Gesloten
1
Sinds een dag of 3 kan ik internet niet meer op de andere pc opstarten. Ik krijg dan de volgende melding : "Google chrome / Microsoft Windows / TCBHN werkt niet meer en is gesloten. uw voorkeuren kunnen niet worden gelezen, sommige funkties zijn wellicht niet beschikbaar en wijzigingen in voorkeuren worden niet opgeslagen." Mijn kids zijn tussendoor nog wel films wezen kijken, en hebben ook nog geprobeerd een Iphone aan te sluiten om de inhoud van een cdrom over te zetten. Verder weet ik niet wat er gebeurd kan zijn. Ik draai wel regelmatig het programma "Regclean Pro". Ik hoop dat je mij kunt helpen. Vriendelijke groet
Joey
2
Hoi,

1. Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
  • Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


2. Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.

Afbeelding DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.

Dubbelklik op DDS om de tool te starten.

Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
  • DDS.txt
  • Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)
Post het DDS logje samen met het logje van MBAM als bijlage in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
3
Hallo Maxstar
heeft even geduurd, sorry daarvoor. Bij deze de logjes.
Ben vanmiddag na 15.00 weer achter m'n pc, fijne dag verder
Joey

Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: v2013.02.27.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
JaMir :: PC_VAN_JANMIR [administrator]

Bescherming: Ingeschakeld

27-2-2013 2:29:29
mbam-log-2013-02-27 (02-29-29).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 297193
Verstreken tijd: 8 minuut/minuten, 44 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Geen actie ondernomen.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 5
C:\Users\Abigail\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Geen actie ondernomen.
C:\Users\Abigail\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Geen actie ondernomen.
C:\Users\Mitchell\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Geen actie ondernomen.
C:\Users\Mitchell\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Geen actie ondernomen.
C:\Users\JaMir\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 13
C:\Users\JaMir\Downloads\Moozy.exe (PUP.BundleInstaller.OI) -> Geen actie ondernomen.
C:\Users\JaMir\Downloads\MusicConverterSetup.exe (PUP.Adware.InstallCore) -> Geen actie ondernomen.
C:\Users\JaMir\Downloads\SaveAs.exe (PUP.Offerware) -> Geen actie ondernomen.
C:\Users\JaMir\Downloads\Niet bevestigd 358302.crdownload (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\JaMir\AppData\Roaming\wimknrncds.txt (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\System32\user32.dat (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\JaMir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\JaMir\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\JaMir\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)


Dan de DDS
======================================================================================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450
Run by JaMir at 8:46:49 on 2013-02-27
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\CloudSoft\OptimizerPro\OptimizerPro.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\CloudSoft\SaveAs\SaveAs.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Packard Bell\FIJI\ABoard.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Packard Bell\FIJI\AOSD.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_def_go" onclick="window.open(this.href);return false;
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=58fec340-55f5-42d0-8859-db1b44545323&searchtype=ds&q=" onclick="window.open(this.href);return false;{searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=58fec340-55f5-42d0-8859-db1b44545323&searchtype=ds&q=" onclick="window.open(this.href);return false;{searchTerms}
uDefault_Page_URL = hxxp://go.packardbell.com/?id=9152" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid=" onclick="window.open(this.href);return false;{D57A5D90-0A1A-11E2-AED2-001E904C7C28}
mSearch Page = ${URL_SEARCHPAGE}
uProxyServer = hxxp=127.0.0.1:33921
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=NL&userid=58fec340-55f5-42d0-8859-db1b44545323&searchtype=ds&q=" onclick="window.open(this.href);return false;{searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q=" onclick="window.open(this.href);return false;{searchTerms}&mntrId=6aaaed5d000000000000001e904c7c28&tlver=1.4.19.19&affID=19405
mURLSearchHooks: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbTogg.dll
mWinlogon: Userinit = c:\windows\system32\ezShellStart.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.6.9.12\bh\BabylonToolbar.dll
BHO: {30E89BA2-CDD0-EFAB-DCDC-A26AE9A48F50} - <orphaned>
BHO: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbTogg.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google\google_bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - c:\program files\toggledu\tbTogg.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.6.9.12\BabylonToolbarTlbr.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ACTIVBOARD] c:\program files\packard bell\fiji\aboard.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Skytel] Skytel.exe
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{77BF9EC4-708F-44E9-8305-D33291DCA91A} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\saveas\sprote~1.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - c:\windows\system32\ezUPBHook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? SkypeUpdate;Skype Updater
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? ASO3DiskOptimizer;ASO3DiskOptimizer
S? Avgfwfd;AVG network filter service
S? avgfws;AVG Firewall
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? ezSharedSvc;Easybits Shared Services for Windows
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
.
=============== Created Last 30 ================
.
2013-02-27 01:28:43 -------- d-----w- c:\users\jamir\appdata\roaming\Malwarebytes
2013-02-27 01:28:39 -------- d-----w- c:\programdata\Malwarebytes
2013-02-27 01:28:38 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-27 01:28:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-21 16:36:27 -------- d-----w- c:\program files\Watchtower
2013-02-21 15:42:10 -------- d-----w- c:\program files\Advanced System Optimizer 3
2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-14 09:56:08 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-02-13 12:24:42 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 12:24:40 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 12:24:40 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 12:24:38 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:24:36 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 02:43:29 -------- d-----w- C:\fc6095b6783c76de4e2f7309f7
2013-02-12 00:08:49 -------- d-----w- c:\programdata\BrowserProtect
2013-02-12 00:07:18 -------- d-----w- c:\program files\Yontoo
2013-02-12 00:07:09 -------- d-----w- c:\programdata\Tarma Installer
2013-02-12 00:06:55 -------- d-----w- c:\program files\TornTV.com
2013-02-11 13:50:16 -------- d-----w- c:\users\jamir\appdata\roaming\BabSolution
2013-02-08 16:09:23 15739760 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-07 14:34:19 119888 ----a-w- c:\users\jamir\appdata\roaming\BabMaint.exe
2013-02-03 16:15:10 -------- d-----w- c:\users\jamir\appdata\roaming\AVG2013
2013-02-03 15:59:25 -------- d--h--w- C:\$AVG
2013-02-03 15:59:24 -------- d-----w- c:\programdata\AVG2013
2013-02-03 15:46:59 -------- d-----w- c:\users\jamir\appdata\local\MFAData
2013-02-03 15:46:59 -------- d-----w- c:\users\jamir\appdata\local\Avg2013
2013-02-01 07:32:22 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{82a5c8d3-d4e5-4853-ba05-1c2a8bb8cb48}\mpengine.dll
.
==================== Find3M ====================
.
2013-02-19 00:40:14 2260 ----a-w- c:\windows\system32\ASOROSet.bin
2013-02-08 16:09:44 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 16:09:44 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-01 15:19:47 723230 ----a-w- c:\windows\unins000.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 8:50:20,93 ===============

===========================================================================================================================
en tot slot attach
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Aangifte inkomstenbelasting 2010
Aangifte inkomstenbelasting 2011
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6
Adobe Photoshop Elements 6.0
Adobe Reader 8
Adobe Reader X (10.1.6) - Nederlands
Adobe Shockwave Player 11.6
Advanced System Optimizer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Babylon toolbar on IE
BabylonObjectInstaller
Bescherm uw gegevens
Bonjour
Browser Address Error Redirector
BrowserCompanion
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Carbonite
CCleaner
D3DX10
Delta Chrome Toolbar
Digital Photo Navigator 1.5
Download Updater (AOL LLC)
EasyBits Magic Desktop
Everio MediaBrowser HD Edition
ExtractNow
Fix RegCleaner v1.0
Foxit Reader
Foxit Toolbar
Gebruikersregistratie voor Canon MG5100 series
Google BAE
Google Chrome
Google Desktop
Google Earth
Google Toolbar
Google Update Helper
HDRegNL
Hema Album Software Advanced
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infocentre Rev. 2.0
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Keyboard FIJI
Malwarebytes Anti-Malware versie 1.70.0.1100
Media Player
Microsoft-invoegtoepassing Opslaan als PDF of XPS voor 2007 Microsoft Office-programma's
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Nokia Connectivity Cable Driver
NVIDIA-configuratiescherm 306.97
NVIDIA Drivers
NVIDIA Grafisch stuurprogramma 306.97
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OGA Notifier 2.0.0048.0
OptimizerPro
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PDF Reader
Picasa 2
Picasa2
Realtek HD Audio V6.0.1.5618
Realtek High Definition Audio Driver
RegClean Pro
Safari
SaveAs
SaveAs 1.66
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
SetUp My PC
Skype 3.6.2.248
Skype™ 5.10
Spelling Dictionaries Support For Adobe Reader 8
Spotify
StuffIt Expander 2010
swMSM
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
ToggleDU Toolbar
TrafficExplorer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
vanBasco's Karaoke Player
VCRedistSetup
Video NVIDIA V163.96
VLC media player 1.1.11
Watchtower Library 2011 - Nederlands
Winamp
Winamp Applicatie Detect
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Searchqu Toolbar
Yontoo 1.12.02
.
==== End Of File ===========================
4
Hoi,

1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar het onderstaande indien aanwezig aangezien deze een dubieuze reputatie hebben.
Babylon toolbar on IE
BabylonObjectInstaller
BrowserCompanion
Delta Chrome Toolbar
Foxit Toolbar
SaveAs
SaveAs 1.66
ToggleDU Toolbar
Winamp Toolbar
Windows Searchqu Toolbar
Yontoo 1.12.02



2. Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles

    iedefaults;
    resetieproxy;
    {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1};c
    c:\program files\toggledu;fs
    {201f27d4-3704-41d6-89c1-aa35e39143ed};c
    c:\program files\askbardis;fs
    {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20};c
    c:\program files\winamp toolbar;fs
    {2EECD738-5844-4a99-B4B6-146BF802613B};c
    c:\program files\babylontoolbar;fs
    {30E89BA2-CDD0-EFAB-DCDC-A26AE9A48F50};c
    {FD72061E-9FDE-484D-A58A-0BAB4151CAD8};c
    c:\program files\yontoo;fs
    {3041d03e-fd4b-44e0-b742-2d9b88305f98};c
    {98889811-442D-49dd-99D7-DC866BE87DBC};c
    {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2};c
    {ae07101b-46d4-4a98-af68-0333ea26e113};c
    C:\Users\Abigail\AppData\LocalLow\bbrs_002.tb;fs
    C:\Users\Mitchell\AppData\LocalLow\bbrs_002.tb;fs
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}];r
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}];r
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}];r
    C:\Users\JaMir\Downloads\Moozy.exe;f
    C:\Users\JaMir\Downloads\MusicConverterSetup.exe;f
    C:\Users\JaMir\Downloads\SaveAs.exe;f
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
    "BabylonToolbar"=-;r
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows];r
    "AppInit_DLLs"="c:\progra~1\google\google~3\goec62~1.dll";r
    C:\fc6095b6783c76de4e2f7309f7;vs
    c:\programdata\BrowserProtect;fs
    c:\program files\Yontoo;fs
    c:\programdata\Tarma Installer;fs
    c:\program files\TornTV.com;fs
    startupall;
    filesrcm;
    
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
5
Hallo Maxstar
bij deze het logje van zoek.exe
vriendelijke groet
Joey


Zoek.exe Version 4.0.0.2 Beta Updated 27-02-2013
Tool run by JaMir on do 28-02-2013 at 0:18:43,24.
Windows Vista (TM) Home Premium 6.0.6002 Service Pack 2 x86 WMI=failure
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BabylonToolbar"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="c:\progra~1\google\google~3\goec62~1.dll"

==== Deleting Files \ Folders ======================

"C:\Users\JaMir\Downloads\Moozy.exe" not found
"C:\Users\JaMir\Downloads\MusicConverterSetup.exe" not found
"C:\Users\JaMir\Downloads\SaveAs.exe" not found
"c:\program files\askbardis" not found
"c:\program files\babylontoolbar" not found
"c:\program files\yontoo" not found
"C:\Users\Abigail\AppData\LocalLow\bbrs_002.tb" not found
"C:\Users\Mitchell\AppData\LocalLow\bbrs_002.tb" not found
"c:\program files\Yontoo" not found
"c:\program files\ToggleDU" deleted
"c:\program files\Winamp Toolbar" deleted
"c:\programdata\BrowserProtect" deleted
"c:\programdata\Tarma Installer" deleted
"c:\program files\TornTV.com" deleted

==== Folders Found In C:\fc6095b6783c76de4e2f7309f7 ======================

2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1025
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1028
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1029
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1030
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1031
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1032
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1033
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1035
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1036
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1037
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1038
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1040
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1041
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1042
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1043
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1044
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1045
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1046
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1049
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1053
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\1055
2013-02-13 02:43:31 d-----w- C:\fc6095b6783c76de4e2f7309f7\2052
2013-02-13 02:43:32 d-----w- C:\fc6095b6783c76de4e2f7309f7\2070
2013-02-13 02:43:32 d-----w- C:\fc6095b6783c76de4e2f7309f7\3076
2013-02-13 02:43:32 d-----w- C:\fc6095b6783c76de4e2f7309f7\3082
2013-02-13 02:43:32 d-----w- C:\fc6095b6783c76de4e2f7309f7\Graphics

==== Files Found In C:\fc6095b6783c76de4e2f7309f7 ======================

2012-09-10 07:18:40 10134 ----a-w- 5DFA8D3ABCF4962D9EC41CFC7C0F75E3 C:\fc6095b6783c76de4e2f7309f7\Graphics\stop.ico
2012-09-10 07:18:40 10134 ----a-w- B2B1D79591FCA103959806A4BF27D036 C:\fc6095b6783c76de4e2f7309f7\Graphics\warn.ico
2012-09-10 07:18:40 1150 ----a-w- 661CBD315E9B23BA1CA19EDAB978F478 C:\fc6095b6783c76de4e2f7309f7\Graphics\SysReqMet.ico
2012-09-10 07:18:40 1150 ----a-w- 7D62E82D960A938C98DA02B1D5201BD5 C:\fc6095b6783c76de4e2f7309f7\Graphics\Save.ico
2012-09-10 07:18:40 1150 ----a-w- 7E55DDC6D611176E697D01C90A1212CF C:\fc6095b6783c76de4e2f7309f7\Graphics\Print.ico
2012-09-10 07:18:40 1150 ----a-w- EE2C05CC9D14C29F586D40EB90C610A9 C:\fc6095b6783c76de4e2f7309f7\Graphics\SysReqNotMet.ico
2012-09-10 07:18:40 36710 ----a-w- 3D25D679E0FF0B8C94273DCD8B07049D C:\fc6095b6783c76de4e2f7309f7\Graphics\Setup.ico
2012-09-10 07:18:40 894 ----a-w- 26A00597735C5F504CF8B3E7E9A7A4C1 C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate1.ico
2012-09-10 07:18:40 894 ----a-w- 3B4861F93B465D724C60670B64FCCFCF C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate5.ico
2012-09-10 07:18:40 894 ----a-w- 70006BF18A39D258012875AEFB92A3D1 C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate6.ico
2012-09-10 07:18:40 894 ----a-w- 8419CAA81F2377E09B7F2F6218E505AE C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate2.ico
2012-09-10 07:18:40 894 ----a-w- 924FD539523541D42DAD43290E6C0DB5 C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate3.ico
2012-09-10 07:18:40 894 ----a-w- BB55B5086A9DA3097FB216C065D15709 C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate4.ico
2012-09-10 07:18:40 894 ----a-w- D1C53003264DCE4EFFAF462C807E2D96 C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate8.ico
2012-09-10 07:18:40 894 ----a-w- FB4DFEBE83F554FAF1A5CEC033A804D9 C:\fc6095b6783c76de4e2f7309f7\Graphics\Rotate7.ico
2012-09-10 07:21:06 99944 ----a-w- C83F0D0C87710BBD36EA5BCAE13B65B1 C:\fc6095b6783c76de4e2f7309f7\SetupUtility.exe
2012-09-10 07:21:32 16118 ----a-w- CD131D41791A543CC6F6ED1EA5BD257C C:\fc6095b6783c76de4e2f7309f7\DHtmlHeader.html
2012-09-10 07:21:32 196416 ----a-w- D475BBD6FEF8DB2DDE0DA7CCFD2C9042 C:\fc6095b6783c76de4e2f7309f7\sqmapi.dll
2012-09-10 07:21:32 30120 ----a-w- 2FADD9E618EFF8175F2A6E8B95C0CACC C:\fc6095b6783c76de4e2f7309f7\SetupUi.xsd
2012-09-10 07:34:02 78936 ----a-w- 54C5DC82DECFAED3A4A3EA32B5862CE5 C:\fc6095b6783c76de4e2f7309f7\Setup.exe
2012-09-10 07:34:04 810592 ----a-w- EB4F4CC565BA1B468585D43F7C834B26 C:\fc6095b6783c76de4e2f7309f7\SetupEngine.dll
2012-09-10 07:34:06 17512 ----a-w- 7140FFF355CCF3B0EC2D78F6E67CEC82 C:\fc6095b6783c76de4e2f7309f7\1025\SetupResources.dll
2012-09-10 07:34:06 296536 ----a-w- 0E83730C4DE1CAC327B4A6D72D97EFF7 C:\fc6095b6783c76de4e2f7309f7\SetupUi.dll
2012-09-10 07:34:08 14440 ----a-w- 3508FB06EDD049F4210ACA3E9B522E46 C:\fc6095b6783c76de4e2f7309f7\1028\SetupResources.dll
2012-09-10 07:34:08 14440 ----a-w- 3508FB06EDD049F4210ACA3E9B522E46 C:\fc6095b6783c76de4e2f7309f7\3076\SetupResources.dll
2012-09-10 07:34:10 18536 ----a-w- 630B5B8B7C3DAEBF3390A6DE13D82B8C C:\fc6095b6783c76de4e2f7309f7\1029\SetupResources.dll
2012-09-10 07:34:12 18536 ----a-w- A5DF60C1435EE416FE1C279DF9D6DA3D C:\fc6095b6783c76de4e2f7309f7\1030\SetupResources.dll
2012-09-10 07:34:14 19048 ----a-w- 8C5A8117DADCDF66870CD047FD5A03C8 C:\fc6095b6783c76de4e2f7309f7\1031\SetupResources.dll
2012-09-10 07:34:14 19560 ----a-w- F5299E01A208004004DC5A802F9703CA C:\fc6095b6783c76de4e2f7309f7\1032\SetupResources.dll
2012-09-10 07:34:16 17512 ----a-w- AA81FCC9B0C3B02EFCF977839C14BEAB C:\fc6095b6783c76de4e2f7309f7\1033\SetupResources.dll
2012-09-10 07:34:16 18536 ----a-w- DA76C03478CD9755CFEB9EC4EA94B2BB C:\fc6095b6783c76de4e2f7309f7\1035\SetupResources.dll
2012-09-10 07:34:18 17000 ----a-w- 97FC15E2BDB8CD35953F1DB3785893F4 C:\fc6095b6783c76de4e2f7309f7\1037\SetupResources.dll
2012-09-10 07:34:18 19048 ----a-w- 9497489F4447CBDDF94B14F5C8FF2E56 C:\fc6095b6783c76de4e2f7309f7\1036\SetupResources.dll
2012-09-10 07:34:20 15976 ----a-w- FA5CE7B1EF21D62ABCB37771A39D773C C:\fc6095b6783c76de4e2f7309f7\1041\SetupResources.dll
2012-09-10 07:34:20 18536 ----a-w- 8BC86087B16C27D19BCB94CF574844C1 C:\fc6095b6783c76de4e2f7309f7\1040\SetupResources.dll
2012-09-10 07:34:20 19048 ----a-w- 9C8242461D8D3BE2B995EF31D91F2903 C:\fc6095b6783c76de4e2f7309f7\1038\SetupResources.dll
2012-09-10 07:34:22 15464 ----a-w- 3E07196377CA4B23866C3C17DF6EB273 C:\fc6095b6783c76de4e2f7309f7\1042\SetupResources.dll
2012-09-10 07:34:22 19560 ----a-w- 67BCFCCAC1C25D7F6D19358A574A6BD2 C:\fc6095b6783c76de4e2f7309f7\1043\SetupResources.dll
2012-09-10 07:34:24 18024 ----a-w- 830A8D0D9614818A967C1DD649EE128D C:\fc6095b6783c76de4e2f7309f7\1044\SetupResources.dll
2012-09-10 07:34:24 18536 ----a-w- A77B81CD2D6DEF429BB36F49FFB6B6EF C:\fc6095b6783c76de4e2f7309f7\1045\SetupResources.dll
2012-09-10 07:34:26 18536 ----a-w- 606BACCB8A61689CE97A9923EA4654EE C:\fc6095b6783c76de4e2f7309f7\1046\SetupResources.dll
2012-09-10 07:34:26 19048 ----a-w- 85E3C016E136C5787B7AFEF6B530818A C:\fc6095b6783c76de4e2f7309f7\1049\SetupResources.dll
2012-09-10 07:34:28 14440 ----a-w- 63069B51879BA1A4563E6DED84B4A2D5 C:\fc6095b6783c76de4e2f7309f7\2052\SetupResources.dll
2012-09-10 07:34:28 18024 ----a-w- 313A5271041A1BC9E519989350BFE02C C:\fc6095b6783c76de4e2f7309f7\1053\SetupResources.dll
2012-09-10 07:34:28 18024 ----a-w- B97715B9AB71D1D6A04852BF82D51A07 C:\fc6095b6783c76de4e2f7309f7\1055\SetupResources.dll
2012-09-10 07:34:30 19048 ----a-w- 6E4CDE03732DE4E755E62B34F3BC7098 C:\fc6095b6783c76de4e2f7309f7\2070\SetupResources.dll
2012-09-10 07:34:32 19048 ----a-w- C9B9E4763A8179244EA84B4A9768F18F C:\fc6095b6783c76de4e2f7309f7\3082\SetupResources.dll
2012-09-10 07:59:10 10739712 ----a-w- 1CB9E6B0D64D06EF107FB13CEED8755E C:\fc6095b6783c76de4e2f7309f7\NDP40-KB2737019.msp
2012-09-10 08:02:04 36194 ----a-w- E25AFF3B2984CCA612A1846E5FD3A275 C:\fc6095b6783c76de4e2f7309f7\1033\LocalizedData.xml
2012-09-10 08:02:06 101146 ----a-w- A9C63441D1AB47F58C403EEAF52A00A7 C:\fc6095b6783c76de4e2f7309f7\1029\eula.rtf
2012-09-10 08:02:06 102048 ----a-w- 746A4F5435F4618CED8D6F7B0B2D02F2 C:\fc6095b6783c76de4e2f7309f7\1032\eula.rtf
2012-09-10 08:02:06 104072 ----a-w- B0075CEE80173D764C0237E840BA5879 C:\fc6095b6783c76de4e2f7309f7\watermark.bmp
2012-09-10 08:02:06 108174 ----a-w- 2326A1FC81D3DA5E480FA8FD55B7EECD C:\fc6095b6783c76de4e2f7309f7\3082\eula.rtf
2012-09-10 08:02:06 109464 ----a-w- 6C98D0504B36A293312AC28CCD9D4AA4 C:\fc6095b6783c76de4e2f7309f7\1030\eula.rtf
2012-09-10 08:02:06 109574 ----a-w- 2D3DD83E833D673A1F94C7851DBE2623 C:\fc6095b6783c76de4e2f7309f7\1046\eula.rtf
2012-09-10 08:02:06 110754 ----a-w- D10E19E48495D575AEF783EB208C5890 C:\fc6095b6783c76de4e2f7309f7\2052\eula.rtf
2012-09-10 08:02:06 110879 ----a-w- CE8D02225D9EDFC3871BA6D5C7D7E280 C:\fc6095b6783c76de4e2f7309f7\1038\eula.rtf
2012-09-10 08:02:06 111176 ----a-w- D35F8F3F64FE3AC0F749A9231B6FA5AF C:\fc6095b6783c76de4e2f7309f7\1035\eula.rtf
2012-09-10 08:02:06 111958 ----a-w- 1D40F1E3C1F2482C21BA0470D4862890 C:\fc6095b6783c76de4e2f7309f7\1041\eula.rtf
2012-09-10 08:02:06 112947 ----a-w- 630E94CA387C207EF4A7C92C5C067EEA C:\fc6095b6783c76de4e2f7309f7\1055\eula.rtf
2012-09-10 08:02:06 123035 ----a-w- 149865E9240691DB874B92E936A31173 C:\fc6095b6783c76de4e2f7309f7\1025\eula.rtf
2012-09-10 08:02:06 124974 ----a-w- E0DA829C5A6C3560BF8EECB30C43F133 C:\fc6095b6783c76de4e2f7309f7\1040\eula.rtf
2012-09-10 08:02:06 125073 ----a-w- 2B43234BA1A54531BC2951C5F3764700 C:\fc6095b6783c76de4e2f7309f7\1053\eula.rtf
2012-09-10 08:02:06 125196 ----a-w- 03665C024D4FC0750455CF34015704C4 C:\fc6095b6783c76de4e2f7309f7\2070\eula.rtf
2012-09-10 08:02:06 125351 ----a-w- A35FCA21DA3D13668B7F16822EE02B5F C:\fc6095b6783c76de4e2f7309f7\1037\eula.rtf
2012-09-10 08:02:06 126541 ----a-w- 6DE5F77FFE4918A606A7AF3A51092270 C:\fc6095b6783c76de4e2f7309f7\1045\eula.rtf
2012-09-10 08:02:06 128333 ----a-w- 86412329A18D6A2089A70579634C7150 C:\fc6095b6783c76de4e2f7309f7\1028\eula.rtf
2012-09-10 08:02:06 133172 ----a-w- 4E120D8774728595F4AEF6FE52297902 C:\fc6095b6783c76de4e2f7309f7\1036\eula.rtf
2012-09-10 08:02:06 13606 ----a-w- BF652381A3EDA1A846ACC09A28EB7B13 C:\fc6095b6783c76de4e2f7309f7\Strings.xml
2012-09-10 08:02:06 138595 ----a-w- D6E4379BD62ECF508B6103837097FA31 C:\fc6095b6783c76de4e2f7309f7\1033\eula.rtf
2012-09-10 08:02:06 149503 ----a-w- 78B5543503856369F9325A2F5F4B2E64 C:\fc6095b6783c76de4e2f7309f7\1042\eula.rtf
2012-09-10 08:02:06 196662 ----a-w- F683273DBD7230AAAE9166984F6CB2AC C:\fc6095b6783c76de4e2f7309f7\SplashScreen.bmp
2012-09-10 08:02:06 2060 ----a-w- 9D5F34F0F7761B543AB0C8896296922B C:\fc6095b6783c76de4e2f7309f7\3076\eula.rtf
2012-09-10 08:02:06 29416 ----a-w- C68F4980F5FC4BA6E6D1420A9E7684B7 C:\fc6095b6783c76de4e2f7309f7\ParameterInfo.xml
2012-09-10 08:02:06 35285 ----a-w- D126FD20576AF4643225D4AF7544C5F7 C:\fc6095b6783c76de4e2f7309f7\1043\eula.rtf
2012-09-10 08:02:06 36083 ----a-w- E50FDA0AEFC5DEB7A79D567D2B959CFF C:\fc6095b6783c76de4e2f7309f7\1044\eula.rtf
2012-09-10 08:02:06 36180 ----a-w- F660AA0BAFBDA872C4A3D9F335E3D378 C:\fc6095b6783c76de4e2f7309f7\UiInfo.xml
2012-09-10 08:02:06 3628 ----a-w- 514BFCD8DA66722A9639EB41ED3988B7 C:\fc6095b6783c76de4e2f7309f7\header.bmp
2012-09-10 08:02:06 49319 ----a-w- 1CCD56648B751A0E65171DD14040FBDF C:\fc6095b6783c76de4e2f7309f7\1049\eula.rtf
2012-09-10 08:02:06 91719 ----a-w- 4F1B0E74D09E93D689CA80497848895B C:\fc6095b6783c76de4e2f7309f7\1031\eula.rtf
2012-09-10 08:02:10 28812 ----a-w- 0D844DD0F82869C65AB853D4E55688EC C:\fc6095b6783c76de4e2f7309f7\1028\LocalizedData.xml
2012-09-10 08:02:10 28812 ----a-w- 0D844DD0F82869C65AB853D4E55688EC C:\fc6095b6783c76de4e2f7309f7\3076\LocalizedData.xml
2012-09-10 08:02:10 34508 ----a-w- B397D042A7C81A112D3643BE26184CBE C:\fc6095b6783c76de4e2f7309f7\1025\LocalizedData.xml
2012-09-10 08:02:10 36410 ----a-w- 3A782096337DA2A4977AF13345450A82 C:\fc6095b6783c76de4e2f7309f7\1030\LocalizedData.xml
2012-09-10 08:02:10 37106 ----a-w- 337B105FF3818D472D6C380FF7A5418C C:\fc6095b6783c76de4e2f7309f7\1029\LocalizedData.xml
2012-09-10 08:02:12 33418 ----a-w- D01B514AA991FBE24FBB3A28FCC247DA C:\fc6095b6783c76de4e2f7309f7\1037\LocalizedData.xml
2012-09-10 08:02:12 36456 ----a-w- EB85C3B3D7B9017D98F58B473EFD6C8E C:\fc6095b6783c76de4e2f7309f7\1035\LocalizedData.xml
2012-09-10 08:02:12 38066 ----a-w- 28863BF92782372F75D0B8E7CA56EA91 C:\fc6095b6783c76de4e2f7309f7\1036\LocalizedData.xml
2012-09-10 08:02:12 38082 ----a-w- 77071B38BF90A8AD3DDBA8664CFFCE4F C:\fc6095b6783c76de4e2f7309f7\1038\LocalizedData.xml
2012-09-10 08:02:12 38248 ----a-w- C797FB301B4430261B01313F68DCB258 C:\fc6095b6783c76de4e2f7309f7\1031\LocalizedData.xml
2012-09-10 08:02:12 39058 ----a-w- 2B41C656B826050235473FF352F22C00 C:\fc6095b6783c76de4e2f7309f7\1032\LocalizedData.xml
2012-09-10 08:02:14 30894 ----a-w- 9AE611CB9A96BABC2671800F363C615F C:\fc6095b6783c76de4e2f7309f7\1042\LocalizedData.xml
2012-09-10 08:02:14 31814 ----a-w- 47E60348846966BEC0E6A23F1C5B5678 C:\fc6095b6783c76de4e2f7309f7\1041\LocalizedData.xml
2012-09-10 08:02:14 36936 ----a-w- 4CA4F36A8FFFAB8BCCD98E610FDE460C C:\fc6095b6783c76de4e2f7309f7\1044\LocalizedData.xml
2012-09-10 08:02:14 37240 ----a-w- A76AD0F94AA996DC590AC89F6D542ABB C:\fc6095b6783c76de4e2f7309f7\1043\LocalizedData.xml
2012-09-10 08:02:14 37438 ----a-w- 0A0A786E9F268C8F3B30457E59B1942F C:\fc6095b6783c76de4e2f7309f7\1040\LocalizedData.xml
2012-09-10 08:02:14 37522 ----a-w- 62A410B7DC47B70B06F6B37470F5F629 C:\fc6095b6783c76de4e2f7309f7\1045\LocalizedData.xml
2012-09-10 08:02:16 28804 ----a-w- 15564264A770138091412E56D22E4174 C:\fc6095b6783c76de4e2f7309f7\2052\LocalizedData.xml
2012-09-10 08:02:16 36404 ----a-w- 837736EC9BB15B331D390F356A202260 C:\fc6095b6783c76de4e2f7309f7\1053\LocalizedData.xml
2012-09-10 08:02:16 36664 ----a-w- 3BEA06E7287EF443299930512B256CD3 C:\fc6095b6783c76de4e2f7309f7\1055\LocalizedData.xml
2012-09-10 08:02:16 36920 ----a-w- BDF4A0DC715A82243E219C68B677F476 C:\fc6095b6783c76de4e2f7309f7\1046\LocalizedData.xml
2012-09-10 08:02:16 37722 ----a-w- D3104DED174957369E748D19D9E95766 C:\fc6095b6783c76de4e2f7309f7\2070\LocalizedData.xml
2012-09-10 08:02:16 37784 ----a-w- E96295DE92B5AC7526929F5BCBE1017B C:\fc6095b6783c76de4e2f7309f7\1049\LocalizedData.xml
2012-09-10 08:02:18 37486 ----a-w- 5ECD1839C940BC3DEE4FBA1AEE589797 C:\fc6095b6783c76de4e2f7309f7\3082\LocalizedData.xml
2013-02-13 02:43:32 788 ---ha-w- DF7119A5D3CAEDA80BF0FB6F8E53DE8F C:\fc6095b6783c76de4e2f7309f7\$shtdwn$.req

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\JaMir\AppData\Local\Temp ====
2013-02-18 11:14:25 57BC8F4F1201610668773875A4484C1E 392784 ----a-w- C:\Users\JaMir\AppData\Local\Temp\uninst1.exe
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2013-02-27 01:28:38 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-13 12:24:38 74E2D020C47BB2B2FCCBA29A518A7EB4 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-05 13:23:31 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
====== C:\Windows\Tasks ======
2013-02-21 15:42:34 8A98AE83D866D5C34A62D1DE4D3179B8 406 ----a-w- C:\Windows\Tasks\ASO-OneClickCare.job
2013-02-21 15:42:34 0EACD1A9B006B7B879A2743FFC2C007E 436 ----a-w- C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2013-02-21 15:42:28 21E22321CFB31884191EB61D09892FA0 434 ----a-w- C:\Windows\Tasks\ASOService.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-02-21 16:36:27 -------- d-----w- C:\Program Files\Watchtower
2013-02-21 15:42:10 -------- d-----w- C:\Program Files\Advanced System Optimizer 3
======= C: =====
====== C:\Users\JaMir\AppData\Roaming ======
2013-02-13 10:14:16 -------- d-----w- C:\users\Default\AppData\Roaming\TuneUp Software
2013-02-13 10:14:16 -------- d-----w- C:\users\Default User\AppData\Roaming\TuneUp Software
2013-02-11 21:06:15 -------- d-----w- C:\users\Abigail\AppData\Roaming\AVG2013
2013-02-11 21:06:12 -------- d-----w- C:\users\Abigail\AppData\Local\Avg2013
2013-02-11 13:50:16 -------- d-----w- C:\users\JaMir\AppData\Roaming\BabSolution
2013-02-07 14:34:19 0DAB3D8A519DD8DF791AB73F28B98440 119888 ----a-w- C:\users\JaMir\AppData\Roaming\BabMaint.exe
2013-02-03 16:15:10 -------- d-----w- C:\users\JaMir\AppData\Roaming\AVG2013
2013-02-03 15:46:59 -------- d-----w- C:\users\JaMir\AppData\Local\MFAData
2013-02-03 15:46:59 -------- d-----w- C:\users\JaMir\AppData\Local\Avg2013
====== C:\Users\JaMir ======
2013-02-03 15:59:24 -------- d-----w- C:\ProgramData\AVG2013

====== C: exe-files ==
2013-02-23 13:41:36 8ED432533260AE1EBD44474F32FD00BD 8004960 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.97\25.0.1364.97_24.0.1312.57_chrome_updater.exe
2013-02-21 16:38:41 23DBABD0BF0AB337302D65F2FCBB5390 88984 ----a-w- C:\Program Files\Watchtower\Watchtower Library 2011\O\uninst.exe
2013-02-21 15:42:15 F5C77E7050E8D7D3548379E6D615B67E 1638696 ----a-w- C:\Program Files\Advanced System Optimizer 3\BeforeUninstall.exe
2013-02-21 15:42:15 F0E4F06EC2E24061262233AC27516C61 687400 ----a-w- C:\Program Files\Advanced System Optimizer 3\NewScheduler.exe
2013-02-21 15:42:15 E68CC56F1A4D53A3F8AEC40580B0F473 764200 ----a-w- C:\Program Files\Advanced System Optimizer 3\SystemAnalyzerAndAdvisor.exe
2013-02-21 15:42:15 CD93C08ACFE5B1543959F863954E87AA 252200 ----a-w- C:\Program Files\Advanced System Optimizer 3\StartupManager.exe
2013-02-21 15:42:15 BE9815B8849E73B32EFB7D7C8561E004 166184 ----a-w- C:\Program Files\Advanced System Optimizer 3\MemoryOptimizer.exe
2013-02-21 15:42:15 B27D111525DC903E3B1BAAB9924F2E5D 374056 ----a-w- C:\Program Files\Advanced System Optimizer 3\DiskDoctor.exe
2013-02-21 15:42:15 A0F377910CC935B2F2F1D4230029F298 2925352 ----a-w- C:\Program Files\Advanced System Optimizer 3\BackupManager.exe
2013-02-21 15:42:15 9BF36CEFF6A08B98008FDA6FF90C12E4 96040 ----a-w- C:\Program Files\Advanced System Optimizer 3\KillASOProcesses.exe
2013-02-21 15:42:15 98A48B95E825FDDABCF627D5AEB23815 312616 ----a-w- C:\Program Files\Advanced System Optimizer 3\DuplicateFilesRemover.exe
2013-02-21 15:42:15 8F5682A974E4EDA107676CE3B694B95C 582440 ----a-w- C:\Program Files\Advanced System Optimizer 3\SysFileBakRes.exe
2013-02-21 15:42:15 701C371D5E9CCEC1F2D98B8C4B1B6840 552744 ----a-w- C:\Program Files\Advanced System Optimizer 3\asodemo.exe
2013-02-21 15:42:15 5894939C8DD442848743FAF6FFDA17E4 353576 ----a-w- C:\Program Files\Advanced System Optimizer 3\SecureEncryptor.exe
2013-02-21 15:42:15 338982F69FE323E74A1C39FF41933B95 116520 ----a-w- C:\Program Files\Advanced System Optimizer 3\UninstallManager.exe
2013-02-21 15:42:15 2798B1221FC450D9D700CE26CBFA8DC9 903976 ----a-w- C:\Program Files\Advanced System Optimizer 3\DiskExplorer.exe
2013-02-21 15:42:15 0EEB67ADA5F7967EFAA585DA9A351DC4 1469736 ----a-w- C:\Program Files\Advanced System Optimizer 3\SystemCleaner.exe
2013-02-21 15:42:14 FD0FC78EFBBC22A2871A5DDBEEDD81C5 74472 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\amd64\DriverRestore.exe
2013-02-21 15:42:14 FC1F1EF1D859651E8E9E575A95FC44C1 48936 ----a-w- C:\Program Files\Advanced System Optimizer 3\VolumeControl64.exe
2013-02-21 15:42:14 F31A3ECED7E2B5C6E225D36CDA313CB7 87384 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\win7amd64\DriverRestore.exe
2013-02-21 15:42:14 E0797476345825CFA2336DB4C3697940 1205544 ----a-w- C:\Program Files\Advanced System Optimizer 3\SecureDelete.exe
2013-02-21 15:42:14 DBE9EC9DA321A17E466973D445A87AB5 264488 ----a-w- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv64.exe
2013-02-21 15:42:14 D2B8727E3D2B16718A2D4EB5996DF8A9 71464 ----a-w- C:\Program Files\Advanced System Optimizer 3\DefragServiceManager.exe
2013-02-21 15:42:14 CBEBC1F5C6685D718E44EF560CA067E0 49960 ----a-w- C:\Program Files\Advanced System Optimizer 3\VolumeControl.exe
2013-02-21 15:42:14 96A32B71200D3FF6AE1EB82809DDB56D 99624 ----a-w- C:\Program Files\Advanced System Optimizer 3\GameOptimizer.exe
2013-02-21 15:42:14 8807F8BBD20EF7813507E7942EEC112A 47912 ----a-w- C:\Program Files\Advanced System Optimizer 3\launcher.exe
2013-02-21 15:42:14 828DD984B80652F1599DE624B4C11EA5 283648 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\amd64Helper\DriverUpdateHelper64.exe
2013-02-21 15:42:14 7B200EB160B0677EDDA695D37D98C662 81640 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\vista\DriverRestore.exe
2013-02-21 15:42:14 781D044D0DE7B9BD9CCF8CC54D7EB16E 60136 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\xp\DriverRestore.exe
2013-02-21 15:42:14 6DC761D3ACA7B092E5A22A8C511434CE 3245352 ----a-w- C:\Program Files\Advanced System Optimizer 3\CheckUpdate.exe
2013-02-21 15:42:14 6A2231C200CD45E5E23587460406D11F 37672 ----a-w- C:\Program Files\Advanced System Optimizer 3\GOHelper.exe
2013-02-21 15:42:14 639A9547B1C242B07B9E7388F68F5470 154344 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\extract\7z.exe
2013-02-21 15:42:14 5C615CAF9190E5BD845B551C50DB20E7 3242280 ----a-w- C:\Program Files\Advanced System Optimizer 3\ASO3.exe
2013-02-21 15:42:14 519190BED69D681BFDC791B6819F6437 308520 ----a-w- C:\Program Files\Advanced System Optimizer 3\DiskOptimizer.exe
2013-02-21 15:42:14 2C0D3B856C0DFE8B9142B4CCC4A219E5 318248 ----a-w- C:\Program Files\Advanced System Optimizer 3\GameOptLauncher.exe
2013-02-21 15:42:14 2B4794E4FDE9D528FD8D5073D1639DA9 241448 ----a-w- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
2013-02-21 15:42:14 1F9BE192D48783CF7AD01E264DA0D2E7 477480 ----a-w- C:\Program Files\Advanced System Optimizer 3\Undelete.exe
2013-02-21 15:42:14 1E00CD11C776E8B93CD2136DD62250C4 1444648 ----a-w- C:\Program Files\Advanced System Optimizer 3\DriverUpdater.exe
2013-02-21 15:42:14 119FA5FC3A9CFD33C5B418F12650AFCB 83288 ----a-w- C:\Program Files\Advanced System Optimizer 3\updater\win7i386\DriverRestore.exe
2013-02-21 15:42:14 0774A6FADE35D8A450648417921DA126 374568 ----a-w- C:\Program Files\Advanced System Optimizer 3\GameOptLauncher64.exe
2013-02-21 15:42:14 005501B01E1C9FA9D778AD116417E7C7 20776 ----a-w- C:\Program Files\Advanced System Optimizer 3\PTBWin7.exe
2013-02-21 15:42:13 CA6EFD7C756404646F67C3A5BDD114CE 64808 ----a-w- C:\Program Files\Advanced System Optimizer 3\RequireAdministrator.exe
2013-02-21 15:42:13 A88C179D13EE1A4D69559639428424C6 1534760 ----a-w- C:\Program Files\Advanced System Optimizer 3\PrivacyProtector.exe
2013-02-21 15:42:13 95A15D01E60F2F9B3F886D189F5A914B 1263400 ----a-w- C:\Program Files\Advanced System Optimizer 3\PCFixer.exe
2013-02-21 15:42:13 2A1E93573D927EB1F5CC9D038FC23044 64808 ----a-w- C:\Program Files\Advanced System Optimizer 3\AsInvoker.exe
2013-02-21 15:42:13 24034E293CD833C4344E7D52FA6E6E1F 89896 ----a-w- C:\Program Files\Advanced System Optimizer 3\HighestAvailable.exe
2013-02-21 15:42:10 E180447EC237071C801003CD7C66CB54 1185541 ----a-w- C:\Program Files\Advanced System Optimizer 3\unins000.exe
2013-02-21 15:35:24 73BE2813C0517F625CAF29F8124A5E39 4260472 ----a-w- C:\Program Files\AVG\AVG2013\avgcremx.exe
=== C: other files ==
2013-02-27 23:19:27 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scripttest.vbs
2013-02-27 22:34:55 16ACF826C33EEA8DF9776B593EFF5D29 2538931 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_4984_1891\ocoombckbcnabpaghmokhaapnbngahck.crx
2013-02-27 21:35:54 16ACF826C33EEA8DF9776B593EFF5D29 2538931 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_5672_23099\ocoombckbcnabpaghmokhaapnbngahck.crx
2013-02-27 21:02:18 16ACF826C33EEA8DF9776B593EFF5D29 2538931 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_5908_16512\ocoombckbcnabpaghmokhaapnbngahck.crx
2013-02-27 21:01:13 88AA1FDC7F4E98DA418D738D3FAFDE27 5758 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_5908_16225\YontooLayers.crx
2013-02-27 02:06:02 16ACF826C33EEA8DF9776B593EFF5D29 2538931 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_3136_23251\ocoombckbcnabpaghmokhaapnbngahck.crx
2013-02-27 02:04:56 88AA1FDC7F4E98DA418D738D3FAFDE27 5758 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_3136_23039\YontooLayers.crx
2013-02-27 01:28:38 629CABB0421668C9D3D402A3C3D77E14 21104 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-26 21:31:34 F165F157502354CE13E4C9AF99A44F57 86827 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_4120_2248\BabylonChrome1.crx
2013-02-22 12:57:57 16ACF826C33EEA8DF9776B593EFF5D29 2538931 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_2692_18209\ocoombckbcnabpaghmokhaapnbngahck.crx
2013-02-22 12:56:52 88AA1FDC7F4E98DA418D738D3FAFDE27 5758 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_2692_18000\YontooLayers.crx
2013-02-22 12:55:48 F165F157502354CE13E4C9AF99A44F57 86827 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_2692_17791\BabylonChrome1.crx
2013-02-20 23:53:12 16ACF826C33EEA8DF9776B593EFF5D29 2538931 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_4796_8291\ocoombckbcnabpaghmokhaapnbngahck.crx
2013-02-20 23:52:08 88AA1FDC7F4E98DA418D738D3FAFDE27 5758 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_4796_8082\YontooLayers.crx
2013-02-20 23:51:04 F165F157502354CE13E4C9AF99A44F57 86827 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_4796_7873\BabylonChrome1.crx
2013-02-20 23:44:21 88AA1FDC7F4E98DA418D738D3FAFDE27 5758 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_3576_6557\YontooLayers.crx
2013-02-20 23:43:17 F165F157502354CE13E4C9AF99A44F57 86827 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_3576_6348\BabylonChrome1.crx
2013-02-20 23:42:13 19C6FFD542EA60735987919BC21EC7B7 99359 ----a-w- C:\Users\JaMir\AppData\Local\Temp\scoped_dir_3576_6139\blabbers-ch.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe"
"WPCUMI"="C:\Windows\system32\WpcUmi.exe"
"Skytel"="Skytel.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbar_eula_launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="toolbar_eula_launcher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Packard Bell\\GOOGLE_EULA\\EULALauncher.exe"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"MSNUpdateServices"="C:\\Users\\Public\\S-3685-5437-5687\\winsrvn.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""


==== Startup Folders ======================

2011-10-06 13:31:36 1118 ----a-w- C:\users\Abigail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2009-10-13 09:59:36 1118 ----a-w- C:\users\JaMir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2010-01-19 15:41:44 1661 ----a-w- C:\users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
2010-01-01 16:15:59 1118 ----a-w- C:\users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-02-2013 21:09]
C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job --a------ C:=C:=C:\Program Files\Advanced System Optimizer 3\CheckUpdate.exe []
C:\Windows\tasks\ASO-OneClickCare.job --a------ C:\Program Files\Advanced System Optimizer 3\ASO3.exe [06-02-2013 15:01]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11-11-2012 03:25]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11-11-2012 03:25]
C:\Windows\tasks\RegClean Prosch.job --a------ C:\Program Files\RegClean Pro\RegCleanPro.exe [21-09-2012 12:04]
C:\Windows\tasks\RegClean Pro_DEFAULT.job --a------ C:\Program Files\RegClean Pro\RegCleanPro.exe [21-09-2012 12:04]
C:\Windows\tasks\Uitgebreide garantie-JaMir.job --a------ C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [04-02-2008 10:13]
C:\Windows\tasks\{60CBD2DF-5155-43E8-A024-B442E542D582}.job --ah----- C:\ProgramData\CloudSoft\OptimizerPro\OptimizerPro.exe [07-01-2013 20:53]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.babylon.com/?babsrc=HP_def_go"
"bProtector Start Page"="http://www.delta-search.com/?affID=1197 ... 1e904c7c28"
"Search Page"="http://feed.snap.do/?publisher=QuickObr ... earchTerms}"
"Default_Page_URL"="http://go.packardbell.com/?id=9152"
"Search Bar"="http://feed.snap.do/?publisher=QuickObr ... earchTerms}"
"Default_Search_URL"="http://www.google.com/ie"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.sweetim.com/?crg=3.1010000. ... 1E904C7C28}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="http://feed.snap.do/?publisher=QuickObr ... earchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://search.babylon.com/?babsrc=SP_ss ... ffID=19405"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://feed.snap.do/?publisher=QuickObr ... earchTerms}"
"Default_Search_URL"="http://feed.snap.do/?publisher=QuickObr ... earchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"bProtector Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{006ee092-9658-4fd6-bd8e-a21a348e59f5} Web Search Url="http://feed.snap.do/?publisher=QuickObr ... earchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=IEFM1&q ... rer:source?}"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="http://www.delta-search.com/?q={searchT ... 1e904c7c28"
{1F096B29-E9DA-4D64-8D63-936BE7762CC5} Search the web (Babylon) Url="http://search.babylon.com/?babsrc=SP_ss ... ffID=19405"
{42730FC0-DB2F-4C81-8C05-DA4C7D88A4E6} Yahoo//nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=966134&p={searchTerms}"
{48C79FF2-3687-48E6-AA27-473AEEBC33AB} WiseConvert 1.4 Customized Web Search Url="http://search.conduit.com/ResultsExt.as ... =CT3242338"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... urceid=ie7"
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="Not_Found"
{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Search Results Url="http://dts.search-results.com/sr?src=ie ... earchTerms}"
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408} Search Results Url="http://dts.search-results.com/sr?src=ie ... earchTerms}"
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Search Results Url="http://dts.search-results.com/sr?src=ie ... earchTerms}"
{CF739809-1C6C-47C0-85B9-569DBB141420} Ask Search Url="http://toolbar.ask.com/toolbarv/askRedi ... oolbar=FXT"
{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} MyStart Search Url="http://mystart.incredibar.com/mb174/?se ... TYGqJ&i=26"
{EEE6C360-6118-11DC-9C72-001320C79847} SweetIM Search Url="http://search.sweetim.com/search.asp?sr ... 1E904C7C28}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:33921"
"ProxyOverride"="<local>;*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000
6
Hoi,

Start Zoek.exe nogmaals.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles

    C:\users\JaMir\AppData\Roaming\BabSolution;fs
    C:\users\JaMir\AppData\Roaming\BabMaint.exe;f
    autoclean;
    
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
7
Hoi Maxstar
bij deze het Zoek.exe - logje.
Overigens doet Internet het weer op de betreffende pc.
Of het nu komt door het verwijderen van de programma's (Babylon toolbar, en Objectinstaller t/m Yontoo 1.12.02 etc.) of door de instructies in zoek.exe weet ik niet.
Bovendien is m'n pc weer sneller geworden.
Vriendelijke groet
Joey


Zoek.exe Version 4.0.0.2 Beta Updated 28-02-2013
Tool run by JaMir on do 28-02-2013 at 14:44:39,94.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected

==== Creating Sample_28-02-2013_1448.zip ======================

Process chrome.exe killed
Copied file C:\Users\JaMir\AppData\Roaming\BabMaint.exe to sample
sample\BabMaint.exe renamed to 0DAB3D8A519DD8DF791AB73F28B98440

C:\Users\Public\Desktop\sample_28-02-2013_1448.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{48C79FF2-3687-48E6-AA27-473AEEBC33AB} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2408} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully
HKEY_USERS\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default

---- Lines delta removed from prefs.js ----


---- Lines delta modified from prefs.js ----


---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "6aaaed5d000000000000001e904c7c28");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15748");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.01:09:27");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines incredibar removed from prefs.js ----


---- Lines incredibar modified from prefs.js ----


---- Lines incredibar removed from user.js ----


---- Lines babylon removed from prefs.js ----


---- Lines babylon modified from prefs.js ----


---- Lines babylon removed from user.js ----


---- Lines SweetIM removed from prefs.js ----

user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("browser.startup.homepage", "http://home.sweetim.com/?crg=3.1010000. ... 1E904C7C28}");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000. ... 1E904C7C28}");

---- Lines SweetIM modified from prefs.js ----


---- Lines SweetIM removed from user.js ----


---- Lines 462be121-2b54-4218-bf00-b9bf8135b23f removed from prefs.js ----


---- Lines 462be121-2b54-4218-bf00-b9bf8135b23f modified from prefs.js ----


---- Lines 462be121-2b54-4218-bf00-b9bf8135b23f removed from user.js ----


---- FireFox user.js and prefs.js backups ----

user_28-02-2013_1450_.backup
prefs_28-02-2013_1450_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\users\JaMir\AppData\Roaming\BabMaint.exe" deleted
"C:\user.js" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\searchplugins\delta.xml" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\searchplugins\sweetim.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted
"C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences" deleted
"C:\Windows\tasks\RegClean Prosch.job" deleted
"C:\Windows\tasks\RegClean Pro_DEFAULT.job" deleted
"C:\Windows\tasks\RegClean Pro_UPDATES.job" deleted
"C:\user.js" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\bProtector_extensions.sqlite" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\bProtector_prefs.js" deleted
"C:\Users\Public\Desktop\RegClean Pro.lnk" deleted
"C:\Windows\system32\roboot.exe" deleted
"C:\Users\JaMir\AppData\Roaming\BabMaint.exe" deleted
"C:\ProgramData\CloudSoft\OptimizerPro\OptimizerPro.exe" deleted
"C:\users\JaMir\AppData\Roaming\BabSolution" deleted
"C:\Program Files\RegClean Pro" deleted
"C:\Program Files\Optimizer Pro" deleted
"C:\Program Files\Conduit" deleted
"C:\Users\JaMir\AppData\Roaming\BrowserCompanion" deleted
"C:\Users\JaMir\AppData\Roaming\BabSolution" deleted
"C:\Users\JaMir\AppData\Roaming\Babylon" deleted
"C:\Users\JaMir\AppData\Roaming\Systweak" deleted
"C:\Users\JaMir\AppData\Roaming\YourFileDownloader" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\ProgramData\CloudSoft" not deleted
"C:\ProgramData\Cloud Software LTD" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\SaveAs" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro" deleted
"C:\Users\JaMir\AppData\Local\CRE" deleted
"C:\Users\JaMir\AppData\Local\SwvUpdater" deleted
"C:\Users\JaMir\AppData\Local\Smartbar" deleted
"C:\Users\JaMir\AppData\Local\Conduit" deleted
"C:\Users\JaMir\AppData\LocalLow\BabylonToolbar" deleted
"C:\Users\JaMir\AppData\LocalLow\DataMngr" deleted
"C:\Users\JaMir\AppData\LocalLow\Incredibar.com" deleted
"C:\Users\JaMir\AppData\LocalLow\PriceGong" deleted
"C:\Users\JaMir\AppData\LocalLow\searchquband" deleted
"C:\Users\JaMir\AppData\LocalLow\Conduit" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\ffxtlbr@incredibar.com" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}" deleted
"C:\ProgramData\CloudSoft\OptimizerPro" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default
- Undetermined - C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension
- SaveAs - %ProfilePath%\extensions\50f7469f4c595@50f7469f4c5ce.com
- Winamp Toolbar - %ProfilePath%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default
F950066F07AD4952B291BF712BA40367 - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll - Winamp Application Detector
42BA7372C3A5E7EFBEC986045CD1C102 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
3FCF47BD73094FA62D81373515F46110 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
C953747215143628D3724340FAF73BD4 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.220.4
3ED8E561044723C6039A8A20A3AE60CC - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U22
CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility
B16EC84E06F26B8B85800F3B07B8D757 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
DBE8C34758DA614F35AE7011284406BB - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll - downloadUpdater2
323FE218DAC089EED70CA55E6C1C2F1D - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll - downloadUpdater
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Deleting Files \ Folders ======================

"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\50f7469f4c595@50f7469f4c5ce.com" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bodddioamolcibagionmmobehnbhiakf - C:\Program Files\BrowserCompanion\blabbers-ch.crx[]
dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]
ocoombckbcnabpaghmokhaapnbngahck - C:\Users\JaMir\AppData\Local\CRE\ocoombckbcnabpaghmokhaapnbngahck.crx[]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ocoombckbcnabpaghmokhaapnbngahck - C:\Users\JaMir\AppData\Local\CRE\ocoombckbcnabpaghmokhaapnbngahck.crx[]

Ginyas Browser Companion - Abigail - Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Torntv 2 - Abigail - Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Yontoo - Abigail - Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
WhiteSmoke US New E1 - JaMir - Default\Extensions\ocoombckbcnabpaghmokhaapnbngahck
Ginyas Browser Companion - Mitchell - Default\Extensions\bodddioamolcibagionmmobehnbhiakf

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=IEFM1&q ... rer:source?}"
{42730FC0-DB2F-4C81-8C05-DA4C7D88A4E6} Yahoo//nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=966134&p={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck deleted successfully

==== Empty IE Cache ======================

C:\Users\Abigail\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Abigail\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Abigail\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Abigail\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JaMir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\JaMir\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitchell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitchell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Mitchell\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitchell\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser.PC_van_JanMir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JaMir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\cache emptied successfully
C:\users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\Mitchell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JaMir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\JaMir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\ProgramData\CloudSoft" not found
8
Hoi,

Mooi dat dit alvast is gelukt en dat de problemen opgelost zijn, maar voer Zoek.exe nogmaals uit.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles

    C:\Users\Public\Desktop\sample_28-02-2013_1448.zip;f
    C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\50f7469f4c595@50f7469f4c5ce.com;f
    C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f};fs
    C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\torntv2@torntv.com.xpi;f
    
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
9
Hallo Maxstar
bij deze het logje
vriendelijke groet
Joey

Zoek.exe Version 4.0.0.2 Updated 01-March-2013
Tool run by JaMir on vr 01-03-2013 at 14:16:13,79.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected

==== Deleting Files \ Folders ======================

"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\50f7469f4c595@50f7469f4c5ce.com" not found
"C:\Users\Public\Desktop\sample_28-02-2013_1448.zip" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\torntv2@torntv.com.xpi" deleted
"C:\Users\JaMir\AppData\Roaming\Mozilla\Firefox\Profiles\lo709thj.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}" deleted
10
Hoi,

Voer nu ter controle nog eens een scan uit met HitmanPro.

Download de 32 of 64 bit versie van HitmanPro naar het bureaublad. Klik hier voor een uitgebreide handleiding van HitmanPro.
  • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
  • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
  • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
  • Als de scan klaar is klik je op "volgende"
  • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
  • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
  • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
    Post dit logje.
  • Klik nu op de knop "Herstarten".
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
11
Hallo Maxstar
bij deze het logje van HitmanPro
vriendelijke groet
Joey

Code: Selecteer alles

HitmanPro 3.7.2.190
www.hitmanpro.com

   Computer name . . . . : PC_VAN_JANMIR
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : PC_van_JanMir\JaMir
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-03-02 01:06:08
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 71

   Objects scanned . . . : 2.145.226
   Files scanned . . . . : 98.404
   Remnants scanned  . . : 543.933 files / 1.502.889 keys

Malware _____________________________________________________________________

   C:\Program Files\PDFReader\Uninstall\Uninstall.exe -> Quarantined
      Size . . . . . . . : 1.107.336 bytes
      Age  . . . . . . . : 298.4 days (2012-05-07 14:55:41)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 07DC114841193E2C0B14B6923D62C90228B8EC90ECA853DCEBE5FA55E959EBCA
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > G Data . . . . . . : Spyware.24860 (Engine A)
      Fuzzy  . . . . . . : 99.0
      References
         C:\Users\JaMir\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader\Uninstall PDF Reader.lnk


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\ (Adware.MyWebSearch) -> Deleted

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Babylon\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
   HKLM\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKU\S-1-5-21-345989333-996992097-341413019-1000\Software\Datamngr\ (SearchQU)
   HKU\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro)
   HKU\S-1-5-21-345989333-996992097-341413019-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)

Cookies _____________________________________________________________________

   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.scholieren.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.bigboxnet.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:ssp-csync.smartadserver.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Abigail\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cineble.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.fhserve.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:adverteerdirect.nl
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ohra.adservinginternational.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\JaMir\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com


13
Hoi Maxstar
alles werkt weer naar behoren
zeer bedankt voor je professionele hulp.
Ik heb welliswaar AVG-pro tot morgen op proef, en fix regcleaner gekocht, maar ondanks dat heb jij veel meer problemen eruit gehaald.
Ik kan toch beter met regelmaat bij jou terecht voor een algemene schoonmaakbeurt ?
Ik betaal liever hiervoor dan programma's die veel beloven maar wel wat ellende doorlaten.
Bij deze zal ik een donatie doen, nogmaals bedankt.
Groet

Joey
14
Hoi,

Graag gedaan en mooi dat er geen problemen meer zijn... :good:
En natuurlijk hartelijk dank voor de donatie.
Wat betreft "Fix RegCleaner" veroorzaken dit soort tools vaak meer problemen dan dat deze goed doen aangezien ze vaak als een olifant in de zogenaamde porseleinkast te werk gaan.
Hoi Zie ook het artikel Registercleaners: informatie over het gebruik en de gevolgen

Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
  • Zoek.exe
  • DDS

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Volledige systeemscan
Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma. Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software

2.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
  • Hoe u de herstelpunten verwijderd leest u hier
3.) Wachtwoorden wijzigen
De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
Meer informatie hierover leest u hier

4.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

5.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.
Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.
Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
15
Dank Maxstar voor je heldere uitleg.
Ik ga morgen rustig al je adviezen uitvoeren.
Ik laat weten als alles gedaan is. Mocht ik nog vragen hebben neem ik graag weer contact op
Vriendelijke groet en fijn weekend verder

Joey
Gesloten

Terug naar “Hulp bij malware problemen, adware, ongewenste software en een trage computer”