Hi Ben,
Bedankt voor je hulp. Hier is het logje.
Gr
Geert
Zoek.exe v5.0.0.0 Updated 18-Januari-2014
Tool run by Skylander on zo 19-01-2014 at 20:23:39,25.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Skylander\Desktop\zoek.exe
==== System Restore Info ======================
19-1-2014 20:25:53 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\ProgramData\Babylon deleted successfully
C:\ProgramData\Oracle deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2770278957-2747800005-4024737769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2770278957-2747800005-4024737769-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_USERS\S-1-5-21-2770278957-2747800005-4024737769-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Skylander\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Skylander\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Delta deleted
C:\PROGRA~2\PC Speed Up deleted
C:\PROGRA~2\Yontoo deleted
C:\ProgramData\Tarma Installer deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up deleted
C:\Users\Skylander\AppData\LocalLow\Delta deleted
C:\windows\SysNative\Tasks\EPUpdater deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
“C:\Users\Skylander\AppData\Roaming\Yontoo\YontooDesktop.exe” deleted
“C:\Users\Skylander\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll” deleted
“C:\Users\Skylander\AppData\Roaming\Yontoo” deleted
“C:\Users\Skylander\AppData\Roaming\Yontoo\dat” deleted
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3910 MB
CPU Info: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
CPU Speed: 2255,3 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Intel(R) Centrino(R) Wireless-N 105 | Broadcom NetLink (TM) Gigabit Ethernet
CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8C0
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 445,4GB
Hard Disks - Free: C: 388,8GB
Manufacturer *: Acer
BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Acer EA50_HC_HR
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 10.0.9200.16750
Google Chrome version: 32.0.1700.76
Sun Java version: 1.7.0_45 (32-bit)
Shockwave Player version: 12.0.2r122
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\SKYLAN~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-01-15 16:02:44 6A10586D2456BBE6E1F7DBAABB2C5F28 550400 —-a-w- C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 16:02:44 62601FF7577D8CC2132D26BDF6B4997F 452608 —-a-w- C:\Windows\SysWOW64\SHCore.dll
2014-01-15 16:02:43 07577AD2DA7D82B8A077DA4C1981DB9B 199168 —-a-w- C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 16:02:42 AC52DA0DC81956307CB8E13B5A0A390E 86016 —-a-w- C:\Windows\SysWOW64\davclnt.dll
2014-01-15 16:02:30 18DB0EA3DAD0932C62F2DED17837D92E 562688 —-a-w- C:\Windows\SysWOW64\WSShared.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-15 16:02:44 A28DE7725EC0426BC76C064B3A9D64EF 588288 —-a-w- C:\Windows\Sysnative\SHCore.dll
2014-01-15 16:02:44 9DE3341BD4E14BC5FADFCAD3019F2D0D 915968 —-a-w- C:\Windows\Sysnative\MPSSVC.dll
2014-01-15 16:02:44 09DC813EA00294A6F5B2B6C75E2740ED 758784 —-a-w- C:\Windows\Sysnative\FirewallAPI.dll
2014-01-15 16:02:43 9B1384CE8E681D2D77BB3524B8E86311 227840 —-a-w- C:\Windows\Sysnative\WebClnt.dll
2014-01-15 16:02:43 353F85DB0B6EB92A77DA1DC2B9DD4FEF 104448 —-a-w- C:\Windows\Sysnative\davclnt.dll
2014-01-15 16:02:30 FA3B2DEF1EA2D6D2018E4289A235B83B 688640 —-a-w- C:\Windows\Sysnative\WSShared.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-19 16:37:14 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-01-15 16:02:43 AE3786294CC246A5403783E1B86A0168 100696 —-a-w- C:\Windows\Sysnative\drivers\disk.sys
2014-01-15 16:02:42 4CCBBD4944777CA100B9A6C2F149A46F 74752 —-a-w- C:\Windows\Sysnative\drivers\mpsdrv.sys
2014-01-04 20:01:19 AAB5F5336EDBB5D99CC7E1A9F4D8F63F 79672 —-a-w- C:\Windows\Sysnative\drivers\aswstm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-19 17:00:40 ——– d—–w- C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-01-02 08:49:24 ——– d—–w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Skylander\AppData\Roaming ======
2014-01-19 16:36:53 ——– d—–w- C:\Users\Skylander\AppData\Local\Programs
====== C:\Users\Skylander ======
2014-01-19 17:45:56 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Skylander\Desktop\RSITx64.exe
2014-01-19 17:44:55 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Skylander\Downloads\RSITx64.exe
2014-01-02 08:49:15 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-01-19 17:45:56 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Skylander\Desktop\RSITx64.exe
2014-01-19 17:44:55 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Skylander\Downloads\RSITx64.exe
2014-01-19 17:00:40 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Skylander.exe
2014-01-19 17:00:31 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Skylander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HV7A89GC\RSITx64.exe
2014-01-19 16:36:36 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Skylander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FC8U1VVE\mbam-setup-1.75.0.1300.exe
2014-01-17 16:14:32 1D0A1FF655C6CF2EA2DE4FB6AA8246AD 9046696 —-a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_31.0.1650.63_chrome_updater.exe
2014-01-15 05:06:16 85752D8DDA1CDDC368EEA9C6966D6FB9 3685544 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\XLICONS.EXE
2014-01-15 05:06:16 120A8C96BDACA0E996EECA1C4249DA3C 840400 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
2014-01-15 05:06:16 02F4D77F2B1CAA08373732876F08B48C 548536 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-01-15 05:06:15 639299F6C2DEFC95D32C7E31F3FDCE2C 3015336 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\WORDICON.EXE
2014-01-15 05:06:13 6F9EC2DAD5C2A7D2A6DB55D56B1DEC48 6847704 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe
2014-01-15 05:06:13 51E80A4215C91A46527A6D228FC41F92 78576 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2014-01-15 05:06:12 D7FD2973A893C9FA7EA28601E8B4D924 39584 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe
2014-01-15 05:06:11 286F022920B7CC5517FE26F44D8F0450 5117144 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe
2014-01-15 05:06:10 4AC57AC05DA1416F09007F531BFA1C1D 9555120 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE
2014-01-15 05:06:03 FC8A57867331A885888BF10A567C03F7 3509416 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\PPTICO.EXE
2014-01-15 05:06:03 9E3D974459750742C522CDA7219F9553 871088 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2014-01-15 05:05:58 5422FAE4C8AE9022A0A6F2D61C2891D9 471784 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE
2014-01-15 05:05:57 2A04D9554504C9805ABD8F3042CF41CE 614568 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOICONS.EXE
2014-01-15 05:05:47 2162E8E0CEA552E3D065BB89CFA3FC64 1046232 —-a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
2014-01-15 05:05:44 F7650D69291A0C4279CE810C18E0905B 496832 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE
2014-01-15 05:05:44 F0880D165AD001E330D6B83A9342F544 228544 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\CLVIEW.EXE
2014-01-15 05:05:44 AB898EC1FFD8B8B3494EE5F383189421 448704 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
2014-01-15 05:05:43 ED1993B0AB3C052FA41CB13DFFF3F9B0 478936 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE
2014-01-15 05:05:43 AC5207389149F97C62B068E01D8D0065 4522176 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE
2014-01-15 05:05:43 042C55F9E4AB4F24CAD326D171071EF6 21888160 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2014-01-15 05:05:42 BCC72321A7A78B43D416488083D30429 515312 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe
2014-01-15 05:05:42 A81D08D5FD2C6D05460C3D7A2ADC2C7D 526024 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE
2014-01-15 05:05:42 60901242B582AA7A4BAFA33BB7B00D2A 569592 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE
2014-01-15 05:05:42 23B463D92C869A3858D652DAC23952FD 1026728 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\misc.exe
2014-01-15 05:05:28 A343694339F33F68AFCE279A5A23388F 566480 —-a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
2014-01-15 05:04:40 D492087C8BC54DEAC2F293AB770E6625 1746600 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
2014-01-15 05:04:21 44BEB5BCABCFC46BE32C4AC191CF943E 1923232 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
2014-01-15 05:04:18 FF7238051E8A7A4F1832071F9E549ECA 25623712 —-a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
=== C: other files ==
2014-01-19 16:37:14 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\Drivers\mbam.sys
2014-01-15 16:02:43 AE3786294CC246A5403783E1B86A0168 100696 —-a-w- C:\Windows\System32\Drivers\disk.sys
2014-01-15 16:02:42 4CCBBD4944777CA100B9A6C2F149A46F 74752 —-a-w- C:\Windows\System32\Drivers\mpsdrv.sys
==== Startup Registry Enabled ======================
“Yontoo Desktop”=“C:\Users\Skylander\AppData\Roaming\Yontoo\YontooDesktop.exe”
“AVG-Secure-Search-Update_0913b”=“C:\Users\Skylander\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT –mid abd65105044347d39d0869c1a5374979-656178b2fff789db35a4107f32dcb1496ac8e4c1 –CMPID 0913b”
“IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”
“IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”
“IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”
“Uninstall C:\Users\Skylander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64”=“C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Skylander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64”
“IsMyWinLockerReboot”=“msiexec.exe /qn /x{voidguid}”
“AVG_UI”=“C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY”
“AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“Yontoo Desktop”=“C:\Users\Skylander\AppData\Roaming\Yontoo\YontooDesktop.exe”
“AVG-Secure-Search-Update_0913b”=“C:\Users\Skylander\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT –mid abd65105044347d39d0869c1a5374979-656178b2fff789db35a4107f32dcb1496ac8e4c1 –CMPID 0913b”
“Uninstall C:\Users\Skylander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64”=“C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Skylander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64”
“AppInit_DLLs”=“c:\\progra~3\\browse~1\\261519~1.190\\{c16c1~1\\browse~1.dll”
==== Startup Registry Enabled x64 ======================
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
==== Startup Folders ======================
2013-11-05 07:31:21 1113 —-a-w- C:\Users\Skylander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
2012-10-25 15:01:37 2171 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a——– C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a——– C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate”
“C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2”
“C:\Windows\SysNative\tasks\ALU”
“C:\Windows\SysNative\tasks\ALUAgent”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
“C:\Windows\SysNative\tasks\DeviceDetector”
“C:\Windows\SysNative\tasks\EgisUpdate”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\PMMUpdate”
“C:\Windows\SysNative\tasks\Power Management”
==== Folders in C:\ProgramData 0-6 Months Old ======================
2013-08-31 13:23:13 ——– d—–w- C:\ProgramData\MFAData
2013-08-31 13:23:14 ——– d–h–w- C:\ProgramData\Common Files
2013-10-26 17:27:31 ——– d—–w- C:\ProgramData\AVG2014
2013-11-04 18:23:30 ——– d—–w- C:\ProgramData\Microsoft SkyDrive
2014-01-19 16:37:15 ——– d—–w- C:\ProgramData\Malwarebytes
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx
Google Docs - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Delta Toolbar - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
SiteAdvisor - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Delta Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Skylander\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startpagina.nl/”
“DefaultScope”=“{51B5DE46-4B45-486A-8772-738B1552A2D2}”
New Values:
“Start Page”=“http://www.startpagina.nl/”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{51B5DE46-4B45-486A-8772-738B1552A2D2} Unknown Url=“Not_Found”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2770278957-2747800005-4024737769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{51B5DE46-4B45-486A-8772-738B1552A2D2} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Users\Skylander\AppData\Roaming\Yontoo\YontooDesktop.exe”
O4 - HKCU\..\Run: C:\Users\Skylander\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT –mid abd65105044347d39d0869c1a5374979-656178b2fff789db35a4107f32dcb1496ac8e4c1 –CMPID 0913b
O4 - HKCU\..\RunOnce: C:\Windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Skylander\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64”
O4 - HKUS\S-1-5-19\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: msiexec.exe /qn /x{voidguid} (User ‘Default user’)
O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Skylander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Skylander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Skylander\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=74 folders=26 13497375 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Skylander\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\SKYLAN~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on zo 19-01-2014 at 21:15:04,79 ======================
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
