antivirus.startpagina.nl

pc besmet!

  • Anonymous avatar

    jasper

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01

    Ran by Supervisor at 2014-03-08 18:30:42 Run:1

    Running from C:\Users\Supervisor\Desktop

    Boot Mode: Normal

    ==============================================

    Content of fixlist:

    *****************

    start

    () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    () C:\monitor.exe

    (Objectify Media Inc) C:\Program Files (x86)\Web Protect\PCProtect.exe

    HKLM-x32\…\Run: -

    HKLM-x32\…\Run: - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BA8CA53B0D5CA01

    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = {searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493

    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = {searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0CtDtB0CzzzyyCtB0F0AtN0D0Tzu0CtBzyyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1454746493

    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = {searchTerms}&SSPV=

    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = {searchTerms}&babsrc=SP_ss&mntrId=CE71000CF6A4E242&affID=120684&tsp=5035

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File

    Winsock: Catalog9-x64 01 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 02 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 03 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 04 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    Winsock: Catalog9-x64 15 C:\Windows\system32\PCProtect64.dll (Objectify Media Inc)

    CHR DefaultSearchKeyword: conduit.search

    CHR HKLM-x32\…\Chrome\Extension: - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    R3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe (Objectify Media Inc)

    S2 ProtectMonitor; C:\monitorsvc.exe ()

    2014-03-05 14:47 - 2014-03-05 14:47 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini

    2014-03-05 14:47 - 2014-03-05 14:47 - 00002184 _____ () C:\Windows\system32\PCProtectOff.ini

    2014-03-05 14:46 - 2014-03-05 14:48 - 00000000 ____D () C:\Program Files (x86)\Web Protect

    2014-03-05 14:46 - 2014-01-08 07:08 - 00330624 _____ (Objectify Media Inc) C:\Windows\system32\PCProtect64.dll

    2014-03-05 14:46 - 2014-01-08 07:08 - 00293984 _____ (Objectify Media Inc) C:\Windows\SysWOW64\PCProtect.dll

    C:\Users\Supervisor\AppData\Local\Temp\7za.exe

    C:\Users\Supervisor\AppData\Local\Temp\hijackthis.exe

    C:\Users\Supervisor\AppData\Local\Temp\NirCmd.exe

    C:\Users\Supervisor\AppData\Local\Temp\PEVZ.EXE

    C:\Users\Supervisor\AppData\Local\Temp\remove.exe

    C:\Users\Supervisor\AppData\Local\Temp\sed.exe

    C:\Users\Supervisor\AppData\Local\Temp\shortcut.exe

    C:\Users\Supervisor\AppData\Local\Temp\swreg.exe

    C:\Users\Supervisor\AppData\Local\Temp\swxcacls.exe

    C:\Users\Supervisor\AppData\Local\Temp\wget.exe

    C:\Users\Supervisor\AppData\Local\Temp\zoek-delete.exe

    end

    *****************

    C:\Program Files (x86)\Mobogenie\DaemonProcess.exe => Process closed successfully.

    C:\monitor.exe => Process closed successfully.

    C:\Program Files (x86)\Web Protect\PCProtect.exe => Process closed successfully.

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully.

    HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.

    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.

    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.

    HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.

    HKCR\PROTOCOLS\Handler\bwfile-8876480 => Key deleted successfully.

    HKCR\CLSID\{9462A756-7B47-47BC-8C80-C34B9B80B32B} => Key not found.

    Winsock: Catalog entry 000000000001 => Deleted successfully.

    Winsock: Catalog entry 000000000002 => Deleted successfully.

    Winsock: Catalog entry 000000000003 => Deleted successfully.

    Winsock: Catalog entry 000000000004 => Deleted successfully.

    Winsock: Catalog entry 000000000015 => Deleted successfully.

    CHR DefaultSearchKeyword: conduit.search ==> The Chrome “Settings” can be used to fix the entry.

    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj => Key deleted successfully.

    “C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx” => File/Directory not found.

    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

    HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

    PCProtect => Service deleted successfully.

    ProtectMonitor => Service deleted successfully.

    C:\Windows\SysWOW64\PCProtect.ini => Moved successfully.

    C:\Windows\SysWOW64\PCProtectOff.ini => Moved successfully.

    C:\Windows\system32\PCProtectOff.ini => Moved successfully.

    C:\Program Files (x86)\Web Protect => Moved successfully.

    C:\Windows\system32\PCProtect64.dll => Moved successfully.

    C:\Windows\SysWOW64\PCProtect.dll => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\7za.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\hijackthis.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\NirCmd.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\PEVZ.EXE => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\remove.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\sed.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\shortcut.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\swreg.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\swxcacls.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\wget.exe => Moved successfully.

    C:\Users\Supervisor\AppData\Local\Temp\zoek-delete.exe => Moved successfully.

    ==== End of Fixlog ====

  • Anonymous avatar

    Ben

    Hallo,

    Download AdwCleaner by Xplode naar het bureaublad.

    * Sluit alle openstaande vensters.

    * Dubbelklik op AdwCleaner om hem te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,

    * Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Klik vervolgens op Scan.

    * Klik vervolgens op Clean als er items zijn gevonden.

    * Klik bij Herstarten Noodzakelijk op OK

    Nadat de PC opnieuw is opgestart, opent meestal een logfile.

    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt

    Post aansluitend de inhoud van dit log in je volgende bericht.

    Vertel er ook bij hoe het hierna gaat?

  • Anonymous avatar

    jasper

    Tot heden geen last gehad meer van spam.

    Bedankt!

    # AdwCleaner v3.020 - Report created 08/03/2014 at 18:42:46

    # Updated 27/02/2014 by Xplode

    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

    # Username : Supervisor - SUPERVISOR-PC

    # Running from : C:\Users\Supervisor\Desktop\adwcleaner.exe

    # Option : Clean

    ***** *****

    ***** *****

    Folder Deleted : C:\ProgramData\WinMaximizer

    Folder Deleted : C:\ProgramData\AlawarWrapper

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

    Folder Deleted : C:\Program Files (x86)\GreenTree Applications

    Folder Deleted : C:\Program Files (x86)\Mobogenie

    Folder Deleted : C:\Program Files (x86)\myfree codec

    Folder Deleted : C:\Program Files (x86)\MyPC Backup

    Folder Deleted : C:\Users\Supervisor\AppData\Local\Mobogenie

    Folder Deleted : C:\Users\Supervisor\AppData\LocalLow\Delta

    Folder Deleted : C:\Users\Supervisor\AppData\Roaming\uniblue

    Folder Deleted : C:\Users\Supervisor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

    Folder Deleted : C:\Users\Supervisor\Documents\Mobogenie

    File Deleted : C:\Users\Supervisor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

    File Deleted : C:\Windows\System32\Tasks\BitGuard

    ***** *****

    ***** *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager

    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WiseConvert_1_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

    Key Deleted : HKCU\Software\853d9d8b23eba10

    Key Deleted : HKLM\SOFTWARE\853d9d8b23eba10

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_tvants_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_tvants_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_tvants_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_tvants_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_vlc-media-player_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

    Key Deleted : HKCU\Software\Myfree Codec

    Key Deleted : HKCU\Software\Softonic

    Key Deleted : HKCU\Software\AppDataLow\Software\PassWidget

    Key Deleted : HKLM\Software\DataMngr

    Key Deleted : HKLM\Software\Myfree Codec

    Key Deleted : HKLM\Software\SoftwareUpdater

    Key Deleted : HKLM\Software\Uniblue

    Key Deleted : HKLM\Software\Vittalia

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

    ***** *****

    -\\ Internet Explorer v11.0.9600.16518

    -\\ Mozilla Firefox v

    -\\ Google Chrome v33.0.1750.146

    Deleted : icon_url

    *************************

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    ########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########

  • Anonymous avatar

    Ben

    Hallo,

    Dat zijn mooie opruimingen, en als je verder geen problemen heb doe het volgende;

    Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.

    Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:

    Download Delfix by Xplode naar het bureaublad.

    Dubbelklik op Delfix.exe om de tool te starten.

    Zet nu vinkjes voor de volgende items:

    Remove disinfection tools

    Create registry backup

    Purge System Restore

    Reset system settings

    Klik nu op "Run" en wacht geduldig tot de tool gereed is.

    Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.

    Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.

  • Anonymous avatar

    jasper

    super bedankt! is gelukt

    groetjes

  • Anonymous avatar

    Ben

    Hallo,

    Dat is mooi, bedankt en graag gedaan,

  • Anonymous avatar

    fazantje

    Omdat dit topic is opgelost word het gesloten.

    Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).

    Zij zullen dan het “slotje” er van af halen en het topic is weer open.

    Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.