Search Here

[Petra 2CV]

Hoi,

Na 2 dagen puzzelen om "search here" te verwijderen van de computer begin ik aardig gefrustreerd te raken. Het blijft maar hardnekkig terugkomen. Ik heb bij jullie meerdere mensen gezien met hetzelfde probleem en heb jullie adviezen opgevolgd HiJack This is geïnstalleerd en dankzij de duidelijke uitleg is het me gelukt om een log/kladblok tevoorschijn te krijgen. Ik ben niet reuze handig met de computer, ook niet reuze onhandig; ik kan ermee werken voor zover ik het nodig heb.

Hieronder mijn log, kun je me verder helpen met de juiste stappen (graag duidelijk en stap voor stap) zodat onze computer weer eindelijk eens normaal gaat doen.

Pc Windows 7 64 bits

Logfile of random's system information tool 1.09 (written by random/random)

Run by Frank en Petra at 2013-10-23 14:49:13

Microsoft Windows 7 Home Premium

System drive C: has 366 GB (80%) free of 459 GB

Total RAM: 3894 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:49:20, on 23-10-2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17267)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files (x86)\AVG Nation toolbar\vprot.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\Frank en Petra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: WiseConvert 1.4 Toolbar - {37e17185-b07a-47b3-bd86-c675e4e4b89a} - C:\Program Files (x86)\WiseConvert_1.4\prxtbWis0.dll

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O2 - BHO: WiseConvert 1.4 - {37e17185-b07a-47b3-bd86-c675e4e4b89a} - C:\Program Files (x86)\WiseConvert_1.4\prxtbWis0.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Frank en Petra\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

O2 - BHO: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12\AVG Nation toolbar_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll

O3 - Toolbar: WiseConvert 1.4 Toolbar - {37e17185-b07a-47b3-bd86-c675e4e4b89a} - C:\Program Files (x86)\WiseConvert_1.4\prxtbWis0.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12\AVG Nation toolbar_toolbar.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"

O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Frank en Petra\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 19085 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

atieclxx

C:\Windows\system32\WLANExt.exe 32084496

\??\C:\Windows\system32\conhost.exe "1584031850-165462052-7698717199656390591495816903341183499-1148352259-1333237217

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"

"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"

"C:\Users\Frank en Petra\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe"

C:\Windows\SysWOW64\ezSharedSvcHost.exe

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc

"C:\Windows\system32\mfevtps.exe"

"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"

"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"

WLIDSvcM.exe 2280

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

taskeng.exe {5ED96D6D-304A-4EE3-99D4-6599096D099F}

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true

"C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe" autolaunch

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"C:\Windows\System32\GfxUI.exe" /startup:silent

"C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe"

"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe"

"C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe" /autorun

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"

"C:\Program Files\Realtek\RtVOsd\RtVOsd.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

"C:\Program Files\McAfee\VirusScan\mcods.exe"

"LogonUI.exe" /flags:0x0

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe"

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe" 72648 "C:\ProgramData\AVG Nation toolbar\Logger\logger.properties"

\??\C:\Windows\system32\conhost.exe "49860350110187816501276923149-1296786405-562978100-13640913151531237632113539735

"C:\Program Files (x86)\AVG Nation toolbar\vprot.exe" /AFTERINSTALL

"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /addGadget

"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=2839ec6e-6721-4215-8356-f43c41d3bf68 /coreSdkOptions=4096 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\449c3768-b308-4331-bdc7-8661b153c736-1a48-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"

"C:\Program Files (x86)\AVG\AVG2014\avgui.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe" /command_id=a9961b3a-01b9-4d56-8d3a-36572bf7ca0b /client_id=f2a11264-042e-496e-8722-d959d1e5b055

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=5a7f3562-0e27-4b3d-8956-e562bae2ef37 /coreSdkOptions=4108 /logConfFile="C:\Windows\TEMP\e5a5417b-d232-4154-9e72-2b75010feb66-1384-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\"

taskeng.exe {2A28AF21-A7D5-4E76-87E1-3D8CB4368207}

C:\Windows\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\svchost.exe -k defragsvc

"C:\Windows\system32\dfrgui.exe" /defrag \\?\Volume{b34d49da-3907-11e0-81ce-806e6f6e6963}\

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Frank en Petra\Documents\PETRA\HAN Ruben de Bruijn\Deelvraag 2 onderneming samenwerkingsvorm.docx"

C:\Windows\splwow64.exe 1

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe52_ Global\UsGthrCtrlFltPipeMssGthrPipe52 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4776 CREDAT:71937

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -Embedding

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Frank en Petra\Documents\hijackthis.log

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4776 CREDAT:268551

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4776 CREDAT:71953

C:\Windows\system32\sppsvc.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1073137438-167754670-117252264-100065_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1073137438-167754670-117252264-100065 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO0T21LF\RSITx64[1].exe"

"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0f5343a4-44d7-4818-ad21-ffd05aba3d7c.job

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fa1be969-393a-442f-88d5-a682b9adb285.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-09 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll [2013-10-09 346576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-10-02 299336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]

DataMngr - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\BROWSE~1.DLL [2012-06-06 103848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]

Wincore Mediabar - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [2012-02-27 89008]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37e17185-b07a-47b3-bd86-c675e4e4b89a}]

WiseConvert 1.4 Toolbar - C:\Program Files (x86)\WiseConvert_1.4\prxtbWis0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]

DefaultTab Browser Helper - C:\Users\Frank en Petra\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [2013-10-23 462968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12\AVG Nation toolbar_toolbar.dll [2013-10-23 3352392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-09 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-09 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-10-02 250896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]

DataMngr - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL [2012-06-06 89000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-10-02 299336]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-09 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-10-02 250896]

{28387537-e3f9-4ed7-860c-11e69af4a8a0} - Wincore Mediabar - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [2012-02-27 89008]

{37e17185-b07a-47b3-bd86-c675e4e4b89a} - WiseConvert 1.4 Toolbar - C:\Program Files (x86)\WiseConvert_1.4\prxtbWis0.dll [2011-05-09 176936]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-09 194640]

{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Nation toolbar - C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12\AVG Nation toolbar_toolbar.dll [2013-10-23 3352392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]

"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-03-13 6234144]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-22 161304]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-22 386584]

"Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-22 414744]

"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-06-18 8192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe []

"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-05-19 2736128]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-03-01 39408]

"OfficeSyncProcess"=C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [2013-04-22 720064]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-10-11 6589208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-04-13 284696]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-21 98304]

"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]

"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]

"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []

"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-03-13 1532992]

"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-02-15 577408]

"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

"PaperPort PTD"=C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]

"IndexSearch"=C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]

"PPort11reminder"=C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]

"BrMfcWnd"=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [2009-05-26 1159168]

"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]

"DATAMNGR"=C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [2012-06-06 1823184]

"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2013-10-07 4908592]

"vProt"=C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2013-10-23 2403144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

hp psc 1000 series.lnk - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

hpoddt01.exe.lnk - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2010-06-22 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableLockWorkstation"=0

"DisableTaskMgr"=0

"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-10-23 14:49:14 ----D---- C:\Program Files\trend micro

2013-10-23 14:49:13 ----D---- C:\rsit

2013-10-23 09:39:50 ----D---- C:\Users\Frank en Petra\AppData\Roaming\AVG2014

2013-10-23 09:37:57 ----D---- C:\Users\Frank en Petra\AppData\Roaming\TuneUp Software

2013-10-23 09:37:45 ----A---- C:\Windows\system32\drivers\avgtpx64.sys

2013-10-23 09:37:39 ----D---- C:\ProgramData\AVG Nation toolbar

2013-10-23 09:37:36 ----D---- C:\Program Files (x86)\AVG Nation toolbar

2013-10-23 09:31:32 ----HD---- C:\$AVG

2013-10-23 09:31:32 ----D---- C:\ProgramData\AVG2014

2013-10-23 09:29:29 ----D---- C:\Program Files (x86)\AVG

2013-10-23 09:22:58 ----HD---- C:\ProgramData\Common Files

2013-10-23 09:22:58 ----D---- C:\ProgramData\MFAData

2013-10-23 09:20:37 ----D---- C:\Program Files (x86)\Trend Micro

2013-10-22 14:41:46 ----D---- C:\Program Files\SUPERAntiSpyware

2013-10-22 14:38:46 ----D---- C:\Users\Frank en Petra\AppData\Roaming\SUPERAntiSpyware.com

2013-10-22 14:38:37 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2013-10-21 18:48:40 ----D---- C:\ProgramData\Oracle

2013-10-21 18:48:21 ----A---- C:\Windows\SYSWOW64\javaws.exe

2013-10-21 18:48:11 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2013-10-21 18:48:11 ----A---- C:\Windows\SYSWOW64\javaw.exe

2013-10-21 18:48:11 ----A---- C:\Windows\SYSWOW64\java.exe

2013-10-10 12:37:22 ----D---- C:\Users\Frank en Petra\AppData\Roaming\Dropbox

2013-09-25 21:07:30 ----A---- C:\Windows\system32\drivers\avgdiska.sys

======List of files/folders modified in the last 1 month======

2013-10-23 14:49:16 ----D---- C:\Windows\Temp

2013-10-23 14:49:14 ----RD---- C:\Program Files

2013-10-23 13:14:55 ----SHD---- C:\System Volume Information

2013-10-23 11:34:57 ----D---- C:\Windows\system32\config

2013-10-23 11:03:17 ----D---- C:\Windows\System32

2013-10-23 11:03:17 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-10-23 11:03:16 ----D---- C:\Windows\inf

2013-10-23 09:39:05 ----SHD---- C:\Windows\Installer

2013-10-23 09:38:52 ----D---- C:\Windows\system32\Tasks

2013-10-23 09:37:45 ----D---- C:\Windows\system32\drivers

2013-10-23 09:37:39 ----HD---- C:\ProgramData

2013-10-23 09:37:37 ----D---- C:\Program Files (x86)\Common Files

2013-10-23 09:37:36 ----RD---- C:\Program Files (x86)

2013-10-23 09:37:13 ----D---- C:\Windows\Prefetch

2013-10-23 09:27:57 ----D---- C:\Windows\SysWOW64

2013-10-23 09:20:37 ----SD---- C:\Users\Frank en Petra\AppData\Roaming\Microsoft

2013-10-23 08:12:57 ----A---- C:\Windows\SYSWOW64\log.txt

2013-10-22 18:54:54 ----D---- C:\Program Files (x86)\Google

2013-10-22 14:39:08 ----D---- C:\Windows\Tasks

2013-10-22 14:20:10 ----RSD---- C:\Windows\assembly

2013-10-22 14:20:09 ----D---- C:\Windows

2013-10-22 14:20:06 ----D---- C:\Program Files (x86)\Windows Live

2013-10-22 14:20:00 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-10-21 18:48:10 ----D---- C:\Program Files (x86)\Java

2013-10-21 12:14:13 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2013-10-21 12:13:49 ----D---- C:\ProgramData\CyberLink

2013-10-21 12:13:49 ----D---- C:\Program Files (x86)\CyberLink

2013-10-21 12:08:57 ----D---- C:\Program Files (x86)\MyPC Backup

2013-10-20 15:17:43 ----D---- C:\Program Files (x86)\MSECache

2013-10-14 16:08:22 ----A---- C:\log.txt

2013-10-12 20:53:44 ----D---- C:\Windows\system32\catroot2

2013-10-11 19:29:13 ----D---- C:\Program Files\Microsoft Silverlight

2013-10-11 19:29:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2013-10-11 14:46:58 ----D---- C:\ProgramData\Microsoft Help

2013-10-11 14:42:46 ----D---- C:\Windows\system32\MRT

2013-10-11 14:39:33 ----A---- C:\Windows\system32\MRT.exe

2013-10-10 11:53:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2013-10-04 19:17:24 ----D---- C:\Users\Frank en Petra\AppData\Roaming\_MDLogs

2013-10-04 15:16:35 ----D---- C:\Program Files (x86)\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-09-02 192824]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-09-02 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-08-20 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-08 31544]

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2013-02-19 771536]

R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]

R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2013-09-10 295696]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]

R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-09-25 148792]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-09-02 241464]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-09-02 212280]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-10-23 46368]

R1 RapportCerberus_56758;RapportCerberus_56758; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-08-19 589872]

R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-07-25 265872]

R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-07-25 384432]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-06-22 6856704]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-22 264192]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]

R3 BCM43XX;Stuurprogramma voor de Broadcom 802.11-netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-12-23 3063360]

R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2013-02-19 70112]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-13 2291616]

R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2010-06-22 10342240]

R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2013-02-19 179280]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2013-02-19 309840]

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2013-02-19 515968]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S0 AFS;AFS; C:\Windows\system32\drivers\AFS.sys []

S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]

S3 athr;Stuurprogramma Atheros Extensible draadloze LAN-apparaat; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]

S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552448]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2012-07-06 80384]

S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-06-22 10342240]

S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []

S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2013-02-19 106552]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]

S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]

S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-10-11 144152]

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-22 203264]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-03 3538480]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-25 301152]

R2 DefaultTabUpdate;DefaultTabUpdate; C:\Users\Frank en Petra\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-11-30 107520]

R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-18 268824]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2013-02-19 241456]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2013-02-19 182752]

R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-09-10 1435928]

R2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-23 1733448]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]

R3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-11-16 383608]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 257416]

S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2010-04-04 246520]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-26 194032]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1255736]

-----------------EOF-----------------

[kape]

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

chromelook; 
firefoxlook; 
 {37e17185-b07a-47b3-bd86-c675e4e4b89a};c
 C:\Program Files (x86)\WiseConvert_1.4;fs
 {28387537-e3f9-4ed7-860c-11e69af4a8a0};c
 {37e17185-b07a-47b3-bd86-c675e4e4b89a};c
 {7F6AFBF1-E065-4627-A2FD-810366367D01};c
 C:\Users\Frank en Petra\AppData\Roaming\DefaultTab;fs
 {95B7759C-8C7F-4BF1-B163-73684A933233};c
 C:\Program Files (x86)\AVG Nation toolbar;fs
 {BE7A24F5-69CB-4708-B77B-B1EDA6043B95};c
 DATAMNGR;s
 DefaultTabUpdate;s
 C:\Program Files (x86)\iMesh Applications;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37e17185-b07a-47b3-bd86-c675e4e4b89a}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}];r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 "DATAMNGR"=-;r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\ProgramData\AVG Nation toolbar;fs
 C:\Program Files (x86)\MyPC Backup;fs
 startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Firefox Defaults
  
• Reset Chrome
  
• IE Defaults
  
• Auto Clean
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[Petra 2CV]

Hallo Kape,

Helemaal super dat je me zo snel wilt helpen!

Run script heeft lang gedraaid, denk wel een half uur.

Vervolgens is de computer vanzelf herstart. Ik krijg nu geen logje maar een pop-up van Zoek.exe by Smeenk version 4.0.0.4:

No input found, or input.txt is too small!!!

What would you like to do?

1- Do a Quick Scan and Automated Cleanup

2- Perform only a Quick Scan

3- Perform only a Deep Scan

4- Do a Deep Scan and Automated Cleanup

Tja, en nu?

Hopelijk kun je weer snel reageren!

[kape]

Kijk eens in je C-partitie of je daar geen logje kan vinden van zoek ?

[Petra 2CV]

Jij weet waar ik moet zoeken zie ik wel!

Bedoel je deze geheimtaal?

Zoek.exe Version 4.0.0.5 Updated 22-October-2013

Tool run by Frank en Petra on do 24-10-2013 at 10:47:48,27.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Frank en Petra\Desktop\zoek\zoek.com [script inserted] [Checkboxes used]

==== System Restore Info ======================

24-10-2013 10:50:39 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E10E629F-6465-49D1-BCA2-7785BFB17EDB} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabUpdate deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12 deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.0.12 deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37e17185-b07a-47b3-bd86-c675e4e4b89a}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"DATAMNGR"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\WiseConvert_1.4 deleted

C:\Users\Frank en Petra\AppData\Roaming\DefaultTab deleted

C:\ProgramData\AVG Nation toolbar deleted

C:\Program Files (x86)\MyPC Backup deleted

C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted

C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted

C:\PROGRA~2\Babylon deleted

C:\Program Files\Babylon deleted

C:\PROGRA~2\Conduit deleted

C:\Users\Frank en Petra\AppData\Roaming\Systweak deleted

C:\Users\Frank en Petra\AppData\Roaming\PerformerSoft deleted

C:\ProgramData\Systweak deleted

C:\ProgramData\Ask deleted

C:\ProgramData\boost_interprocess deleted

C:\ProgramData\IBUpdaterService deleted

C:\ProgramData\iMesh deleted

C:\Users\Frank en Petra\AppData\Local\Systweak deleted

C:\Users\Frank en Petra\AppData\Local\AVG Nation toolbar deleted

C:\Users\Frank en Petra\AppData\Local\iMesh deleted

C:\Users\Frank en Petra\AppData\Local\PackageAware deleted

C:\Users\Frank en Petra\AppData\Local\Conduit deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh deleted

C:\Windows\SysNative\roboot64.exe deleted

C:\Windows\SysNative\sasnative64.exe deleted

C:\Users\Frank en Petra\AppData\LocalLow\AVG Nation toolbar deleted

C:\Users\Frank en Petra\AppData\LocalLow\WiseConvert_1.4 deleted

C:\Users\Frank en Petra\AppData\LocalLow\mediabarim deleted

C:\Users\Frank en Petra\AppData\LocalLow\wincoreimband deleted

C:\Users\Frank en Petra\AppData\LocalLow\BabylonToolbar deleted

C:\Users\Frank en Petra\AppData\LocalLow\DataMngr deleted

C:\Users\Frank en Petra\AppData\LocalLow\Conduit deleted

C:\windows\SysNative\Tasks\Advanced System Protector_startup deleted

C:\PROGRA~2\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} deleted

"C:\Program Files (x86)\AVG Nation toolbar\vprot.exe" deleted

"C:\PROGRA~2\AVG Nation toolbar\vprot.exe" deleted

"C:\PROGRA~2\Advanced System Protector\AdvancedSystemProtector.exe" deleted

"C:\PROGRA~2\Advanced System Protector\aspsys.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted

"C:\PROGRA~2\Advanced System Protector\System.Data.SQLite.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Xceed.Compression.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Xceed.FileSystem.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Xceed.Zip.dll" deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe" deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll" deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll" deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\DnsBHO.dll" deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll" deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe" deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll" deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll" deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\x64\DnsBHO.dll" deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12\avgdttbx.dll" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll" deleted

"C:\Program Files (x86)\AVG Nation toolbar" deleted

"C:\Program Files (x86)\iMesh Applications" not deleted

"C:\PROGRA~2\AVG Nation toolbar" deleted

"C:\PROGRA~2\iMesh Applications" not deleted

"C:\PROGRA~2\Advanced System Protector" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar" not deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr" not deleted

"C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64" not deleted

"C:\PROGRA~2\iMesh Applications\MediaBar" not deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr" not deleted

"C:\PROGRA~2\iMesh Applications\MediaBar\Datamngr\x64" not deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\17.0.12" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-10-22 12:20:00 F9F4905664C5B42B49E78EFA12D1A6B6 20 ----a-w- C:\Windows\(õ¶

====== C:\Users\FRANKE~1\AppData\Local\Temp ====

2013-10-23 12:48:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Frank en Petra\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\29QYQN16\RSITx64[1].exe

2013-10-23 07:37:27 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Users\Frank en Petra\AppData\Local\Temp\oi_{5F21E7CA-CBA3-4474-B497-6E48990EFD00}.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2013-10-21 16:48:21 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2013-10-21 16:48:11 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2013-10-21 16:48:11 9B0B14B405E0EDF76B5F5E31A49EB753 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-21 16:48:11 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\SysWOW64\java.exe

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-10-23 07:37:45 A1F53D2A00E64679A1D81B61D2333D06 46368 ----a-w- C:\Windows\Sysnative\drivers\avgtpx64.sys

2013-09-25 19:07:30 0D75C5C4EBF3D8197448189A2F153116 148792 ----a-w- C:\Windows\Sysnative\drivers\avgdiska.sys

====== C:\Windows\Tasks ======

2013-10-23 07:38:52 9B7DD89F133CA1BD9830886D99F9EC12 3230 ----a-w- C:\Windows\Sysnative\Tasks\SidebarExecute

2013-10-22 12:39:08 EB643F9F7B6C998171EA9ABFFAE7B3E1 3552 ----a-w- C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task fa1be969-393a-442f-88d5-a682b9adb285

2013-10-22 12:39:08 D483A43DFDA38C355C3BE003EB4928F6 528 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fa1be969-393a-442f-88d5-a682b9adb285.job

2013-10-22 12:39:07 8A0D4FD53CC7B366C7B0E1BAD4E6A4C5 3626 ----a-w- C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task 0f5343a4-44d7-4818-ad21-ffd05aba3d7c

2013-10-22 12:39:07 395F88C34671D34534972E61E487B113 528 ----a-w- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0f5343a4-44d7-4818-ad21-ffd05aba3d7c.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-10-23 12:49:14 -------- d-----w- C:\Program Files\trend micro

2013-10-22 12:41:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware

======= C:\PROGRA~2 =====

2013-10-23 07:29:29 -------- d-----w- C:\PROGRA~2\AVG

2013-10-23 07:20:37 -------- d-----w- C:\PROGRA~2\Trend Micro

2013-10-21 16:48:33 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

======= C: =====

====== C:\Users\Frank en Petra\AppData\Roaming ======

2013-10-23 07:39:50 -------- d-----w- C:\Users\Frank en Petra\AppData\Roaming\AVG2014

2013-10-23 07:38:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014

2013-10-23 07:37:59 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014

2013-10-23 07:37:57 -------- d-----w- C:\Users\Frank en Petra\AppData\Roaming\TuneUp Software

2013-10-23 07:29:35 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014

2013-10-23 07:22:58 -------- d-----w- C:\Users\Frank en Petra\AppData\Local\Avg2014

2013-10-22 12:38:46 -------- d-----w- C:\Users\Frank en Petra\AppData\Roaming\SUPERAntiSpyware.com

2013-10-10 10:37:22 -------- d-----w- C:\Users\Frank en Petra\AppData\Roaming\Dropbox

2013-09-28 14:11:17 -------- d-----w- C:\Users\Frank en Petra\AppData\Local\HEMA Fotoservice

====== C:\Users\Frank en Petra ======

2013-10-23 07:37:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2013-10-23 07:31:32 -------- d-----w- C:\ProgramData\AVG2014

2013-10-23 07:22:58 -------- d--h--w- C:\ProgramData\Common Files

2013-10-22 12:41:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2013-10-22 12:38:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-10-21 16:48:40 -------- d-----w- C:\ProgramData\Oracle

2013-10-21 16:47:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2013-10-10 10:51:48 -------- d-----r- C:\Users\Frank en Petra\Dropbox

====== C: exe-files ==

2013-10-23 12:49:16 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Frank en Petra.exe

2013-10-23 12:48:08 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Frank en Petra\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\29QYQN16\RSITx64[1].exe

2013-10-23 07:37:27 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Users\Frank en Petra\AppData\Local\Temp\oi_{5F21E7CA-CBA3-4474-B497-6E48990EFD00}.exe

2013-10-22 12:39:25 1DB5B92E54BA5E4976995B6BE4B0BB81 34615136 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\30.0.1599.101\30.0.1599.101_chrome_installer.exe

2013-10-21 16:48:21 9223A2810B73069F4A03A636052EF14A 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2013-10-21 16:48:11 DC1342498BEE7EF1646E9D63138B69CC 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2013-10-21 16:48:11 658633D255FEF154EA1CB8705B4468C5 174504 ----a-w- C:\Windows\SysWOW64\java.exe

=== C: other files ==

2013-10-23 07:37:45 A1F53D2A00E64679A1D81B61D2333D06 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume"

"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"

"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"

"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot"

"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

"PPort11reminder"="C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"

"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"

"vProt"="C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~2\\IMESHA~1\\MediaBar\\Datamngr\\datamngr.dll C:\\PROGRA~2\\IMESHA~1\\MediaBar\\Datamngr\\IEBHO.dll "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2011-02-22 10:22:43 1042 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk

2011-02-22 10:12:09 1042 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-10-2013 11:53]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-02-2012 17:33]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-02-2012 17:33]

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0f5343a4-44d7-4818-ad21-ffd05aba3d7c.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [11-10-2013 00:55]

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task fa1be969-393a-442f-88d5-a682b9adb285.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [11-10-2013 00:55]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]

"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task 0f5343a4-44d7-4818-ad21-ffd05aba3d7c" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]

"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task fa1be969-393a-442f-88d5-a682b9adb285" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]

"C:\Windows\SysNative\tasks\{0C23FFED-8853-40E7-9212-D1024D0E7DDA}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]

"C:\Windows\SysNative\tasks\{3C3A05F7-8CDA-4714-916C-55AA5E46043E}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE]

"C:\Windows\SysNative\tasks\{5439B4D6-39B2-4DDF-BD01-D92E80A98ED6}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]

"C:\Windows\SysNative\tasks\{718EA6E6-556C-42C9-93B0-D2C9A2456148}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]

"C:\Windows\SysNative\tasks\{76945E93-A14E-4F79-99EA-ED4485FB728B}" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\{77C9E327-D939-4661-B86D-D0F4F6C5F047}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]

"C:\Windows\SysNative\tasks\{9AD4EC86-0122-4996-A151-BF1B0B060B66}" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\{E70007FA-1AEF-42E7-9DCA-DE05F63B097C}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]

"C:\Windows\SysNative\tasks\{EF6076C8-7526-480E-ADED-E296BB8CB7A6}" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\{F82621BC-D882-412A-8600-A834088AC6BC}" [C:\Program Files (x86)\Windows Live\Mail\wlmail.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [04-10-2013 15:15]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02-10-2013 14:05]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="nu.nl | Het laatste nieuws het eerst op nu.nl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="Babylon Search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="Babylon Search"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="nu.nl | Het laatste nieuws het eerst op nu.nl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{8F2D5F88-F8E4-42D1-B5EA-444189B335F4} Unknown Url="Not_Found"

{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Unknown Url="Not_Found"

{B712E78B-1656-4268-B876-68045A4F3A22} Unknown Url="Not_Found"

{C01FEA47-8024-4378-8CB3-CBECCAA90DFB} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F2D5F88-F8E4-42D1-B5EA-444189B335F4} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B712E78B-1656-4268-B876-68045A4F3A22} deleted successfully

HKEY_USERS\S-1-5-21-1073137438-167754670-117252264-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C01FEA47-8024-4378-8CB3-CBECCAA90DFB} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Frank en Petra\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Frank en Petra\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DVD5322 will be deleted at reboot

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1MPG32W3 will be deleted at reboot

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEMX53J5 will be deleted at reboot

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GS6W1G83 will be deleted at reboot

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z61G7KR0 will be deleted at reboot

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

[kape]

Deze "geheimtaal" was inderdaad wat we nodig hadden. En ik kan je vertellen dat deze duidelijk gemaakt heeft dat er een berg rotzooi van deze PC gehaald is. Maar nog niet alles, daarom gaan we nog een stapje verder:

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r64
 "SynTPEnh"=-;r64
 autoclean;

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[Petra 2CV]

Zo, dat klinkt verfrissend! Gaat het nu alweer een beetje goed met onze computer? Hopelijk kun je weer wijs uit dit gebrabbel, ik heb mijn best gedaan en keurig de instructies opgevolgd.

Zoek.exe Version 4.0.0.5 Updated 22-October-2013

Tool run by Frank en Petra on do 24-10-2013 at 21:34:57,90.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Frank en Petra\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-24-092045.log 30670 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=-

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [04-10-2013 15:15]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02-10-2013 14:05]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="nu.nl | Het laatste nieuws het eerst op nu.nl"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="nu.nl | Het laatste nieuws het eerst op nu.nl"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\FRANKE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found

"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Program Files (x86)\iMesh Applications" not found

"C:\PROGRA~2\iMesh Applications" not found

"C:\PROGRA~2\Advanced System Protector" not found

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DVD5322" not found

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1MPG32W3" not found

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EEMX53J5" not found

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GS6W1G83" not found

"C:\Users\Frank en Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z61G7KR0" not found

==== EOF on do 24-10-2013 at 21:55:30,85 ======================

[kape]

Volgens dit logje zou alles weer OK moeten zijn. Alleen jij kan bevestigen of dit ook zo is ? Laat dit even weten en - indien OK - kunnen we aan de opruiming van de restjes beginnen.

[Petra 2CV]

Klinkt goed, dus hoopvol heb ik internet geopend en: Search here tabblad was weg!!!

Dus vol goede moed wil ik bij de instellingen mijn startpagina's ingeven en daar hield mijn opluchting op....

De startpagina die ik ingeef google.nl wordt automatisch (als ik op "standaard gebruiken" klik) weer gewijzigd in MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! waardoor ik in no time weer search here er op heb zitten, heb ik dus direct verwijderd. Ik heb dit weer terug veranderd in nu en google en op toepassen geklikt. Waarom komt dat g.uk.msn toch weer zo snel vandaan?

Qua snelheid merk ik ook nog geen vooruitgang, computer is nog steeds bijzonder traag. Kan dat alleen niet helemaal objectief zeggen omdat ik nog aan het back-uppen ben.

Wat ben ik blij als dit gedonder opgelost zou zijn zeg, ben er ondertussen al zo'n beetje de hele week mee bezig, gelukkig zit er sinds jouw hulp schot in de zaak!

Dat is ook vreemd; mee dat ik het berichtje plaats wordt de link g.uk.msn HPCON/8 direct veranderd in de rode letters... Voor mij blijven computers maar magisch..

Kan MSN ook verwijderd worden of ben ik dan mijn e-mail kwijt?

Bing mag ook verwijderd worden als we toch nog gaan opruimen.

25 oktober 2013 aangepast door kape

[kape]

Download AdwCleaner by Xplode naar je bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.