Erg vervuilde laptop

lg

10-01-2014 14:35

Ik heb reeds div. software verwijderd zoals google chrome.
Er blijven steeds vervelende pop ups komen.
LG
Hier bij de gevraagde logfiles
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.01.10.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Gerie :: GERIE-PC
10-1-2014 12:57:38
mbam-log-2014-01-10 (12-57-38).txt
Scan type: Volledige scan (C:\|D:\|E:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 355372
Verstreken tijd: 1 uur/uren, 3 minuut/minuten, 42 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 1
HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SnapDo.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\Software\Smartbar|publisher (PUP.Optional.SnapDo.A) -> Data: SnapDoForPartners -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Slecht: (http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Slecht: (http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Slecht: (http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Slecht: (http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013) Goed: (http://www.google.com) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Aartemis) -> Slecht: (C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S) Goed: (iexplore.exe) -> Succesvol in quarantaine geplaatst en gerepareerd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Slecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Goed: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 3
C:\Users\Gerie\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 10
C:\Users\Gerie\AppData\Local\Temp\toolbar6031466.exe (PUP.Optional.Kozaka.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Local\Temp\uninstall511496.exe (PUP.Optional.GoForFiles.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Local\Temp\uninstall956426.exe (PUP.Optional.GoForFiles.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Local\Temp\fullpackage_temp1386596426\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Documents\PCSUUpdate.exe (PUP.Optional.PCSpeedUp.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\SoftonicDownloader_voor_bluestacks-app-player.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\Downloads\SoftonicDownloader_voor_scrabble.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\Installer\20a5e.msi (PUP.Optional.SmartBar.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Gerie\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gerie at 2014-01-10 14:12:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 201 GB (69%) free of 290 GB
Total RAM: 2934 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:54, on 10-1-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Gerie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: VideoPlayerV3beta816 - {df452baa-c9c7-4cf8-8782-9a6dbdf2b53f} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816\ie\VideoPlayerV3beta816.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 7697 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“c:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 38552592
\??\C:\Windows\system32\conhost.exe "-480567824-197580419240768763280476526-984985750-891121756-14036127242126284413
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
“C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe”
“C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe”
“C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
“C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe”
WLIDSvcM.exe 1872
“c:\Program Files\Microsoft Security Client\NisSrv.exe”
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe”
“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s
“C:\Program Files (x86)\Realtek\Audio\OSD\RTVOSD64.EXE”
“C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe”
C:\Windows\system32\wbem\wmiprvse.exe
“C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE”
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Windows\System32\igfxtray.exe”
“C:\Windows\System32\hkcmd.exe”
“C:\Windows\System32\igfxpers.exe”
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“C:\Program Files\Internet Explorer\IEXPLORE.EXE”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3740 CREDAT:267521 /prefetch:2
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe”
C:\Windows\system32\sppsvc.exe
“C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe”
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe” /hidden
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe -Embedding
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe” “HP Wireless AssistantWLAN: AanC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico1843685420C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3740 CREDAT:2495765 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3740 CREDAT:2626899 /prefetch:2
“c:\Program Files\Microsoft Security Client\MpCmdRun.exe” SpyNetService -RestrictPrivileges -AccessKey 2B95F100-89C9-D7C9-841A-1C69901E88D9 -Reinvoke
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:3740 CREDAT:3020169 /prefetch:2
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-66021288-411892084-39669315-10003_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-66021288-411892084-39669315-10003 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon” “1”
“C:\Windows\system32\SearchFilterHost.exe” 0 516 520 528 65536 524
“C:\Users\Gerie\Desktop\RSITx64.exe”
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
======Registry dump======
Snap.DoEngine - C:\Windows\system32\mscoree.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816\ie\VideoPlayerV3beta816.dll
{ae07101b-46d4-4a98-af68-0333ea26e113} - Snap.Do - C:\Windows\system32\mscoree.dll
{ae07101b-46d4-4a98-af68-0333ea26e113} - Snap.Do - C:\Windows\system32\mscoree.dll
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“IAAnotif”=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
“RTHDVCPL”=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
“RtkOSD”=C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
“HP Quick Launch”=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
“HPWirelessAssistant”=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Gerie\AppData\Local\Smartbar\Application\SnapDo.exe startup
C:\PROGRA~2\MYPCBA~1\MYPCBA~1.EXE
“SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableSecureUIAPath”=1
“NoDriveTypeAutoRun”=145
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-01-10 14:12:49 —-D—- C:\rsit
2014-01-10 02:04:04 —-D—- C:\Program Files (x86)\VideoPlayerV3
2013-12-24 19:20:59 —-A—- C:\extensions.ini
2013-12-12 16:48:26 —-A—- C:\Windows\system32\wmploc.DLL
2013-12-12 16:48:25 —-A—- C:\Windows\SYSWOW64\wmploc.DLL
2013-12-12 16:48:25 —-A—- C:\Windows\SYSWOW64\wmp.dll
2013-12-12 16:48:23 —-A—- C:\Windows\system32\wmp.dll
2013-12-12 16:46:55 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 16:46:54 —-A—- C:\Windows\system32\ieui.dll
2013-12-12 16:46:53 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-12-12 16:46:53 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-12-12 16:46:53 —-A—- C:\Windows\system32\jsproxy.dll
2013-12-12 16:46:53 —-A—- C:\Windows\system32\ieUnatt.exe
2013-12-12 16:46:53 —-A—- C:\Windows\system32\iesetup.dll
2013-12-12 16:46:53 —-A—- C:\Windows\system32\iernonce.dll
2013-12-12 16:46:53 —-A—- C:\Windows\system32\ieetwproxystub.dll
2013-12-12 16:46:53 —-A—- C:\Windows\system32\ie4uinit.exe
2013-12-12 16:46:52 —-A—- C:\Windows\system32\ieetwcollector.exe
2013-12-12 16:46:51 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2013-12-12 16:46:51 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2013-12-12 16:46:51 —-A—- C:\Windows\system32\mshtml.dll
2013-12-12 16:46:51 —-A—- C:\Windows\system32\jscript9diag.dll
2013-12-12 16:46:51 —-A—- C:\Windows\system32\ieapfltr.dll
2013-12-12 16:46:50 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-12-12 16:46:50 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-12-12 16:46:50 —-A—- C:\Windows\system32\iertutil.dll
2013-12-12 16:46:49 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-12-12 16:46:49 —-A—- C:\Windows\system32\wininet.dll
2013-12-12 16:46:49 —-A—- C:\Windows\system32\urlmon.dll
2013-12-12 16:46:48 —-A—- C:\Windows\system32\ieframe.dll
2013-12-12 16:46:47 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-12-12 16:46:46 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-12-12 16:46:46 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-12-12 16:46:45 —-A—- C:\Windows\system32\jscript9.dll
2013-12-12 16:19:37 —-A—- C:\Windows\system32\msieftp.dll
2013-12-12 16:19:36 —-A—- C:\Windows\SYSWOW64\msieftp.dll
2013-12-12 16:19:35 —-A—- C:\Windows\system32\win32k.sys
2013-12-12 16:19:34 —-A—- C:\Windows\SYSWOW64\WMPhoto.dll
2013-12-12 16:19:34 —-A—- C:\Windows\system32\WMPhoto.dll
2013-12-12 16:19:33 —-A—- C:\Windows\SYSWOW64\imagehlp.dll
2013-12-12 16:19:33 —-A—- C:\Windows\system32\imagehlp.dll
2013-12-12 16:19:16 —-A—- C:\Windows\SYSWOW64\tzres.dll
2013-12-12 16:19:16 —-A—- C:\Windows\system32\tzres.dll
2013-12-12 16:19:12 —-A—- C:\Windows\SYSWOW64\wscript.exe
2013-12-12 16:19:12 —-A—- C:\Windows\SYSWOW64\scrrun.dll
2013-12-12 16:19:12 —-A—- C:\Windows\SYSWOW64\cscript.exe
2013-12-12 16:19:12 —-A—- C:\Windows\system32\wscript.exe
2013-12-12 16:19:12 —-A—- C:\Windows\system32\scrrun.dll
2013-12-12 16:19:12 —-A—- C:\Windows\system32\cscript.exe
2013-12-12 16:19:11 —-A—- C:\Windows\system32\drivers\portcls.sys
2013-12-12 16:19:11 —-A—- C:\Windows\system32\drivers\drmk.sys
2013-12-12 16:17:24 —-D—- C:\ProgramData\APN
2013-12-12 16:16:05 —-D—- C:\ProgramData\Oracle
2013-12-12 16:15:13 —-A—- C:\Windows\SYSWOW64\javaws.exe
2013-12-12 16:15:05 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-12-12 16:15:05 —-A—- C:\Windows\SYSWOW64\javaw.exe
2013-12-12 16:15:05 —-A—- C:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 month======
2014-01-10 14:12:54 —-D—- C:\Program Files\trend micro
2014-01-10 14:09:50 —-D—- C:\Windows\Temp
2014-01-10 14:05:07 —-D—- C:\Windows\inf
2014-01-10 14:05:06 —-D—- C:\Windows\system32\config
2014-01-10 14:05:01 —-A—- C:\Windows\SYSWOW64\log.txt
2014-01-10 14:05:00 —-D—- C:\Windows
2014-01-10 14:03:50 —-RD—- C:\Program Files (x86)
2014-01-10 13:50:58 —-D—- C:\Windows\debug
2014-01-10 13:34:29 —-D—- C:\Program Files (x86)\Word Mojo Gold Deluxe
2014-01-10 13:32:02 —-D—- C:\Program Files (x86)\Delicious Deluxe
2014-01-10 13:30:25 —-D—- C:\Program Files (x86)\Puzzle Express
2014-01-10 13:30:06 —-SHD—- C:\Windows\Installer
2014-01-10 13:30:06 —-SD—- C:\Users\Gerie\AppData\Roaming\Microsoft
2014-01-10 13:30:02 —-RSD—- C:\Windows\assembly
2014-01-10 13:28:47 —-D—- C:\ProgramData\Trymedia
2014-01-10 13:27:00 —-D—- C:\Program Files (x86)\Zylom Games
2014-01-10 13:25:55 —-HD—- C:\ProgramData
2014-01-10 13:09:15 —-D—- C:\Windows\Microsoft.NET
2014-01-10 11:45:27 —-D—- C:\Support
2014-01-10 11:44:15 —-D—- C:\Windows\Tasks
2014-01-10 11:34:55 —-D—- C:\Program Files (x86)\Google
2014-01-10 11:34:48 —-D—- C:\Windows\system32\Tasks
2014-01-10 11:28:24 —-D—- C:\ProgramData\Shopping-Chip
2014-01-10 11:28:23 —-D—- C:\Windows\system32\drivers
2014-01-10 11:26:43 —-D—- C:\ProgramData\70cf98edfc80a2c5
2014-01-10 11:26:43 —-D—- C:\Program Files (x86)\Shopping-Chip
2014-01-10 11:26:08 —-D—- C:\ProgramData\WPM
2014-01-10 11:24:47 —-D—- C:\Windows\Prefetch
2014-01-10 11:16:23 —-D—- C:\Program Files\Google
2014-01-10 11:16:23 —-D—- C:\Program Files (x86)\Kozaka
2014-01-10 11:06:45 —-SHD—- C:\System Volume Information
2014-01-10 11:05:19 —-D—- C:\Users\Gerie\AppData\Roaming\Systweak
2014-01-10 11:02:50 —-D—- C:\Windows\System32
2013-12-27 16:34:33 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-12-24 22:24:18 —-D—- C:\Windows\rescache
2013-12-23 19:46:10 —-D—- C:\Windows\system32\catroot2
2013-12-15 03:00:51 —-D—- C:\Windows\system32\MRT
2013-12-15 03:00:47 —-A—- C:\Windows\system32\MRT.exe
2013-12-12 21:57:29 —-D—- C:\Windows\winsxs
2013-12-12 21:54:53 —-D—- C:\Windows\SysWOW64
2013-12-12 21:54:53 —-D—- C:\Program Files (x86)\Windows Media Player
2013-12-12 21:54:52 —-D—- C:\Program Files\Windows Media Player
2013-12-12 21:54:50 —-D—- C:\Program Files\Internet Explorer
2013-12-12 21:54:50 —-D—- C:\Program Files (x86)\Internet Explorer
2013-12-12 21:54:46 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-12-12 21:54:45 —-D—- C:\Windows\system32\nl-NL
2013-12-12 21:54:39 —-D—- C:\Windows\system32\DriverStore
2013-12-12 16:48:38 —-D—- C:\Windows\system32\catroot
2013-12-12 16:21:22 —-A—- C:\Windows\win.ini
2013-12-12 16:15:21 —-D—- C:\Program Files (x86)\Common Files
2013-12-12 16:15:05 —-D—- C:\Program Files (x86)\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 BCM43XX;Stuurprogramma voor de Broadcom 802.11-netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
Ben

10-01-2014 15:26

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe instaleerd.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Antivirus software uitschakelen
Antispy & malware software uitschakelen
Download
Zoek.exe naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
C:\Program Files (x86)\VideoPlayerV3;fs
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1};c
{ae07101b-46d4-4a98-af68-0333ea26e113};c
;r
;r
C:\Program Files (x86)\AskPartnerNetwork;fs
;r
C:\Users\Gerie\AppData\Local\Smartbar;fs
;r
C:\PROGRA~2\MYPCBA~1;fs
C:\ProgramData\WPM;fs
C:\Users\Gerie\AppData\Roaming\Systweak;fs
C:\ProgramData\Shopping-Chip;fs
C:\ProgramData\70cf98edfc80a2c5;fs
C:\Program Files (x86)\Shopping-Chip;fs
autoclean;
startupall;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.
lg

10-01-2014 15:50

Zoals gevraagd de logfile van zoek.exe
Is adwarecleaner uit de gratie????
Zoek.exe v5.0.0.0 Updated 09-Januari-2014
Tool run by Gerie on vr 10-01-2014 at 15:34:30,83.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gerie\Desktop\zoek.exe
==== System Restore Info ======================
10-1-2014 15:35:30 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MSCopy {312BFDCE-A901-4203-B4F2-ADCB957D1887} undetermined path
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\PROGRA~2\Kozaka deleted successfully
C:\PROGRA~2\Shopping-Chip deleted successfully
C:\Program Files\Google deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\ProgramData\Shopping-Chip deleted successfully
C:\Users\Gerie\AppData\Roaming\Systweak deleted successfully
C:\Users\Gerie\AppData\Local\cache deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f724fdda-e2a5-4f84-83ad-a6b87476f3b8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\Gerie\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\AskPartnerNetwork not found
C:\Users\Gerie\AppData\Local\Smartbar not found
C:\PROGRA~2\MYPCBA~1 not found
C:\Users\Gerie\AppData\Roaming\Systweak not found
C:\ProgramData\Shopping-Chip not found
C:\Program Files (x86)\Shopping-Chip not found
C:\ProgramData\WPM deleted
C:\ProgramData\70cf98edfc80a2c5 deleted
C:\Users\Gerie\AppData\Local\genienext deleted
C:\Users\Gerie\daemonprocess.txt deleted
C:\Users\Gerie\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\Mobogenie deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\Users\Gerie\AppData\Roaming\GoforFiles deleted
C:\ProgramData\APN deleted
C:\ProgramData\Trymedia deleted
C:\Users\Gerie\AppData\Local\Mobogenie deleted
C:\Users\Gerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Gerie\Downloads\rcpsetupmarm1_marm1376194549nl_adroi.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Security Toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\windows\SysNative\Tasks\GoforFilesUpdate deleted
C:\Users\Gerie\Documents\Mobogenie deleted
“C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816\ie\VideoPlayerV3beta816.dll” deleted
“C:\Program Files (x86)\VideoPlayerV3” deleted
“C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816” deleted
“C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816\ie” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2934 MB
CPU Info: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
CPU Speed: 2152,8 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Broadcom 4313 (802.11b/g/n)
CD / DVD Drives: 1x (F: | ) F: hp DVD RW AD-7701H
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 283,6GB | D: 14,2GB | E: 99,3MB
Hard Disks - Free: C: 196,4GB | D: 2,0GB | E: 72,7MB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 06/28/10 | HPQOEM - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Hewlett-Packard 1439
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Internet Explorer Version: 11.0.9600.16476
Adobe Reader version: 10.1.0.534
Sun Java version: 1.7.0_45 (32-bit)
Flash Player version: 11.8.800.94
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Gerie\AppData\Local\Temp ====
2014-01-10 12:26:56 6C292A138EC85C5102DBE7E65582F72F 586601 —-a-w- C:\Users\Gerie\AppData\Local\Temp\.zylominstallertemp1389356816\ZylomGameITemp.exe
2014-01-10 10:50:25 98692B3ACB72D41054529F1888953B50 14209802 —-a-w- C:\Users\Gerie\AppData\Local\Temp\.zylomisrtemp1389351025\ZylomGameITemp.exe
2014-01-10 01:04:00 3A25B2AF2F94CD78A3B9A56A826A4F9D 1024480 —-a-w- C:\Users\Gerie\AppData\Local\Temp\Setup1.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-12-12 15:19:11 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 —-a-w- C:\Windows\Sysnative\drivers\drmk.sys
2013-12-12 15:19:11 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 —-a-w- C:\Windows\Sysnative\drivers\portcls.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-01-10 13:56:04 ——– d—–w- C:\PROGRA~2\VideoLAN
2013-12-12 15:15:21 ——– d—–w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Gerie\AppData\Roaming ======
2014-01-10 14:09:02 ——– d—–w- C:\Users\Gerie\AppData\Roaming\vlc
====== C:\Users\Gerie ======
2014-01-10 14:06:59 AF5C84446657B48C9B9B870C46438261 1233962 —-a-w- C:\Users\Gerie\Desktop\adwcleaner.exe
2014-01-10 13:56:27 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-01-10 13:09:45 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerie\Desktop\RSITx64.exe
2013-12-12 15:15:06 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-01-10 14:06:59 AF5C84446657B48C9B9B870C46438261 1233962 —-a-w- C:\Users\Gerie\Desktop\adwcleaner.exe
2014-01-10 13:56:30 F5F17DDD84E5AC1DB954470EF3065F8E 228217 —-a-w- C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
2014-01-10 13:54:36 B91FE1536AB4D680DDD77469EA3FD4BF 24097311 —-a-w- C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYHR5TQ4\vlc-2.1.2-win32.exe
2014-01-10 13:09:45 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Gerie\Desktop\RSITx64.exe
2014-01-10 12:26:56 6C292A138EC85C5102DBE7E65582F72F 586601 —-a-w- C:\Users\Gerie\AppData\Local\Temp\.zylominstallertemp1389356816\ZylomGameITemp.exe
2014-01-10 10:50:25 98692B3ACB72D41054529F1888953B50 14209802 —-a-w- C:\Users\Gerie\AppData\Local\Temp\.zylomisrtemp1389351025\ZylomGameITemp.exe
2014-01-10 01:04:00 3A25B2AF2F94CD78A3B9A56A826A4F9D 1024480 —-a-w- C:\Users\Gerie\AppData\Local\Temp\Setup1.exe
=== C: other files ==
2014-01-10 10:01:47 3E8730F264F6602607B84DFAA1AF5469 162 —-a-w- C:\Users\Gerie\AppData\Local\Temp\uninstall.bat
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
==== Startup Registry Enabled x64 ======================
“IAAnotif”=“C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s”
“RtkOSD”=“C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe”
“HP Quick Launch”=“C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe”
“HPWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“SynTPEnh”=“%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ApnTBMon”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\Updater\\TBNotifier.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Browser Infrastructure Helper”
“hkey”=“HKCU”
“command”=“C:\\Users\\Gerie\\AppData\\Local\\Smartbar\\Application\\SnapDo.exe startup”
“item”=“MyPC Backup”
“path”=“C:\\Users\\Gerie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk”
“backup”=“C:\\Windows\\pss\\MyPC Backup.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\MYPCBA~1\\MYPCBA~1.EXE”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
“C:\Windows\SysNative\tasks\SidebarExecute”
==== Folders in C:\ProgramData 0-6 Months Old ======================
2013-09-01 13:33:26 ——– d—–w- C:\ProgramData\Malwarebytes
2013-10-10 16:25:51 ——– d—–w- C:\ProgramData\BlueStacksSetup
==== Firefox Extensions Registry ======================
“ext@VideoPlayerV3beta816.net”=“C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816\ff”
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hmlhndfembfmceikoofpjijpajbhjnno - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta816\ch\VideoPlayerV3beta816.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startnederland.nl/”
“Search Page”=“http://www.google.com”
“Search Bar”=“http://www.google.com”
“Use Search Asst”=“yes”
“Default_Search_URL”=“http://www.aartemis.com/web/?type=ds&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S&q={searchTerms}”
“Search Page”=“http://www.aartemis.com/web/?type=ds&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S&q={searchTerms}”
“Default_Search_URL”=“http://www.aartemis.com/web/?type=ds&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S&q={searchTerms}”
“Search Page”=“http://www.aartemis.com/web/?type=ds&ts=1386596432&from=cor&uid=TOSHIBAXMK3256GSY_8072F4L4SXX8072F4L4S&q={searchTerms}”
“Default”=“http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013”
“Default”=“http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013”
“Default”=“http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=9e5b70ec-46e4-bce8-ec1d-6a8ca5fd41cb&searchtype=ds&q={searchTerms}&installDate=10/10/2013”
“Default_Search_URL”=“http://www.google.com”
“SearchAssistant”=“http://www.google.com”
New Values:
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Bar”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.startnederland.nl/”
“Use Search Asst”=“no”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url=“Not_Found”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{df452baa-c9c7-4cf8-8782-9a6dbdf2b53f} deleted successfully
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{df452baa-c9c7-4cf8-8782-9a6dbdf2b53f} deleted successfully
HKEY_USERS\S-1-5-21-66021288-411892084-39669315-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{df452baa-c9c7-4cf8-8782-9a6dbdf2b53f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df452baa-c9c7-4cf8-8782-9a6dbdf2b53f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@VideoPlayerV3beta816.net deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hmlhndfembfmceikoofpjijpajbhjnno deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYHR5TQ4 will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1145 folders=126 99175043 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Gerie\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gerie\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Gerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYHR5TQ4” deleted
==== EOF on vr 10-01-2014 at 15:47:17,19 ======================
Ben

10-01-2014 16:03

Hallo lg,
>>>Is adwarecleaner uit de gratie????<<<
Nee hoor maar dan hebben we nog wat achter de hand, en mbam ruimt nu ook pups op.
Voer zoek.exe nogmaals uit met de volgende code;
;r
{312BFDCE-A901-4203-B4F2-ADCB957D1887};c
;r64
;r64
;r64
ext@VideoPlayerV3beta816.net;ff
hmlhndfembfmceikoofpjijpajbhjnno;chr
Plaats het verkregen logje.
Voer hierna een scan met AdwCleaner uit (ik zag hem al op je pc staan)
Als hij nog wat vind druk op clean, plaats dat logje.
lg

10-01-2014 16:20

Zoek.exe v5.0.0.0 Updated 09-Januari-2014
Tool run by Gerie on vr 10-01-2014 at 16:14:15,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gerie\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-01-10-144717.log 28355 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1145 folders=126 99175043 bytes)
==== EOF on vr 10-01-2014 at 16:15:25,90 ======================
Ben

10-01-2014 16:22

Hallo,
Nu Adwcleaner nog, en vertel meteen of er nog problemen zijn.
lg

10-01-2014 16:34

Hierbij de logfIile van Adwcleaner.
Naar mijn idee geen problemen meer ik ga kijken of het zo blijft.
Maar naar mijn ervaringen van uit het verleden met dit prikbord
heb ik er alle vertrouwen in
Wederom bedankt
Lg(Guus)
# AdwCleaner v3.016 - Report created 10/01/2014 at 16:28:53
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gerie - GERIE-PC
# Running from : C:\Users\Gerie\Desktop\adwcleaner.exe
# Option : Clean
***** *****
***** *****
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
***** *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Ben

10-01-2014 16:38

Hallo,
Leer de mensen om niet van de site Softonic te downloaden!
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download
Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
lg

10-01-2014 16:43

Ik ga de laatste stap uitvoeren, ik geef regelmatig dat advies maar ik denk
dat de mensen doof zijn voor dat advies idem met Google Chroom daar het ik ook al een hoop
ellende mee gezien.
Maar we blijven adviseren en uitleggen en uiteraard helpen, ik werk voornamelijk met ouderen.
Dank Guus
Ben

10-01-2014 16:49

lg Schreef:
——————————————————-
> Ik ga de laatste stap uitvoeren, ik geef
> regelmatig dat advies maar ik denk
> dat de mensen doof zijn voor dat advies idem met
> Google Chroom daar het ik ook al een hoop
> ellende mee gezien.
> Maar we blijven adviseren en uitleggen en
> uiteraard helpen, ik werk voornamelijk met
> ouderen.
>
> Dank Guus
Hallo,
Het is niet alleen bij ouderen hoor die er doof voor zijn
Maar mooi dat je ze helpt (tu)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Erg vervuilde laptop

lg

Ben

lg

Ben

lg

Ben

lg

Ben

lg

Ben