gekaapt/logjes

• 

  Ronald

  26-10-2013 17:34

  Ik heb problemen met steeds terugkomende popups. Begon met yieldmanager maar volgens mij zijn het er meerdere.

  Via sites allerlei bekende programma's gedownload en ook bij iE heb ik popups geblokkeerd maar ze komen maar terug.

  MBAM en spybot vinden steeds cookies die ik delete maar de handel blijft maar doorgaan.

  Ik ben al 2 dagen bezig, en nu ben ik het eigenlijk een beetje zat.

  Hier mijn logs:

  Adwcleaner:

  (beetje vreemd log)

  # AdwCleaner v3.010 - Report created 26/10/2013 at 17:22:00

  # Updated 20/10/2013 by Xplode

  # Operating System : Windows 8 (64 bits)

  # Username : Ronald - ERJEBE

  # Running from : C:\Users\Ronald\Downloads\adwcleaner (2).exe

  # Option : Scan

  ***** *****

  ***** *****

  File Found : C:\Windows\System32\Tasks\ProtectedSearch

  ***** *****

  ***** *****

  Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

  ***** *****

  -\\ Internet Explorer v10.0.9200.16537

  -\\ Mozilla Firefox v20.0 (nl)

  *************************

  AdwCleaner.txt - -

  ########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########

  Hijack this:

  Logfile of Trend Micro HijackThis v2.0.5

  Scan saved at 16:45:25, on 26-10-2013

  Platform: Unknown Windows (WinNT 6.02.1008)

  MSIE: Internet Explorer v10.0 (10.00.9200.16537)

  FIREFOX: 20.0 (nl)

  Boot mode: Normal

  Running processes:

  C:\Program Files (x86)\Launch Manager\LManager.exe

  J:\Fender FUSE\Fender FUSE\FUSELauncher.exe

  J:\Fender FUSE\Fender FUSE\FUSEServer.exe

  C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

  C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

  C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe

  C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe

  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

  C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

  C:\Program Files (x86)\AVG\AVG2014\avgui.exe

  I:\Utils\PowerISO\PWRISOVM.EXE

  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

  E:\Itunes\iTunesHelper.exe

  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

  I:\Mozilla Firefox\firefox.exe

  I:\Mozilla Firefox\plugin-container.exe

  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

  H:\dcpp\DCPlusPlus.exe

  C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

  C:\Program Files (x86)\AVG\AVG2014\avgcsrvx.exe

  C:\Users\Ronald\Desktop\securety\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  F2 - REG:system.ini: UserInit=userinit.exe

  O1 - Hosts: ::1 localhost

  O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

  O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - H:\Video Converter Ultimate\SVRIEPlugin.dll

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

  O2 - BHO: qualitink - {73ad5d47-66e5-4127-80ca-c0eedabafbcc} - C:\Program Files (x86)\qualitink\qualitinkBHO.dll

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

  O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

  O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin

  O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

  O4 - HKLM\..\Run: I:\Utils\PowerISO\PWRISOVM.EXE -startup

  O4 - HKLM\..\Run: “H:\Quicktime\QTTask.exe” -atboottime

  O4 - HKLM\..\Run: H:\Video Converter Ultimate\BrowserPlugInHelper.exe

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”

  O4 - HKLM\..\Run: “E:\Itunes\iTunesHelper.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

  O4 - HKCU\..\Run: “F:\Adobe\Acrobat\Acrobat\AdobeCollabSync.exe”

  O4 - HKCU\..\Run: I:\Utils\superantispyware\SUPERAntiSpyware.exe

  O4 - HKCU\..\Run: “C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe”

  O4 - HKCU\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe” /autoclean

  O4 - HKLM\..\Policies\Explorer\Run: “C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe”

  O4 - HKUS\S-1-5-18\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘SYSTEM’)

  O4 - HKUS\.DEFAULT\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘Default user’)

  O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

  O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

  O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

  O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

  O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

  O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

  O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

  O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

  O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

  O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

  O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

  O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

  O11 - Options group: Accelerated graphics

  O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

  O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - I:\Utils\superantispyware\SASCORE64.EXE

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe

  O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

  O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

  O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

  O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe

  O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

  O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

  O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

  O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

  O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

  O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

  O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

  O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - G:\Video\Freemake\CaptureLib\CaptureLibService.exe

  O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

  O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

  O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

  O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe

  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

  O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

  O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

  O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

  O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  O23 - Service: Update qualitink - qualitink - C:\Program Files (x86)\qualitink\updatequalitink.exe

  O23 - Service: Util qualitink - qualitink - C:\Program Files (x86)\qualitink\bin\utilqualitink.exe

  O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

  O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

  O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

  O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

  –

  End of file - 15815 bytes

  Rapporteren
• 

  Ben

  26-10-2013 17:58

  Hallo,

  Download

  

  Zoek.zip naar het bureaublad.

  Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

  Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

  Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".

  Dubbelklik vervolgens op Zoek.exe om de tool te starten.

  Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

  Kopieer nu onderstaande code en plak die in het grote invulvenster:

  Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  firefoxlook;

  emptyclsid;

  emptyfolderscheck;delete

  resethosts;

  C:\Program Files (x86)\qualitink;fs

  C:\Program Files (x86)\Common Files\Wondershare;fs

  ;r

  “Wondershare Helper Compact.exe”=-;r

  chromelook;

  standardsearch;

  filesrcm;

  autoclean;

  startupall;

  Klik nu op de knop "Run script".

  Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  Post het geopende logje in het volgende bericht.

  Rapporteren
• 

  Ronald

  26-10-2013 18:00

  Zetb er ook een MBAM logje bij:

  Malwarebytes Anti-Malware 1.75.0.1300

  www.malwarebytes.org

  Databaseversie: v2013.10.25.06

  Windows 8 x64 NTFS

  Internet Explorer 10.0.9200.16721

  Ronald :: ERJEBE

  26-10-2013 17:50:00

  mbam-log-2013-10-26 (17-50-00).txt

  Scan type: Snelle scan

  Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scan opties: P2P

  Objecten gescand: 211983

  Verstreken tijd: 6 minuut/minuten, 36 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 1

  C:\Program Files (x86)\qualitink\qualitinkBHO.dll (Adware.Superweb) -> Zal worden verwijderd tijdens het herstarten.

  Registersleutels gedetecteerd: 7

  HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\CLSID\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} (Adware.Superweb) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\TypeLib\{94DC4AA7-8299-4D7D-8F4D-48ACF05E08BA} (Adware.Superweb) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCR\Interface\{5A5776B9-C752-4AFE-81AF-2ABDD19E05A0} (Adware.Superweb) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> Succesvol in quarantaine geplaatst en verwijderd.

  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} (Adware.Superweb) -> Succesvol in quarantaine geplaatst en verwijderd.

  Registerwaarden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Mappen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 2

  C:\Program Files (x86)\qualitink\qualitinkBHO.dll (Adware.Superweb) -> Zal worden verwijderd tijdens het herstarten.

  C:\Users\Ronald\Downloads\Games_Of_Thrones_Season_1,_2_and_3_COMPLETE_x264_Mixed.exe (PUP.Optional.OneClickDownloader.A) -> Succesvol in quarantaine geplaatst en verwijderd.

  (einde)

  Rapporteren
• 

  ronald

  26-10-2013 18:37

  het zoek.me log:

  Zoek.exe Version 4.0.0.5 Updated 26-October-2013

  Tool run by Ronald on za 26-10-2013 at 18:17:03,93.

  Microsoft Windows 8 6.2.9200 x64

  Running in: Normal Mode Internet Access Detected

  Launched: C:\Users\Ronald\Desktop\zoek.scr

  ==== System Restore Info ======================

  26-10-2013 18:17:41 Zoek.exe System Restore Point Created Succesfully.

  ==== Reset Hosts File ======================

  # Copyright © 1993-2006 Microsoft Corp.

  #

  # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

  #

  # This file contains the mappings of IP addresses to host names. Each

  # entry should be kept on an individual line. The IP address should

  # be placed in the first column followed by the corresponding host name.

  # The IP address and the host name should be separated by at least one

  # space.

  #

  # Additionally, comments (such as these) may be inserted on individual

  # lines or following the machine name denoted by a ‘#’ symbol.

  #

  # For example:

  #

  # 102.54.94.97 rhino.acme.com # source server

  # 38.25.63.10 x.acme.com # x client host

  # localhost name resolution is handle within DNS itself.

  127.0.0.1 localhost

  ::1 localhost

  ==== Empty Folders Check ======================

  C:\ProgramData\firebird deleted successfully

  C:\ProgramData\Guitar Pro 6 deleted successfully

  C:\ProgramData\RegRun deleted successfully

  C:\Users\Ronald\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully

  C:\Users\Ronald\AppData\Local\CutePDF Writer deleted successfully

  ==== Deleting CLSID Registry Keys ======================

  HKEY_USERS\S-1-5-21-2845422584-2823169968-540093950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702} deleted successfully

  HKEY_USERS\S-1-5-21-2845422584-2823169968-540093950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702} deleted successfully

  HKEY_USERS\S-1-5-21-2845422584-2823169968-540093950-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully

  HKEY_USERS\S-1-5-21-2845422584-2823169968-540093950-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully

  HKEY_USERS\S-1-5-21-2845422584-2823169968-540093950-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73AD5D47-66E5-4127-80CA-C0EEDABAFBCC} deleted successfully

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully

  HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully

  HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully

  HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

  HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311551178} deleted successfully

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551178} deleted successfully

  ==== Deleting CLSID Registry Values ======================

  HKEY_USERS\S-1-5-21-2845422584-2823169968-540093950-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2B171655-A70C-5C18-B693-6CB5DC269D41} deleted successfully

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully

  ==== Running Processes ======================

  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

  C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

  C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

  C:\Program Files (x86)\Launch Manager\dsiwmis.exe

  G:\Video\Freemake\CaptureLib\CaptureLibService.exe

  C:\Program Files (x86)\Launch Manager\LMutilps32.exe

  C:\Program Files (x86)\Launch Manager\LManager.exe

  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

  C:\Program Files (x86)\qualitink\updatequalitink.exe

  C:\Program Files (x86)\qualitink\bin\utilqualitink.exe

  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

  C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe

  C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe

  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

  C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

  C:\Program Files (x86)\AVG\AVG2014\avgui.exe

  I:\Utils\PowerISO\PWRISOVM.EXE

  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

  E:\Itunes\iTunesHelper.exe

  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

  C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

  C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe

  C:\Windows\SysWOW64\cmd.exe

  C:\Windows\SysWOW64\cmd.exe

  C:\Windows\SysWOW64\cmd.exe

  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

  ==== Deleting Services ======================

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util qualitink deleted successfully

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util qualitink deleted successfully

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update qualitink deleted successfully

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update qualitink deleted successfully

  ==== FireFox Fix ======================

  ProfilePath: C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default

  user.js not found

  —- Lines Downloader.com modified from prefs.js —-

  user_pref(“extensions.installCache”, "");

  —- FireFox user.js and prefs.js backups —-

  prefs_26-10-2013_1826_.backup

  ==== Registry Fix Code ======================

  Windows Registry Editor Version 5.00

  “Wondershare Helper Compact.exe”=-

  ==== Deleting Files \ Folders ======================

  C:\Program Files (x86)\Common Files\Wondershare deleted

  C:\Users\Ronald\AppData\Roaming\msregsvv.dll deleted

  C:\Users\Ronald\AppData\Local\Wondershare deleted

  C:\Users\Ronald\AppData\Local\Software deleted

  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted

  C:\windows\SysNative\tasks\ProtectedSearch deleted

  C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default\extensions\ftdownloader3@ftdownloader.com.xpi deleted

  C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default\jetpack deleted

  “C:\Program Files (x86)\qualitink\updatequalitink.exe” deleted

  “C:\PROGRA~2\qualitink\updatequalitink.exe” deleted

  “C:\Program Files (x86)\qualitink\bin\sqlite3.dll” deleted

  “C:\Program Files (x86)\qualitink\bin\utilqualitink.exe” deleted

  “C:\PROGRA~2\qualitink\bin\sqlite3.dll” deleted

  “C:\PROGRA~2\qualitink\bin\utilqualitink.exe” deleted

  “C:\Program Files (x86)\qualitink” not deleted

  “C:\PROGRA~2\qualitink” not deleted

  “C:\Program Files (x86)\qualitink\bin” not deleted

  “C:\PROGRA~2\qualitink\bin” not deleted

  ==== System Specs ======================

  Windows: Windows Version 6.2 (Build 9200)

  Memory (RAM): 8009 MB

  CPU Info: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz

  CPU Speed: 2250,4 MHz

  Sound Card: Luidsprekers (DEC Audio) |

  Speakers (Realtek High Definiti |

  Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000

  Monitors: 1x; Generic PnP Monitor |

  Screen Resolution: 1600 X 900 - 32 bit

  Network: Network Present

  Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR5BWB222 Wireless Network Adapter

  CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8C0

  Ports: COM Ports NOT Present. LPT Port NOT Present.

  Mouse: 3 Button Wheel Mouse Present

  Hard Disks: C: 305,6GB | E: 41,5GB | F: 13,0GB | G: 97,7GB | H: 95,2GB | I: 83,0GB | J: 12,4GB | K: 1863,0GB | L: 1863,0GB | S: 15,3GB | X: 34,2GB

  Hard Disks - Free: C: 208,5GB | E: 33,1GB | F: 11,1GB | G: 93,3GB | H: 72,5GB | I: 79,9GB | J: 7,1GB | K: 1785,8GB | L: 138,3GB | S: 879,9MB | X: 34,1GB

  Manufacturer *: Insyde Corp.

  BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1

  Time Zone: West-Europa (standaardtijd)

  Motherboard *: Type2 - Board Vendor Name1 VA70_HC

  Country: Nederland

  Language: NLD

  ==== System Specs (Software) ======================

  Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)

  Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

  Anti-Spyware: Windows Defender disabled (Outdated)

  Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)

  Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)

  Default Browser: Firefox 24.0

  Internet Explorer Version: 10.0.9200.16721

  Mozilla Firefox version: 20.0 (x86 nl)

  Adobe Reader version: 11.0.04.63

  Sun Java version: 1.7.0_45 (32-bit)

  Flash Player version: 11.9.900.117

  ==== Files Recently Created / Modified ======================

  ====== C:\Windows ====

  2013-10-24 15:47:32 485055033BCDDFDE56325C0D2FEEA4F2 151552 —-a-w- C:\Windows\KMSEmulator.exe

  2013-09-30 16:52:07 81051BCC2CF1BEDF378224B0A93E2877 2 –shatr- C:\Windows\winstart.bat

  ====== C:\Users\Ronald\AppData\Local\Temp ====

  2013-10-25 17:50:03 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\Users\Ronald\AppData\Local\Temp\SHSetup.exe

  ====== Java Cache =====

  ====== C:\Windows\SysWOW64 =====

  2013-10-22 17:31:12 BB9B1E4AD29328FAFCA5A9AD05BC9554 1245696 —-a-w- C:\Windows\SysWOW64\wdc.dll

  2013-10-22 17:31:12 831EB87A22B5011908334B8481289948 437248 —-a-w- C:\Windows\SysWOW64\wvc.dll

  2013-10-22 17:31:12 2A4C4B4921AD0DE90D4DFCD6E4CF8B84 399360 —-a-w- C:\Windows\SysWOW64\sysmon.ocx

  2013-10-22 17:31:03 594C715F554206032FE8C8AC9FF8F440 17561088 —-a-w- C:\Windows\SysWOW64\shell32.dll

  2013-10-22 17:30:59 5363A9B4FA7DB5E3B1025411CBF9977F 8858112 —-a-w- C:\Windows\SysWOW64\twinui.dll

  2013-10-22 17:30:57 D8FED3E93970890FC25C5D378E6A5BD6 893952 —-a-w- C:\Windows\SysWOW64\msctf.dll

  2013-10-22 17:30:51 E2C9A11BC849BC39384A8C430F17B63C 158208 —-a-w- C:\Windows\SysWOW64\mbsmsapi.dll

  2013-10-22 17:30:51 7DD1611953A4CB01F9E3287E86629172 356352 —-a-w- C:\Windows\SysWOW64\SettingSync.dll

  2013-10-22 17:30:51 7D98A4A02FEA4C24A2EA9D8978E6CAB5 2035712 —-a-w- C:\Windows\SysWOW64\authui.dll

  2013-10-22 17:30:51 42946DF60DA82E1350AB6D636AE19B3D 199168 —-a-w- C:\Windows\SysWOW64\shdocvw.dll

  2013-10-22 17:25:00 9223A2810B73069F4A03A636052EF14A 264616 —-a-w- C:\Windows\SysWOW64\javaws.exe

  2013-10-22 17:24:58 DC1342498BEE7EF1646E9D63138B69CC 175016 —-a-w- C:\Windows\SysWOW64\javaw.exe

  2013-10-22 17:24:58 9B0B14B405E0EDF76B5F5E31A49EB753 96168 —-a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

  2013-10-22 17:24:58 658633D255FEF154EA1CB8705B4468C5 174504 —-a-w- C:\Windows\SysWOW64\java.exe

  ====== C:\Windows\SysWOW64\drivers =====

  2013-09-30 16:53:43 6DDCF3F801EC15FE698F6A215CF30A1F 35816 —-a-w- C:\Windows\SysWOW64\drivers\Partizan.sys

  2013-09-30 16:52:03 922D364098683EFED6A01D47526A9371 12800 —-a-w- C:\Windows\SysWOW64\drivers\UnHackMeDrv.sys

  ====== C:\Windows\Sysnative =====

  2013-10-26 12:53:21 05A641B8381001AFBA78224BB784DB26 64 —-a-w- C:\Windows\Sysnative\Partizan.RRI

  2013-10-25 17:38:37 853D6CBD76EB4477229069415637033E 4912880 —-a-w- C:\Windows\Sysnative\FNTCACHE.DAT

  2013-10-22 17:31:13 CA45D615BA0102CEDE9C25F4C6EE0983 1374208 —-a-w- C:\Windows\Sysnative\wdc.dll

  2013-10-22 17:31:13 20E76634DE7792397261A8AC442B9ACB 566784 —-a-w- C:\Windows\Sysnative\wvc.dll

  2013-10-22 17:31:12 EEB55974CFE4DB0B4FC840E6101090B8 462336 —-a-w- C:\Windows\Sysnative\sysmon.ocx

  2013-10-22 17:31:05 4416D7F0F05098711EA45C9D95610A6E 19758080 —-a-w- C:\Windows\Sysnative\shell32.dll

  2013-10-22 17:31:00 09B07DFC6792D49516073FEF024315C9 10116608 —-a-w- C:\Windows\Sysnative\twinui.dll

  2013-10-22 17:30:58 F85D33830D2655FB2916667579D45725 1125888 —-a-w- C:\Windows\Sysnative\msctf.dll

  2013-10-22 17:30:56 7D5FEB67505A6D983F5D8AE0B474581D 2304512 —-a-w- C:\Windows\Sysnative\authui.dll

  2013-10-22 17:30:56 5690B3793FD93716EF4C5CE71D9FF156 448512 —-a-w- C:\Windows\Sysnative\SettingSync.dll

  2013-10-22 17:30:54 DFB8703836AF863A25FC55BF88176591 222208 —-a-w- C:\Windows\Sysnative\shdocvw.dll

  2013-10-22 17:30:51 755059FD6A758EA4413B58A1B423E7D1 128512 —-a-w- C:\Windows\Sysnative\SettingSyncInfo.dll

  2013-10-22 17:30:51 6A4B9FBC1E88C400AD671A50DADFA84D 386923 —-a-w- C:\Windows\Sysnative\ApnDatabase.xml

  2013-10-22 17:30:51 60CF5B27BBEF38F11729B847541E33A3 225280 —-a-w- C:\Windows\Sysnative\mbsmsapi.dll

  ====== C:\Windows\Sysnative\drivers =====

  2013-10-22 17:30:57 37D85E873C9531A2F88DD9C63D3F8A9E 2233688 —-a-w- C:\Windows\Sysnative\drivers\tcpip.sys

  2013-10-11 15:49:15 E2C933EDBC389386EBE6D2BA953F43D8 785624 —-a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys

  2013-10-11 15:49:15 11876881E87BACEBBCEE41A037614D48 54488 —-a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys

  2013-10-11 15:49:14 AD91D1BBE5D3CF4501887DC1C09384FD 43008 —-a-w- C:\Windows\Sysnative\drivers\usbscan.sys

  2013-10-11 15:49:14 9FDBA6982582A6F2354144980F641E7B 25600 —-a-w- C:\Windows\Sysnative\drivers\usbprint.sys

  2013-10-11 15:49:14 9EF7C01D3ACCBC243B5CB1A95865B2FF 210560 —-a-w- C:\Windows\Sysnative\drivers\usbvideo.sys

  2013-10-11 15:49:14 9E9F21FF91D7ECC0BCCB94D3FE52A959 121984 —-a-w- C:\Windows\Sysnative\drivers\USBAUDIO.sys

  2013-10-11 15:49:14 427B6DB8C05A5A977E8C3525370A2595 99328 —-a-w- C:\Windows\Sysnative\drivers\usbcir.sys

  2013-10-11 15:49:14 346DEF1A9DB0B4133CE0FA38AAF565C0 32768 —-a-w- C:\Windows\Sysnative\drivers\hidparse.sys

  2013-10-11 15:49:14 2C2A9A4D53DC90A5195BB51F0A4B1E21 83968 —-a-w- C:\Windows\Sysnative\drivers\hidclass.sys

  2013-10-11 15:49:05 F8C2A832DF9403F5EA8080CBDBDA95FB 623448 —-a-w- C:\Windows\Sysnative\drivers\usbhub.sys

  2013-10-11 15:49:05 C976C4306F9AE133D6BBD47FDFC3BF92 120832 —-a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

  2013-10-11 15:49:05 B24FDEB1B18496F1B463782235AA3AF1 79192 —-a-w- C:\Windows\Sysnative\drivers\usbehci.sys

  2013-10-11 15:49:05 9F83642C3709D1A4DD49EEE9F48F839D 21848 —-a-w- C:\Windows\Sysnative\drivers\usbd.sys

  2013-10-11 15:49:05 7CB7E04259F323D051A10515B8863564 498008 —-a-w- C:\Windows\Sysnative\drivers\usbport.sys

  2013-10-11 15:49:05 1ABF657259DB57F7E5558E4DF1357C0C 32256 —-a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

  2013-10-11 15:49:03 B1E910DDC08A8536116214326124903C 447320 —-a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS

  2013-10-11 15:49:03 8DC398D7B8E02C929A2096E74A170970 337752 —-a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS

  2013-10-11 15:49:03 061BA3EE0D2BE17944990544008CF190 213336 —-a-w- C:\Windows\Sysnative\drivers\UCX01000.SYS

  2013-09-29 18:12:29 FAEF4C245BE832DB41B15DAAC336AFB7 58200 —-a-w- C:\Windows\Sysnative\drivers\dam.sys

  2013-09-29 18:11:22 09039F3D5A23483010AA6F5FE388F3C4 327512 —-a-w- C:\Windows\Sysnative\drivers\Classpnp.sys

  2013-09-29 18:11:21 FC2B8B06BDBD3B6457F5A3DA9AD2410E 120144 —-a-w- C:\Windows\Sysnative\drivers\msgpioclx.sys

  2013-09-29 18:11:21 F58B030A0664385C707B8C1C63682041 195416 —-a-w- C:\Windows\Sysnative\drivers\sdbus.sys

  2013-09-29 18:11:21 DD7B107B2BB3EE845F57315EF4ECAC9A 125784 —-a-w- C:\Windows\Sysnative\drivers\dumpsd.sys

  2013-09-29 18:11:21 630555943E5A3FE21010CE91EC7FC84F 341504 —-a-w- C:\Windows\Sysnative\drivers\HdAudio.sys

  2013-09-29 18:11:20 BFC7FE4AAEB61317A921871B4085EF4B 119040 —-a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS

  2013-09-29 18:11:20 3F1F31883EAC9DDDF836ACC6D1DAC36C 96512 —-a-w- C:\Windows\Sysnative\drivers\wfplwfs.sys

  2013-09-29 18:11:20 25C50F4EDF70D0A831E0566BD181CCF2 321536 —-a-w- C:\Windows\Sysnative\drivers\udfs.sys

  ====== C:\Windows\Tasks ======

  2013-10-03 16:54:32 ——– d—–w- C:\Windows\Sysnative\Tasks\Safer-Networking

  2013-09-30 16:52:04 C13A2EF64D0819F30221AF70CDC77A64 3294 —-a-w- C:\Windows\Sysnative\Tasks\UnHackMe Task Scheduler

  ====== C:\Windows\Temp ======

  ======= C:\Program Files =====

  2013-10-20 12:39:03 ——– d—–w- C:\Program Files\iPod

  2013-10-20 12:39:02 ——– d—–w- C:\Program Files\iTunes

  ======= C:\PROGRA~2 =====

  2013-10-23 19:00:08 ——– d—–w- C:\PROGRA~2\qualitink

  2013-10-22 17:25:02 ——– d—–w- C:\PROGRA~2\COMMON~1\Java

  2013-09-27 17:02:32 ——– d—–w- C:\PROGRA~2\AVG

  ======= C: =====

  ====== C:\Users\Ronald\AppData\Roaming ======

  2013-10-20 13:07:28 ——– d—–w- C:\Users\Ronald\AppData\Roaming\Apowersoft

  2013-10-15 17:10:00 ——– d—–w- C:\Users\Ronald\AppData\Local\Ashampoo Movie Studio 2013

  2013-10-04 17:13:55 ——– d—–w- C:\Users\Ronald\AppData\Local\Aiseesoft Studio

  2013-09-27 17:07:23 ——– d—–w- C:\Users\Ronald\AppData\Roaming\AVG2014

  2013-09-27 17:06:30 ——– d—–w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014

  2013-09-27 17:04:56 ——– d—–w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014

  2013-09-27 17:02:32 ——– d—–w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014

  2013-09-27 16:56:19 ——– d—–w- C:\Users\Ronald\AppData\Local\Avg2014

  ====== C:\Users\Ronald ======

  2013-10-26 15:21:50 8C27D71B2F6719136407C525ECF18D51 1060070 —-a-w- C:\Users\Ronald\Downloads\adwcleaner (2).exe

  2013-10-26 14:55:32 ——– d—–w- C:\Windows\serviceprofiles\Localservice\winhttp

  2013-10-26 13:54:04 28430B8B058F352B19436E691B002B0B 55954968 —-a-w- C:\Users\Ronald\Downloads\gtk-2.1.9.4-setup.exe

  2013-10-26 13:05:17 8C27D71B2F6719136407C525ECF18D51 1060070 —-a-w- C:\Users\Ronald\Downloads\AdwCleaner(1).exe

  2013-10-26 13:04:02 C3E04B7E8326EB118113CE175EFA86A9 894600 —-a-w- C:\Users\Ronald\Downloads\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe

  2013-10-22 17:24:58 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

  2013-10-20 13:07:31 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft

  2013-10-20 12:39:27 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

  2013-10-20 12:39:02 ——– d—–w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

  2013-10-10 15:12:19 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

  2013-10-04 17:13:48 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft

  2013-10-04 17:13:38 ——– d—–w- C:\ProgramData\Aiseesoft Studio

  2013-10-03 18:29:16 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint

  2013-09-30 16:52:03 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe

  2013-09-27 17:02:40 ——– d—–w- C:\ProgramData\AVG2014

  ====== C: exe-files ==

  2013-10-26 15:21:50 8C27D71B2F6719136407C525ECF18D51 1060070 —-a-w- C:\Users\Ronald\Downloads\adwcleaner (2).exe

  2013-10-26 15:05:52 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WILUAOSO\RSITx64.exe

  2013-10-26 13:54:04 28430B8B058F352B19436E691B002B0B 55954968 —-a-w- C:\Users\Ronald\Downloads\gtk-2.1.9.4-setup.exe

  2013-10-26 13:05:17 8C27D71B2F6719136407C525ECF18D51 1060070 —-a-w- C:\Users\Ronald\Downloads\AdwCleaner(1).exe

  2013-10-26 13:04:02 C3E04B7E8326EB118113CE175EFA86A9 894600 —-a-w- C:\Users\Ronald\Downloads\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe

  2013-10-25 17:50:03 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\Users\Ronald\AppData\Local\Temp\SHSetup.exe

  2013-10-24 15:47:32 485055033BCDDFDE56325C0D2FEEA4F2 151552 —-a-w- C:\Windows\KMSEmulator.exe

  2013-10-22 17:25:00 9223A2810B73069F4A03A636052EF14A 264616 —-a-w- C:\Windows\SysWOW64\javaws.exe

  2013-10-22 17:24:58 DC1342498BEE7EF1646E9D63138B69CC 175016 —-a-w- C:\Windows\SysWOW64\javaw.exe

  2013-10-22 17:24:58 658633D255FEF154EA1CB8705B4468C5 174504 —-a-w- C:\Windows\SysWOW64\java.exe

  2013-10-22 12:28:28 C6B4E899C909935D1F639D2E52BA4C43 5970992 —-a-w- C:\Program Files (x86)\AVG\AVG2014\avgcrema.exe

  2013-10-20 12:35:34 FA1B0ADAC903A0B9F1F73D5C3840AEEB 77136 —-a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.1.1.11\SetupAdmin.exe

  === C: other files ==

  2013-10-22 17:30:57 37D85E873C9531A2F88DD9C63D3F8A9E 2233688 —-a-w- C:\Windows\System32\Drivers\tcpip.sys

  ==== Startup Registry Enabled ======================

  “Adobe Acrobat Synchronizer”=“F:\Adobe\Acrobat\Acrobat\AdobeCollabSync.exe”

  “SUPERAntiSpyware”=“I:\Utils\superantispyware\SUPERAntiSpyware.exe”

  “Akamai NetSession Interface”=“C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe”

  “Spybot-S&D Cleaning”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean”

  “IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”

  “IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”

  “IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”

  “IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”

  “BCSSync”=“C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices”

  “APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  “SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”

  “AdobeCS5ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin”

  “AVG_UI”=“C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY”

  “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  “PWRISOVM.EXE”=“I:\Utils\PowerISO\PWRISOVM.EXE -startup”

  “QuickTime Task”=“H:\Quicktime\QTTask.exe -atboottime”

  “BrowserPlugInHelper”=“H:\Video Converter Ultimate\BrowserPlugInHelper.exe”

  “SDTray”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”

  “iTunesHelper”=“E:\Itunes\iTunesHelper.exe”

  “SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

  “Adobe Acrobat Synchronizer”=“F:\Adobe\Acrobat\Acrobat\AdobeCollabSync.exe”

  “SUPERAntiSpyware”=“I:\Utils\superantispyware\SUPERAntiSpyware.exe”

  “Akamai NetSession Interface”=“C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe”

  “Spybot-S&D Cleaning”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean”

  “BtvStack”=“C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe”

  ==== Startup Registry Enabled x64 ======================

  “IgfxTray”=“C:\Windows\system32\igfxtray.exe”

  “HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”

  “Persistence”=“C:\Windows\system32\igfxpers.exe”

  “RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”

  “RtHDVBg_Dolby”=“C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 ”

  “BtPreLoad”=“C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe”

  “AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”

  “Windows Mobile Device Center”=“%windir%\WindowsMobile\wmdc.exe ”

  “BtvStack”=“C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe”

  ==== Startup Folders ======================

  2013-02-05 18:00:59 1300 —-a-w- C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

  2013-06-11 16:04:39 1113 —-a-w- C:\Users\Ronald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk

  2012-10-24 05:15:34 2173 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk

  ==== Task Scheduler Jobs ======================

  C:\Windows\tasks\Adobe Flash Player Updater.job –a——–

  C:\Windows\tasks\AutoKMS.job –a——–

  ==== Other Scheduled Tasks ======================

  “C:\Windows\SysNative\tasks\Adobe Flash Player Updater”

  “C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-ERJEBE-Ronald”

  “C:\Windows\SysNative\tasks\ALU”

  “C:\Windows\SysNative\tasks\ALUAgent”

  “C:\Windows\SysNative\tasks\AutoKMS”

  “C:\Windows\SysNative\tasks\CreateChoiceProcessTask”

  “C:\Windows\SysNative\tasks\DeviceDetector”

  “C:\Windows\SysNative\tasks\EgisUpdate”

  “C:\Windows\SysNative\tasks\iuBrowserIEAgent”

  “C:\Windows\SysNative\tasks\iuEmailOutlookAgent”

  “C:\Windows\SysNative\tasks\PMMUpdate”

  “C:\Windows\SysNative\tasks\Power Management”

  “C:\Windows\SysNative\tasks\UnHackMe Task Scheduler”

  “C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”

  “C:\Windows\SysNative\tasks\Recovery Management\Notification”

  “C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates”

  “C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization”

  “C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system”

  ==== Firefox Extensions Registry ======================

  “{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}”=“H:\Video Converter Ultimate\SVRFirefoxExt”

  “{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}”=“H:\Video Converter Ultimate\SVRFirefoxExt”

  ==== Firefox Extensions ======================

  ProfilePath: C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default

  - Flash Video Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com.xpi

  - qualitink - %ProfilePath%\extensions\firefox@qualitink.net.xpi

  - Print Edit - %ProfilePath%\extensions\printedit@DW-dev.xpi

  - Torntv 3 - %ProfilePath%\extensions\trtv3@trtv.com.xpi

  - Abduction - %ProfilePath%\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi

  ==== Firefox Plugins ======================

  Profilepath: C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default

  4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash

  D71FD9D50DEE32075F0D4F93CE2051ED - E:\Itunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

  18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

  86FD0445C7A92516FC0BA201C79B8E9E - H:\Quicktime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

  9FDABAD05A9623988750CCC10223BDB0 - H:\Quicktime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

  5E1D0432C765884434A7CCD4DBDC80AA - H:\Quicktime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

  3B293C235A80E7A5369E6AA28FEA50B1 - H:\Quicktime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

  A80BCBED52F7DD5FDBF346A985A4E4D5 - H:\Quicktime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

  A843FC35574ECFD9E7A41C5505A9921B - G:\Video\VLC\npvlc.dll - VLC Web Plugin

  ==== Deleted Firefox Extensions ======================

  C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default\extensions\firefox@qualitink.net.xpi deleted

  C:\Users\Ronald\AppData\Roaming\Mozilla\Firefox\Profiles\oue5htis.default\extensions\trtv3@trtv.com.xpi deleted

  ==== Chrome Look ======================

  HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

  chgdeabpmphfhkoemjjglmilajldekbp - H:\Video Converter Ultimate\SVRChromePlugin.crx

  ==== Set IE to Default ======================

  Old Values:

  “Start Page”=“http://www.startpagina.nl/”

  “Search Page”=“http://www.google.com”

  “Start Default_Page_URL”=“http://www.google.com”

  “Default_Search_URL”=“http://www.google.com”

  “Search Bar”=“http://www.google.com”

  “Default_Search_URL”=“http://www.google.com”

  “Start Page”=“http://www.google.com”

  “Search Page”=“http://www.google.com”

  “Start Default_Page_URL”=“http://www.google.com”

  “Search Bar”=“http://www.google.com”

  “Default_Search_URL”=“http://www.google.com”

  “Start Page”=“http://www.google.com”

  “Search Page”=“http://www.google.com”

  “Start Default_Page_URL”=“http://www.google.com”

  “Search Bar”=“http://www.google.com”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “(Default)”=“”

  “Start Page”=“http://www.google.com”

  “Start Default_Page_URL”=“http://www.google.com”

  “Default_Search_URL”=“http://www.google.com/”

  “Search Bar”=“http://www.google.com”

  “Search Page”=“http://www.google.com”

  “Start Page”=“http://www.google.com”

  “Start Default_Page_URL”=“http://www.google.com”

  “Default_Search_URL”=“http://www.google.com/”

  “Search Bar”=“http://www.google.com”

  “Search Page”=“http://www.google.com”

  “Start Page”=“http://www.google.com”

  “Start Default_Page_URL”=“http://www.google.com”

  “Default_Search_URL”=“http://www.google.com/”

  “Search Bar”=“http://www.google.com”

  “Search Page”=“http://www.google.com”

  “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”

  not found

  New Values:

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Start Page”=“http://www.startpagina.nl/”

  “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Start Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Start Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “(Default)”=“http://search.msn.com/results.asp?q=%s”

  “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Start Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Start Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “Start Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

  “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

  ==== All HKCU SearchScopes ======================

  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

  {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”

  {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

  ==== HijackThis Entries ======================

  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

  F2 - REG:system.ini: UserInit=userinit.exe,

  O1 - Hosts: ::1 localhost

  O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

  O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - H:\Video Converter Ultimate\SVRIEPlugin.dll

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

  O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

  O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

  O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

  O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin

  O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: I:\Utils\PowerISO\PWRISOVM.EXE -startup

  O4 - HKLM\..\Run: “H:\Quicktime\QTTask.exe” -atboottime

  O4 - HKLM\..\Run: H:\Video Converter Ultimate\BrowserPlugInHelper.exe

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”

  O4 - HKLM\..\Run: “E:\Itunes\iTunesHelper.exe”

  O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

  O4 - HKCU\..\Run: “F:\Adobe\Acrobat\Acrobat\AdobeCollabSync.exe”

  O4 - HKCU\..\Run: I:\Utils\superantispyware\SUPERAntiSpyware.exe

  O4 - HKCU\..\Run: “C:\Users\Ronald\AppData\Local\Akamai\netsession_win.exe”

  O4 - HKCU\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe” /autoclean

  O4 - HKLM\..\Policies\Explorer\Run: “C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe”

  O4 - HKUS\S-1-5-19\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘NETWORK SERVICE’)

  O4 - HKUS\S-1-5-18\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘SYSTEM’)

  O4 - HKUS\.DEFAULT\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘Default user’)

  O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

  O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

  O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

  O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

  O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

  O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

  O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

  O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

  O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

  O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

  O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

  O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

  O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

  O11 - Options group: Accelerated graphics

  O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

  O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - I:\Utils\superantispyware\SASCORE64.EXE

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe

  O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

  O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

  O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

  O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe

  O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

  O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

  O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

  O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

  O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

  O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

  O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

  O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - G:\Video\Freemake\CaptureLib\CaptureLibService.exe

  O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

  O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

  O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

  O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

  O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

  O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

  O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

  O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe

  O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

  O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

  O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

  O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

  O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

  O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

  O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

  O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

  O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

  O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

  O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

  O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

  O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

  O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

  O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

  ==== Empty IE Cache ======================

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Users\Ronald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

  C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  ==== Empty FireFox Cache ======================

  C:\Users\Ronald\AppData\Local\Mozilla\Firefox\Profiles\oue5htis.default\Cache emptied successfully

  ==== Empty Chrome Cache ======================

  No Chrome User Data found

  ==== Empty All Flash Cache ======================

  Flash Cache Emptied Successfully

  ==== Empty All Java Cache ======================

  Java Cache cleared successfully

  ==== After Reboot ======================

  ==== Empty Temp Folders ======================

  C:\Windows\Temp successfully emptied

  C:\Users\Ronald\AppData\Local\Temp successfully emptied

  ==== Empty Recycle Bin ======================

  C:\$RECYCLE.BIN successfully emptied

  ==== Deleting Files / Folders ======================

  “C:\Program Files (x86)\qualitink” not found

  “C:\PROGRA~2\qualitink” not found

  ==== EOF on za 26-10-2013 at 18:35:36,15 ======================

  Rapporteren
• 

  Ben

  26-10-2013 18:44

  Hallo,

  Hoe gaat het hierna?

  Rapporteren
• 

  ronald

  26-10-2013 18:55

  voorlopig zie ik geen problemen meer. Hoop dat dit het was.

  Ben, bedankt voor je hulp!!!!!

  Rapporteren
• 

  Ben

  26-10-2013 19:05

  Hallo,

  Je heb nog twee virusscanners actief:

  Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)

  Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

  Schakel Defender uit anders gaan ze tegen elkaar inwerken en vertragen ook zo je pc.

  En ik zag een overvloed aan spyware scanners:

  Anti-Spyware: Windows

  Anti-Spyware: Spybot - Search and Destroy

  Anti-Spyware: AVG AntiVirus Free Edition 2014

  Anti-Spyware: SUPERAntiSpyware

  Behoud alleen AVG in samenwerking met Mbam.

  Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.

  Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:

  Download

  

  Delfix by Xplode naar het bureaublad.

  Dubbelklik op Delfix.exe om de tool te starten.

  Zet nu vinkjes voor de volgende items:

  Activate UAC

  Remove disinfection tools

  Create registry backup

  Purge System Restore

  Reset system settings

  Klik nu op "Run" en wacht geduldig tot de tool gereed is.

  Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.

  Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.

  Rapporteren
• 

  ronald

  26-10-2013 19:11

  die spywarescanners zitten er vanwege die problemen.

  Zal je raad opvolgen.

  Nogmaals bedankt.

  Rapporteren
• 

  Ben

  26-10-2013 19:13

  Hallo,

  Bedankt en graag gedaan (tu)

  Rapporteren
• 

  fazantje

  03-11-2013 20:05

  Omdat dit topic is opgelost word het gesloten.

  Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).

  Zij zullen dan het “slotje” er van af halen en het topic is weer open.

  Het AV team.

  Rapporteren

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.