Ga naar inhoud

Opschoning laptop


Aanbevolen berichten

Ik heb hier een patiënt op bezoek waarop 2 administrator-accounts actief zijn, dit is het RSIT logje van "account 1":

Logfile of random's system information tool 1.10 (written by random/random)

Run by Nick at 2014-07-25 18:15:44

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 31 GB (29%) free of 107 GB

Total RAM: 1982 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:17:28, on 25/07/2014

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16561)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Users\Nick\Desktop\RSIT.exe

C:\Program Files\trend micro\Nick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Zita

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

R3 - URLSearchHook: Spelletjes Toolbar - {2b0cf91e-63d5-4474-9229-134d0b96fb28} - C:\Program Files\Spelletjes\prxtbSpel.dll

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

O2 - BHO: Spelletjes - {2b0cf91e-63d5-4474-9229-134d0b96fb28} - C:\Program Files\Spelletjes\prxtbSpel.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Ask Shopping Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" (file missing)

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O3 - Toolbar: Spelletjes Toolbar - {2b0cf91e-63d5-4474-9229-134d0b96fb28} - C:\Program Files\Spelletjes\prxtbSpel.dll

O3 - Toolbar: Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" (file missing)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ask-updateservice (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9507 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default

prefs.js - "browser.startup.homepage" - "http://www.google.be"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 14.0.0.145 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.40.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]

"Description"=Google Updater

"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\components\

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\extensions\

{2b0cf91e-63d5-4474-9229-134d0b96fb28}(22)

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\

ask-search.xml

askcom.xml

safesearch.xml

Search_Results.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b0cf91e-63d5-4474-9229-134d0b96fb28}]

Spelletjes Toolbar - C:\Program Files\Spelletjes\prxtbSpel.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Norton Identity Protection - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll [2014-04-28 654176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Norton Vulnerability Protection - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL [2014-02-21 392344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-31 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask Shopping Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ\Passport.dll [2014-06-24 12184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]

VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2b0cf91e-63d5-4474-9229-134d0b96fb28} - Spelletjes Toolbar - C:\Program Files\Spelletjes\prxtbSpel.dll [2011-05-09 176936]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Shopping Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ\Passport.dll [2014-06-24 12184]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll [2014-04-28 654176]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-31 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]

"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]

"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]

"CognizanceTS"=c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-22 17920]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]

"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"AgentMonitor"=C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [2013-06-20 391040]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"ApnTBMon"=C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2014-06-24 1956760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-31 39408]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lime pro]

C:\Program Files\Lime PRO\LimePro.exe [2011-08-16 3670528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-31 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\Windows\System32\APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

wlnotify.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"msacm.siren"=sirenacm.dll

"vidc.XVID"=xvidvfw.dll

"msacm.l3codecp"=

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-07-25 18:15:47 ----D---- C:\Program Files\trend micro

2014-07-25 18:15:44 ----D---- C:\rsit

2014-07-25 18:09:02 ----ASH---- C:\hiberfil.sys

2014-07-14 07:56:51 ----A---- C:\Windows\ntbtlog.txt

2014-07-10 21:26:06 ----A---- C:\Windows\system32\win32k.sys

2014-07-10 21:26:05 ----A---- C:\Windows\system32\qedit.dll

2014-07-10 21:26:01 ----A---- C:\Windows\system32\drivers\afd.sys

2014-07-10 21:25:14 ----A---- C:\Windows\system32\wininet.dll

2014-07-10 21:25:14 ----A---- C:\Windows\system32\vbscript.dll

2014-07-10 21:25:14 ----A---- C:\Windows\system32\mshtmled.dll

2014-07-10 21:25:14 ----A---- C:\Windows\system32\jscript.dll

2014-07-10 21:25:14 ----A---- C:\Windows\system32\ieui.dll

2014-07-10 21:25:14 ----A---- C:\Windows\system32\dxtrans.dll

2014-07-10 21:25:14 ----A---- C:\Windows\system32\dxtmsft.dll

2014-07-10 21:25:13 ----A---- C:\Windows\system32\jscript9.dll

2014-07-10 21:25:11 ----A---- C:\Windows\system32\mshtml.dll

2014-07-10 21:25:08 ----A---- C:\Windows\system32\msfeedssync.exe

2014-07-10 21:25:08 ----A---- C:\Windows\system32\msfeedsbs.dll

2014-07-10 21:25:08 ----A---- C:\Windows\system32\msfeeds.dll

2014-07-10 21:25:08 ----A---- C:\Windows\system32\jsproxy.dll

2014-07-10 21:25:07 ----A---- C:\Windows\system32\url.dll

2014-07-10 21:25:05 ----A---- C:\Windows\system32\ieUnatt.exe

2014-07-10 21:25:05 ----A---- C:\Windows\system32\iertutil.dll

2014-07-10 21:25:05 ----A---- C:\Windows\system32\ieframe.dll

2014-07-10 21:25:04 ----A---- C:\Windows\system32\urlmon.dll

2014-07-10 21:25:04 ----A---- C:\Windows\system32\mshta.exe

2014-07-08 06:08:34 ----D---- C:\Program Files\McAfee Security Scan

2014-07-05 19:54:04 ----D---- C:\ProgramData\McAfee Security Scan

2014-07-05 19:53:56 ----D---- C:\ProgramData\McAfee

2014-06-26 05:56:31 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 month======

2014-07-25 18:15:47 ----RD---- C:\Program Files

2014-07-25 18:15:29 ----D---- C:\Windows\temp

2014-07-25 18:13:31 ----SHD---- C:\System Volume Information

2014-07-25 18:11:05 ----D---- C:\Windows\SMINST

2014-07-14 07:56:51 ----D---- C:\Windows

2014-07-12 09:36:16 ----D---- C:\Windows\system32\drivers\NIS

2014-07-12 09:23:59 ----D---- C:\Windows\System32

2014-07-12 09:23:48 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-07-12 09:06:04 ----D---- C:\Program Files\Windows Journal

2014-07-12 09:06:01 ----D---- C:\Windows\system32\migration

2014-07-12 09:06:01 ----D---- C:\Windows\system32\drivers

2014-07-12 09:06:01 ----D---- C:\Program Files\Internet Explorer

2014-07-12 09:03:25 ----D---- C:\Windows\winsxs

2014-07-12 08:58:25 ----D---- C:\Windows\system32\MRT

2014-07-12 08:58:13 ----A---- C:\Windows\system32\mrt.exe

2014-07-10 21:25:38 ----D---- C:\Windows\system32\catroot

2014-07-10 21:25:37 ----D---- C:\Windows\system32\catroot2

2014-07-06 05:53:07 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-07-06 05:53:03 ----D---- C:\Windows\inf

2014-07-05 19:54:04 ----D---- C:\ProgramData

2014-06-26 05:57:19 ----SHD---- C:\Windows\Installer

2014-06-26 05:56:40 ----D---- C:\Program Files\AskPartnerNetwork

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]

R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1503000.00C\SYMDS.SYS [2013-09-10 367704]

R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1503000.00C\SYMEFA.SYS [2014-03-04 936152]

R1 BHDrvx86;BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [2014-05-10 1101616]

R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [2013-09-26 127064]

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2014-06-26 377648]

R1 IDSVix86;IDSVix86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140708.001\IDSvix86.sys [2014-06-18 395992]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [2013-09-10 32344]

R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [2013-09-27 206936]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMTDIV.SYS [2014-02-18 384728]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]

R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]

R3 BCM43XX;Stuurprogramma voor de Broadcom 802.11-netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-06-12 109872]

R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]

R3 NAVENG;NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140708.016\NAVENG.SYS [2014-06-26 93272]

R3 NAVEX15;NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140708.016\NAVEX15.SYS [2014-06-26 1612376]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [2014-02-13 664280]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2013-11-18 142936]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]

R3 usbvideo;USB-videoapparaat (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]

S3 catchme;catchme; \??\C:\Users\Nick\AppData\Local\Temp\catchme.sys []

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 E100B;Intel® PRO-adapterstuurprogramma; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 SCL0102K;SCL010 Contactless Reader; C:\Windows\system32\DRIVERS\SCL0102K.sys [2009-11-30 61952]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

R2 APNMCP;Ask-updateservice; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-06-24 165784]

R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]

R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [2014-05-11 276376]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-31 194032]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12 262320]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-19 119408]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites

Hallo,

Op de computer staan 2 antivirus programma's geïnstalleerd: McAfee en Norton Internet Security. Je kan één van beide beter (laten) verwijderen.

  1. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
    Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
chromelook; 
firefoxlook; 
emptyfolderscheck;delete 
emptyclsid; 
startupall; 
filesrcm;
C:\Program Files\AskPartnerNetwork;fs
{00000000-6E41-4FD3-8538-502F5495E5FC};c
{2b0cf91e-63d5-4474-9229-134d0b96fb28};c
C:\Program Files\Spelletjes;fs
C:\Program Files\Ask.com;fs
{D4027C7F-154A-4066-A1AD-4243D8127440};c
APNMCP;s
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\ask-search.xml;fs
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\askcom.xml;fs
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\safesearch.xml;fs
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\Search_Results.xml;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
"ApnTBMon"=-;r


  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

[*]Download 51a46ae42d560-malwarebytes_anti_malware.pngMalwareBytes Anti-Malware bij voorkeur naar het bureaublad.


  • Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
  • Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.


  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.

    • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    • Dit bestand zal standaard op uw bureaublad worden opgeslagen.

532aab157609a-MBAM-Scan.png

MalwareBytes' Anti-Malware logbestand plaatsen


  • Voeg het logbestand wat u zojuist heeft opgeslagen als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken)
  • Plaats de inhoud van dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites

McAfee is verwijderd, zoek.exe is vlot verlopen (logje hieronder) maar MBAM is vastgelopen ... loopt dus voor de tweede keer momenteel.

Zoek.exe v5.0.0.0 Updated 24-07-2014

Tool run by Nick on vr 25/07/2014 at 18:59:59,72.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Nick\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

25/07/2014 19:01:24 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\BearShare Applications deleted successfully

C:\Program Files\GUM6141.tmp deleted successfully

C:\Program Files\MSXML 4.0 deleted successfully

C:\Program Files\TomTom DesktopSuite deleted successfully

C:\Program Files\Common Files\SWF Studio deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\PCSettings deleted successfully

C:\Users\Nick\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\Nick\AppData\Local\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2b0cf91e-63d5-4474-9229-134d0b96fb28} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\APNMCP deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ApnTBMon"=-

==== Deleting Files \ Folders ======================

C:\Program Files\Ask.com not found

C:\Program Files\Spelletjes deleted

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\ask-search.xml deleted

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\askcom.xml deleted

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\safesearch.xml deleted

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\searchplugins\Search_Results.xml deleted

"C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted

"C:\Program Files\AskPartnerNetwork" deleted

"C:\Program Files\AskPartnerNetwork\Toolbar" deleted

"C:\Program Files\AskPartnerNetwork\Toolbar\Updater" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Nick\AppData\Local\Temp ====

2014-07-25 16:56:00 D7AD0AD3162BCD50E1D2E462E8C748EA 264488 ----a-w- C:\Users\Nick\AppData\Local\temp\MSS\3.8.150.1\McInstallerRes.dll

2014-07-25 16:56:00 9BD51360CB8F1A2206642599D40FD258 419048 ----a-w- C:\Users\Nick\AppData\Local\temp\MSS\3.8.150.1\mcbrwsr2.dll

2014-07-25 16:56:00 7A5A07D9A323DFD9097C9CF39E6802E6 153760 ----a-w- C:\Users\Nick\AppData\Local\temp\MSS\3.8.150.1\McInstallerRes_LD.dll

2014-07-25 16:56:00 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Users\Nick\AppData\Local\temp\MSS\3.8.150.1\McUICnt.exe

2014-07-25 16:56:00 26FD227409FB73C4D958602B8A3EFFA0 577632 ----a-w- C:\Users\Nick\AppData\Local\temp\MSS\3.8.150.1\McInstallerStartup.dll

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2014-07-25 16:47:43 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-07-25 16:47:43 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-07-10 19:26:01 F5272A105F59A7B3B345D9D6D87DA7AD 273408 ----a-w- C:\Windows\System32\drivers\afd.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-07-25 16:41:58 -------- d-----w- C:\Program Files\Speccy

2014-07-25 16:15:47 -------- d-----w- C:\Program Files\trend micro

======= C: =====

====== C:\Users\Nick\AppData\Roaming ======

2014-07-25 16:42:23 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking

2014-07-05 19:43:38 -------- d-----w- C:\Users\Nick\AppData\Local\Adobe

2014-06-26 03:56:57 -------- d-----w- C:\Users\Nick\AppData\Local\AskPartnerNetwork

====== C:\Users\Nick ======

2014-07-25 16:42:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2014-07-08 04:23:25 536C47F39D34FCD635FBACE0F563CBB8 3194495 ----a-w- C:\Users\Nick\Stromae - Formidable [Lyrics HQ] - from YouTube.mp3

2014-07-08 04:22:22 5FE26F26F49ACD199BB990EEC4E687EC 3214975 ----a-w- C:\Users\Nick\Stromae - ta fête - from YouTube.mp3

2014-07-08 04:20:36 DD3140CB7E5B72438E70AF57160D3662 4648157 ----a-w- C:\Users\Nick\Pharrell Williams - Marilyn Monroe - from YouTube.mp3

2014-07-08 04:19:00 12FC5831EFD4F935818FE676041C106D 3952255 ----a-w- C:\Users\Nick\Pharrell Williams - Happy (Official Music Video) - from YouTube.mp3

2014-07-08 04:16:31 C36AC6934BD9CF9635FA94C9DCA1D1E6 3953508 ----a-w- C:\Users\Nick\Michael Jackson, Justin Timberlake - Love Never Felt So Good - from YouTube.mp3

2014-07-08 04:11:56 087CA3C0972B5884544E06A605A70FD1 58357584 ----a-w- C:\Users\Nick\Deadmau5 Live @ Main Stage, Ultra Music Festival 2014, Miami, US 03 29 2014 Presented by UMF - from YouTube.mp3

2014-07-06 04:19:49 89CC3D5D5645DBB505DCBAB2D036495A 86847771 ----a-w- C:\Users\Nick\Carl Cox - Ultra Music Festival 2014 (Friday) - 28.03.2014 - from YouTube (1).mp3

2014-07-06 04:04:35 89CC3D5D5645DBB505DCBAB2D036495A 86847771 ----a-w- C:\Users\Nick\Carl Cox - Ultra Music Festival 2014 (Friday) - 28.03.2014 - from YouTube.mp3

2014-07-06 04:02:13 B0EF9DA44729D8876E6B94788B053776 3454883 ----a-w- C:\Users\Nick\OZARK HENRY - I_'M YOUR SACRIFICE - from YouTube.mp3

2014-07-06 04:00:07 969B6FB3ED52677C5F40ABCC5FA5115F 3012682 ----a-w- C:\Users\Nick\The Common Linnets - Calm After The Storm (The Netherlands) 2014 Eurovision Song Contest - from YouTube.mp3

2014-07-06 03:58:23 95A83BBBCD4EA474E2380A9E3850CBFF 3388010 ----a-w- C:\Users\Nick\The Black Keys - Little Black Submaries - from YouTube.mp3

====== C: exe-files ==

2014-07-25 16:56:00 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Users\Nick\AppData\Local\temp\MSS\3.8.150.1\McUICnt.exe

2014-07-25 16:42:42 8ADE4FA030ABC0A8223C22BCA411CEB9 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1667088166-3542532225-2137799823-1001\$IUC39OG.exe

2014-07-25 16:42:31 11BA55B98DE4932234A7BF03737606D9 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1667088166-3542532225-2137799823-1001\$I0S8PUT.exe

2014-07-25 16:42:24 E10F607105994A0941FA13A95BD47F43 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1667088166-3542532225-2137799823-1001\$I8JDZCO.exe

2014-07-25 16:39:54 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1667088166-3542532225-2137799823-1001\$R8JDZCO.exe

2014-07-25 16:15:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Nick.exe

2014-07-25 16:13:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1667088166-3542532225-2137799823-1001\$RUC39OG.exe

2014-07-25 16:11:40 C5D237A3DA4A914D19D825C73FDE4487 8848464 ----a-w- C:\Program Files\Google\Update\Install\{165FDE85-6E97-422E-8E74-395035740BCC}\36.0.1985.125_35.0.1916.153_chrome_updater.exe

2014-07-25 16:11:40 C5D237A3DA4A914D19D825C73FDE4487 8848464 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe

=== C: other files ==

2014-07-25 16:47:43 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-07-25 16:47:43 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"

"CognizanceTS"="rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"AgentMonitor"="C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"

"hpWirelessAssistant"="%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

"WAWifiMessage"="%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\System32\\APSHook.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LightScribe Control Panel"

"hkey"="HKCU"

"command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lime pro]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="lime pro"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Lime PRO\\LimePro.exe\" -h"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="swg"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TomTomHOME.exe"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\""

==== Startup Folders ======================

2007-12-08 21:41:30 1875 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/07/2014 09:23]

C:\Windows\tasks\Google Software Updater.job --a------ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [31/08/2012 16:55]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/01/2010 12:42]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [31/01/2010 12:42]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\system32\tasks\ExtendedServicePlan" ["C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe"]

"C:\Windows\system32\tasks\Google Software Updater" [C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\HP Health Check" ["C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"]

"C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe"]

"C:\Windows\system32\tasks\{0CEF7FCC-7029-4F2F-A56A-F76ABD48EE4F}" ["c:\program files\google\chrome\application\chrome.exe"]

"C:\Windows\system32\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe]

"C:\Windows\system32\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF" [18/06/2014 20:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default

- Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

- Spelletjes - %ProfilePath%\extensions\{2b0cf91e-63d5-4474-9229-134d0b96fb28}(22)

- Firefox 3 theme for Firefox 4 - %ProfilePath%\extensions\ffe_ff3ff4@game-point.net.xpi

- Ask Toolbar - %ProfilePath%\extensions\toolbar@ask.com.xpi

ProfilePath: C:\Users\Nick\AppData\Roaming\TomTom\HOME\Profiles\qkfyjdso.default

- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default

4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43

358878E398AB0FB8B1EE176C2E3EDF48 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll - Google Updater

D38AFAE9A9F77F9BE6473E9CC83D5647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9

8B98B1A31858618AD9544477E2F7814D - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9

D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9

7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9

D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9

2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9

8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9

8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ\CRX\ToolbarCR.crx[25/06/2014 01:53]

cdjfkejjfbnnahgfabnehkfkhpfghoak - C:\Users\Nick\AppData\Local\CRE\cdjfkejjfbnnahgfabnehkfkhpfghoak.crx[28/10/2012 16:29]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx[28/04/2014 14:52]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

cdjfkejjfbnnahgfabnehkfkhpfghoak - C:\Users\Nick\AppData\Local\CRE\cdjfkejjfbnnahgfabnehkfkhpfghoak.crx[28/10/2012 16:29]

Ask Toolbar - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Spelletjes - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjfkejjfbnnahgfabnehkfkhpfghoak

Norton Identity Protection - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== C:\zoek_backup content ======================

C:\zoek_backup (files=75 folders=31 20008237 bytes)

==== EOF on vr 25/07/2014 at 19:09:59,41 ======================

Link naar reactie
Delen op andere sites

Prima, ik zie het logje van MBAM wel verschijnen.

Nadien kan je eventueel al volgende doen:

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Start 51a612a8b27e2-Zoek.pngZoek.exe nogmaals met het onderstaande script.


  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
     
    autoclean;
    C:\Users\Nick\AppData\Local\AskPartnerNetwork;fs
    C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\extensions\{2b0cf91e-63d5-4474-9229-134d0b96fb28}(22);fs
    C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\extensions\toolbar@ask.com.xpi;fs
    aaaaojmikegpiepcfdkkjaplodkpfmlo;chr
    cdjfkejjfbnnahgfabnehkfkhpfghoak;chr
    


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites

Laatste logje van MBAM hieronder, andere logs heeft ie niet: liep telkens vast bij het exporteren ... er werden alle runs samen zo'n 250 PUP's verwijderd.

Malwarebytes Anti-Malware

Malwarebytes | Free Anti-Malware & Internet Security Software

Scandatum: 25/07/2014

Scantijd: 22:25:40

Logbestand: mbam.txt

Beheerder: Ja

Versie: 2.00.2.1012

Malwaredatabase: v2014.07.25.07

Rootkitdatabase: v2014.07.17.01

Licentie: Gratis

Malwarebescherming: Uitgeschakeld

Kwaadaardige Website Bescherming: Uitgeschakeld

Self-protection: Uitgeschakeld

Besturingssysteem: Windows Vista Service Pack 2

Processor: x86

Bestandssysteem: NTFS

Gebruiker: Nick

Scantype: Bedreigingsscan

Resultaat: Voltooid

Objecten Gescand: 318920

Verstreken Tijd: 16 m, 16 s

Geheugen: Ingeschakeld

Opstarten: Ingeschakeld

Bestandssysteem: Ingeschakeld

Archieven: Ingeschakeld

Rootkits: Uitgeschakeld

Heuristics: Ingeschakeld

POP: Waarschuwen

POA: Ingeschakeld

Processen: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registersleutels: 0

(No malicious items detected)

Registerwaardes: 0

(No malicious items detected)

Registerdata: 0

(No malicious items detected)

Mappen: 0

(No malicious items detected)

Bestanden: 0

(No malicious items detected)

Fysieke Sectoren: 0

(No malicious items detected)

(end)

_________________________________________________________________________________________________________

Zoek.exe v5.0.0.0 Updated 24-07-2014

Tool run by Nick on vr 25/07/2014 at 22:46:19,09.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Nick\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-25-170959.log 20413 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{288B14EF-2C35-4A47-B0EB-E1CDFA8C9A25} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4B2CE579-0209-4A65-8470-44EFDAA34575} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7AE107FA-4712-4808-AB77-730CD173CCEF} deleted successfully

HKEY_USERS\S-1-5-21-1667088166-3542532225-2137799823-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Profiles\v519690

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20142507_2305_.backup

ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default

user.js not found

---- Lines ask.com removed from prefs.js ----

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.order.1", "Ask.com");

---- FireFox user.js and prefs.js backups ----

prefs_20142507_2305_.backup

ProfilePath: C:\Users\Nick\AppData\Roaming\Thunderbird\Profiles\v519690

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20142507_2305_.backup

ProfilePath: C:\Users\Nick\AppData\Roaming\TomTom\HOME\Profiles\qkfyjdso.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_20142507_2305_.backup

==== Deleting Files \ Folders ======================

C:\Users\Nick\AppData\Local\AskPartnerNetwork not found

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\extensions\toolbar@ask.com.xpi not found

C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default\extensions\{2b0cf91e-63d5-4474-9229-134d0b96fb28}(22) deleted

C:\Program Files\Conduit deleted

C:\Users\Nick\AppData\Roaming\Uniblue deleted

C:\PROGRA~2\Ask deleted

C:\PROGRA~2\AlawarWrapper deleted

C:\PROGRA~2\APN deleted

C:\PROGRA~2\boost_interprocess deleted

C:\Users\Nick\AppData\Local\CRE deleted

C:\Users\Nick\AppData\Local\cache deleted

C:\Users\Nick\AppData\Local\Conduit deleted

C:\Users\Nick\Searches deleted

C:\Users\Nick\AppData\LocalLow\wincorebsband deleted

C:\Users\Nick\AppData\LocalLow\Conduit deleted

C:\Windows\WinInit.ini deleted

C:\Windows\System32\REN26A2.tmp deleted

C:\Windows\System32\REN26A3.tmp deleted

C:\Windows\System32\RENECDF.tmp deleted

C:\Windows\System32\RENECE0.tmp deleted

C:\Users\Public\Documents\AlawarWrapper deleted

C:\Users\Nick\EarthatNight Screensaver nlBE.exe deleted

C:\Users\Nick\fundels-2.1.3 (1).exe deleted

C:\Users\Nick\JavaSetup7u11 (1).exe deleted

C:\Users\Nick\NRnR.exe deleted

C:\Users\Nick\TomTomHOME2winlatest.exe deleted

"C:\Windows\Installer\48840.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF" [18/06/2014 20:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default

- Firefox 3 theme for Firefox 4 - %ProfilePath%\extensions\ffe_ff3ff4@game-point.net.xpi

ProfilePath: C:\Users\Nick\AppData\Roaming\TomTom\HOME\Profiles\qkfyjdso.default

- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\xaspnpxb.default

486DCD78DFB28733BFDD4D4EFEA2FD50 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U65

EE23F610D9353B9217FFEC4B73A27EF5 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.650.20

4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

358878E398AB0FB8B1EE176C2E3EDF48 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll - Google Updater

D38AFAE9A9F77F9BE6473E9CC83D5647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9

8B98B1A31858618AD9544477E2F7814D - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9

D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9

7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9

D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9

2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9

8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9

8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cdjfkejjfbnnahgfabnehkfkhpfghoak - C:\Users\Nick\AppData\Local\CRE\cdjfkejjfbnnahgfabnehkfkhpfghoak.crx[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx[26/06/2014 12:22]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

cdjfkejjfbnnahgfabnehkfkhpfghoak - C:\Users\Nick\AppData\Local\CRE\cdjfkejjfbnnahgfabnehkfkhpfghoak.crx[]

Ask Toolbar - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Spelletjes - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjfkejjfbnnahgfabnehkfkhpfghoak

Norton Identity Protection - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage deleted successfully

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjfkejjfbnnahgfabnehkfkhpfghoak deleted successfully

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdjfkejjfbnnahgfabnehkfkhpfghoak_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://be.msn.com/default.aspx?lang=nl-be&ocid=oa-EarthatNight"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://breedband.telenet.be"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://be.msn.com/default.aspx?lang=nl-be&ocid=oa-EarthatNight"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.be/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_nl"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cdjfkejjfbnnahgfabnehkfkhpfghoak deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cdjfkejjfbnnahgfabnehkfkhpfghoak deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Updater deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Users\Nick\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Tiny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\xaspnpxb.default\Cache emptied successfully

C:\Users\Tiny\AppData\Local\Mozilla\Firefox\Profiles\d430zuvm.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2208 folders=408 126272781 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Nick\AppData\Local\temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Users\Tiny\AppData\Local\temp emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Nick\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on vr 25/07/2014 at 23:16:40,48 ======================

Link naar reactie
Delen op andere sites

Goedemorgen,

Begint er beter uit te zien :-)

  1. Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.

    • Sluit alle openstaande vensters.
    • Dubbelklik op AdwCleaner om hem te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
    • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Klik op Scan.
    • Klik vervolgens op Clean.
    • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen


  • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

[*]Download de 51a5c8edc4692-icon1337952077.pngFarbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links

Farbar Recovery Scan Tool 32 bit (x86)

Farbar Recovery Scan Tool 64 bit (x64)

  • Dubbelklik op FRST.exe om de tool te starten.
  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
  • Druk op de Scan knop
  • Er zal u een logbestand aangemaakt worden (FRST.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg dit logbestand als bijlage toe aan het volgende bericht..

Je zei dat je JRT ook al had gedownload? Wat mij betreft mag je die ook even runnen hoor, voeg het logbestand dan ter volledigheid maar toe :top:

Link naar reactie
Delen op andere sites

Goedemorgen Mako,

de tweede admin-account, die wordt niet gebruikt.

Deze nacht heeft de scan van de systeembestanden gelopen en werd een schijfcontrole uitgevoerd, straks volgt nog een defragmentatie.

In bijlage: de logjes.

[ATTACH]34038[/ATTACH]

[ATTACH]34039[/ATTACH]

[ATTACH]34040[/ATTACH]

Link naar reactie
Delen op andere sites

Hoi,

Start de 51a5c8edc4692-icon1337952077.pngFarbar Recovery Scan Tool nogmaals.

  • Download fixlist.txt naar het bureaublad, waar ook FRST.exe aanwezig is.
  • Dubbelklik op FRST.exe om de tool te starten.
  • Als het programma is geopend klik Yes (Ja) bij de disclaimer.
  • Druk op de Fix knop
  • Er zal u een logbestand aangemaakt worden (fixlog.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
  • Voeg dit logbestand als bijlage toe aan het volgende bericht..

Hoe gaat het intussen met de computer? Gaat hij al opnieuw wat sneller?

fixlist.txt

Link naar reactie
Delen op andere sites

Momenteel loopt de defragmentatietool, die heeft nu zo'n 65% van de werkzaamheden uitgevoerd ... hij is stabieler, dat wel, maar na het inloggen op één van de twee accounts duurt het toch dikke twee minuten alvorens hij op zijn bureaublad komt, dit met (voorlopig) uitgeschakelde Norton.

Alle drivers, players, readers, Java, FF, enz ... zijn ondertussen up-to-date.

Nieuw FRST-logje:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014

Ran by Nick at 2014-07-26 11:06:38 Run:1

Running from C:\Users\Nick\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

CHR DefaultSearchKeyword: ask.com

C:\ProgramData\McAfee

*****************

CHR DefaultSearchKeyword: ask.com ==> The Chrome "Settings" can be used to fix the entry.

C:\ProgramData\McAfee => Moved successfully.

==== End of Fixlog ====

Link naar reactie
Delen op andere sites

Ondertussen nog een online scan bij ESET gedaan, TDSSKiller en HitmanPro gerund, MBAM loopt niet meer vast.

Alle gebruikte tools zijn verwijderd, een nieuw herstelpunt gemaakt, de oude zijn verwijderd.

Ccleaner heeft zijn werk ook gedaan: samen met het verwijderen van de installatiebestanden van de ServicePacks toch nog een kleine 5GB schijfruimte kunnen winnen.

De grafische problemen waarvoor hij hier terecht kwam zijn opgelost, temperaturen zitten zo'n 15° lager, loopt lekker en stabiel ... enkel nog een nieuwe adapter bestellen en de patiënt kan er weer voor een jaartje tegen ... xD

Nog suggesties, vragen of zijn we er door ? ... :D

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.