Local\Mozilla\Firefox\Profiles\m2hyjw2g.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Marianne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Marianne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Marianne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Users\Marianne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Program Files (x86)\Search Results Toolbar" not found

"C:\Users\Marianne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3B7YGRT" not found

[juisterr]

Hallo JanWillem,

Ik neem aan dat je met een computer van iemand anders bezig bent ?

Eigenaar Marianne

Verder zie ik AVG actief maar ik zie ook McAfee sporen, staat deze ook actief ?

[Art Blanche]

Dit is de pc op mijn werk.

Ik geloof niet dat deze actief is, maar ik heb een afbeelding van taakbeheer bijgestuurd.

Ik weet niet wat atieclxx.exe en csrss.exe zijn.

[juisterr]

atieclxx.exeatieclxx.exe Details. Is this file safe? Check the directory

- - - Updated - - -

Die zijn safe hoor.

Do not remove the legitimate program file in \%WINDIR%\System32\

C:\Windows\system32\csrss.exe

http://www.isthisfilesafe.com/sha1/CAB40EA1EC50AB8724A1AB80EC8AD46F714822F0_details.aspx?sha1=CAB40EA1EC50AB8724A1AB80EC8AD46F714822F0

- - - Updated - - -

Heb je nog problemen ?