besmettingen volgens provider

Dennis

14-03-2014 23:10

Hallo,
Ik heb van mijn provider bericht gehad dat er besmettingen op mijn laptop zitten, met als gevolg dat mijn internet verbinding word afgesloten.
Zouden jullie mij kunnen helpen om deze besmettingen te verwijderen, zodat ik kan aangeven dat mijn laptop schoon is.
Ik heb het stappenplan uitgevoerd, zie onderstaande logjes.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.03.14.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
gebruiker :: GEBRUIKERMM
14-3-2014 22:38:49
mbam-log-2014-03-14 (22-38-49).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 229693
Verstreken tijd: 8 minuut/minuten, 3 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\ProgramData\Search Protection\SearchProtection.exe -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by gebruiker at 2014-03-14 23:00:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 135 GB (46%) free of 292 GB
Total RAM: 2996 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:21, on 14-3-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\gebruiker\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\gebruiker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_lm87&r=27360611m8b6l0420z1m5f47m1a243
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-12&ent=hp&u=E8BE784BFA4767A6D855F053207CC09C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe” -h -k
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe” -a
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: “C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe” -autorun
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11671 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
“IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“BackupManagerTray”=C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“LManager”=C:\Program Files (x86)\Launch Manager\LManager.exe
“VideoWebCamera”=C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
“PWRISOVM.EXE”=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
“GrooveMonitor”=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“mobilegeni daemon”=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
“AvastUI.exe”=C:\Program Files\AVAST Software\Avast\AvastUI.exe
“QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe
“iLivid”=C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe -autorun
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\SysWOW64\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“msacm.siren”=sirenacm.dll
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-03-14 22:56:48 —-D—- C:\rsit
2014-03-14 22:56:48 —-D—- C:\Program Files (x86)\trend micro
2014-03-14 22:38:16 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 11:55:55 —-A—- C:\Windows\SysWOW64\iernonce.dll
2014-03-13 11:55:53 —-A—- C:\Windows\SysWOW64\iertutil.dll
2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\urlmon.dll
2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\mshtml.dll
2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 11:55:50 —-A—- C:\Windows\SysWOW64\iesetup.dll
2014-03-13 11:55:49 —-A—- C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 11:55:49 —-A—- C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 11:55:47 —-A—- C:\Windows\SysWOW64\ieui.dll
2014-03-13 11:55:46 —-A—- C:\Windows\SysWOW64\ieframe.dll
2014-03-13 11:55:43 —-A—- C:\Windows\SysWOW64\jscript9.dll
2014-03-13 11:55:43 —-A—- C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 11:55:42 —-A—- C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 11:55:41 —-A—- C:\Windows\SysWOW64\wininet.dll
2014-03-13 11:55:40 —-A—- C:\Windows\SysWOW64\msrating.dll
2014-03-13 11:53:23 —-A—- C:\Windows\SysWOW64\wer.dll
2014-03-13 11:49:02 —-A—- C:\Windows\SysWOW64\qedit.dll
2014-03-13 11:48:59 —-A—- C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:31:51 —-D—- C:\Users\gebruiker\AppData\Roaming\LavasoftStatistics
2014-03-12 16:27:03 —-D—- C:\Users\gebruiker\AppData\Roaming\SecureSearch
2014-03-12 16:21:05 —-D—- C:\ProgramData\Lavasoft
2014-02-27 21:53:59 —-D—- C:\Windows\Migration
2014-02-27 20:11:00 —-D—- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-27 20:11:00 —-D—- C:\Program Files (x86)\iTunes
2014-02-27 19:58:17 —-D—- C:\Program Files (x86)\QuickTime
2014-02-20 05:32:28 —-D—- C:\Users\gebruiker\AppData\Roaming\AVAST Software
======List of files/folders modified in the last 1 month======
2014-03-14 23:00:20 —-D—- C:\Windows\Temp
2014-03-14 22:56:48 —-RD—- C:\Program Files (x86)
2014-03-14 22:49:01 —-A—- C:\Windows\SysWOW64\log.txt
2014-03-14 22:35:26 —-D—- C:\Users\gebruiker\AppData\Roaming\Seas0nPass
2014-03-14 22:26:23 —-RD—- C:\Program Files
2014-03-14 19:42:37 —-SHD—- C:\Windows\Installer
2014-03-14 19:42:37 —-HD—- C:\ProgramData
2014-03-14 19:42:26 —-SHD—- C:\System Volume Information
2014-03-14 19:41:04 —-RSD—- C:\Windows\assembly
2014-03-14 10:13:59 —-D—- C:\Windows\System32
2014-03-14 10:13:59 —-D—- C:\Windows\inf
2014-03-14 10:08:36 —-D—- C:\Windows\winsxs
2014-03-14 10:06:25 —-D—- C:\Windows\SysWOW64
2014-03-14 10:06:24 —-D—- C:\Program Files (x86)\Internet Explorer
2014-03-14 10:06:12 —-D—- C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 12:39:50 —-D—- C:\ProgramData\Microsoft Help
2014-03-12 17:33:54 —-D—- C:\Windows\Prefetch
2014-03-12 16:25:37 —-A—- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-28 10:46:06 —-D—- C:\Windows\Microsoft.NET
2014-02-28 09:19:12 —-A—- C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 21:54:30 —-D—- C:\Windows\SysWOW64\en-US
2014-02-27 21:53:59 —-SD—- C:\ProgramData\Microsoft
2014-02-27 21:53:59 —-D—- C:\Windows
2014-02-27 20:11:04 —-D—- C:\Program Files (x86)\Common Files\Apple
2014-02-19 19:55:48 —-D—- C:\ProgramData\AVAST Software
2014-02-19 09:20:10 —-D—- C:\Users\gebruiker\AppData\Roaming\BitTorrent
2014-02-15 11:37:48 —-D—- C:\Windows\rescache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\SysWOW64\drivers\aswRvrt.sys
R0 aswVmm;avast! VM Monitor; C:\Windows\SysWOW64\drivers\aswVmm.sys
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys
R1 SCDEmu;SCDEmu; C:\Windows\SysWOW64\drivers\SCDEmu.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
R2 Greg_Service;GRegService; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
fazantje

14-03-2014 23:17

Hoi Dennis,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Download Zoek.exe naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren.
Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
Windows Vista, 7 en 8: Klik met de rechtermuisknop en kies voor Als Administrator uitvoeren.
Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
resethosts;
Klik nu op de knop “Run script”.
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.
Succes,
Huib;)
Dennis

14-03-2014 23:50

Hallo Huib,
Bedankt voor de snelle reactie.
Hier het logje van zoek exe.
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by gebruiker on vr 14-03-2014 at 23:20:02,93.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\gebruiker\Desktop\zoek.exe
==== System Restore Info ======================
14-3-2014 23:21:54 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\poagrxjlbdsugmxaprh {118BEDCA-A901-4203-B4F2-ADCB957D188C} C:\ProgramData\4061\lmbd.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\rprhfysqkecvtnhfysq {118BEDCA-A901-4203-B4F2-ADCB957D1880} C:\ProgramData\4061\lmbd.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\WinSCPCopyHook {E15E1D68-0D1C-49F7-BEB8-812B1E00FA60} C:\Program Files (x86)\WinSCP\DragExt64.dll
2013-10-24 15:35:02 d—–w- C:\PROGRA~3\4061
2013-10-24 15:35:02 4 —-a-w- C3E9985569D5A7A64CF35D60D57E74A8 C:\PROGRA~3\4061\5427165.dat
2013-10-24 15:35:02 4 —-a-w- C3E9985569D5A7A64CF35D60D57E74A8 C:\PROGRA~3\4061\5427165.dll
2013-10-24 15:35:20 101888 —-a-w- A0CE38A328EA57657BDD6898E0E3492F C:\PROGRA~3\4061\colu.dat
2013-10-24 15:56:20 1331472 —-a-w- F1A713631B55CA0B145E9A8EA3E65FB1 C:\PROGRA~3\4061\hljhb.dat
2013-10-24 15:35:22 124928 —-a-w- C839D60827836FAA3EA2419DB6F52B0B C:\PROGRA~3\4061\lmbd.dll
2013-10-24 15:35:20 716800 —-a-w- 93435A0B02E1E6F34A421A7EB8E77872 C:\PROGRA~3\4061\vvve.dat
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully
C:\Users\gebruiker\AppData\Local\genienext deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully
HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{41E0CC49-534F-4C60-BB3E-BB0C898B4F7B} deleted successfully
HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{515E4339-E4D1-4FC4-A259-F6076FDC583F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{434D452D-5637-006A-76A7-7A786E7484D7} deleted successfully
==== Running Processes ======================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\gebruiker\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found
C:\Users\gebruiker\daemonprocess.txt deleted
C:\Users\gebruiker\.android deleted
C:\Users\gebruiker\AppData\Roaming\SecureSearch deleted
C:\Users\gebruiker\AppData\Local\Mobogenie deleted
C:\Users\gebruiker\AppData\Local\cache deleted
C:\user.js deleted
C:\Users\gebruiker\Documents\Mobogenie deleted
“C:\ProgramData\03f7115b-a2b3-4c6b-9812-2f35ab25f7fa” not deleted
“C:\PROGRA~3\4061\5427165.dat” deleted
“C:\PROGRA~3\4061\5427165.dll” deleted
“C:\PROGRA~3\4061\colu.dat” deleted
“C:\PROGRA~3\4061\hljhb.dat” deleted
“C:\PROGRA~3\4061\lmbd.dll” deleted
“C:\PROGRA~3\4061\vvve.dat” deleted
“C:\PROGRA~3\2e687b13-02f2-4869-853e-f359f18b5a39\2f7517f0-da52-4b79-9b53-f627379ae2f2” deleted
“C:\PROGRA~3\4061” deleted
“C:\PROGRA~3\2e687b13-02f2-4869-853e-f359f18b5a39” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2997 MB
CPU Info: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
CPU Speed: 2430.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: ATI Mobility Radeon HD 5470 | ATI Mobility Radeon HD 5470 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5B93 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet
CD / DVD Drives: 2x (D: | E: | ) D: Optiarc DVD RW AD-7585H | E:
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 285.3GB
Hard Disks - Free: C: 132.0GB
Manufacturer *: Phoenix Technologies LTD
BIOS Info: AT/AT COMPATIBLE | 06/21/10 | ACRSYS - 6040000
Time Zone: West-Europa (standaardtijd)
Motherboard *: Packard Bell EasyNote LM87
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.16521
Adobe Reader version: 10.1.9.22
Sun Java version: 1.6.0_35 (32-bit)
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
2014-03-12 15:25:43 C54B767CA838D6DD39CABC8DF017C34C 4048592 —-a-w- C:\Users\gebruiker\AppData\Local\Temp\e6b6caf5-6a61-4dbc-93bd-44dee20bd243.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-03-13 10:55:55 8B521873651E62EF5868DC7B339959DB 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-03-13 10:55:53 BD5E6C894130E7BB7ECE9A0925383068 2168320 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-03-13 10:55:52 A045DAE4D242A9A50FF6902774C55BE0 524288 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 10:55:52 7EDA015D4E74177A1B187326EDB14670 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 10:55:52 70462E0A4E293FC80620AB945D8A59BB 17074688 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-03-13 10:55:52 0FF358906F2333B26267BC0064DC02C4 1156096 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-03-13 10:55:50 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-03-13 10:55:49 E23497E11866154A97BA9877656113FE 1964032 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 10:55:49 2CF6CF90BF7FE0E616C363343FFA686B 553472 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 10:55:49 1CEE521E90703BB8A01211C77747E727 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 10:55:47 E84073A2F2D3A9448CA02F48B0360490 440832 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-03-13 10:55:46 5C207FABA707CE496E1E0A304925D1E5 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 10:55:46 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-03-13 10:55:43 FC46FE32B043CA7251B1D707B91BA6A7 4244480 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-03-13 10:55:43 C8DBE0B5297FD85D7311E4791103517B 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 10:55:42 4605E0295C8E742B28FD63D255322795 703488 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 10:55:41 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-03-13 10:55:40 B61F47EB8CACBE09C8117E4FF7D9656D 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-03-13 10:53:23 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 —-a-w- C:\Windows\SysWOW64\wer.dll
2014-03-13 10:49:02 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 —-a-w- C:\Windows\SysWOW64\qedit.dll
2014-03-13 10:48:59 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 —-a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-03-13 10:55:55 76862AAF77C049EC20217FDC209F7F13 2765824 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-03-13 10:55:54 10B2786774CC43D835FE8303D1970874 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-03-13 10:55:50 F6BA9A0266DA93AFB8EA9BA12BF81367 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-03-13 10:55:50 0A5996995F33967A46E3D5A3D9F1433D 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-03-13 10:55:49 BA0A21F761CE5001DF712C51BF11F953 1393664 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-03-13 10:55:48 8BA97E7747A53F80873431178889911A 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-03-13 10:55:47 E6ACA421DA3E50D7F0A31228F0C547B0 627200 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-03-13 10:55:45 D378AB3C9178424588B55AC7B652D7F9 218624 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-03-13 10:55:45 8EA01E83528503D312224FC63D40BC2B 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-03-13 10:55:44 B3DFA392735A5FBE2896BAB67950123A 2041856 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-03-13 10:55:40 4F131DB206096854505AFEDD2153FD83 53760 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-03-13 10:55:39 A0B690402E33DC9C78F22CB41F4FDC09 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-03-13 10:55:38 422106B7565350885D0930DFA5BA21A1 574976 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-03-13 10:55:37 D3CAA61DE060BC74B4EFC638679DFE7A 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-03-13 10:55:37 9C5ADB26632D46919ABB231CF7DE98B9 13051904 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-03-13 10:55:36 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-03-13 10:55:36 8D46ACDFA065C423BED405702F075B54 708608 —-a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-03-13 10:55:35 DF79CE9B950C62677D232154E93A81C7 2334208 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-03-13 10:55:35 48ED94DA88F65684B28FCD87C01288A7 817664 —-a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-03-13 10:55:34 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 —-a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-03-13 10:55:34 262B8883ECFD0C7CB303B56F9D9F210E 195584 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-03-13 10:55:33 4E0709D9BB951AD1C22E4FF519B90839 23133696 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-03-13 10:53:26 04F82965C09CBDF646B487E145060301 228864 —-a-w- C:\Windows\Sysnative\wwansvc.dll
2014-03-13 10:53:23 1075AB2C077B415760C0E948856B5126 484864 —-a-w- C:\Windows\Sysnative\wer.dll
2014-03-13 10:53:22 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 —-a-w- C:\Windows\Sysnative\win32k.sys
2014-03-13 10:49:02 2C619F6023E3F7A3ABF3475ED2223359 624128 —-a-w- C:\Windows\Sysnative\qedit.dll
2014-03-13 10:48:59 AFCA5C1ECEAF948FC815178BC077680E 1424384 —-a-w- C:\Windows\Sysnative\WindowsCodecs.dll
====== C:\Windows\Sysnative\drivers =====
2014-03-14 21:38:16 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-02-19 19:02:26 FD3EA14ADF6216BDF4030DB2EFD43D96 80184 —-a-w- C:\Windows\Sysnative\drivers\aswStm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-27 19:11:05 ——– d—–w- C:\Program Files\iPod
2014-02-27 19:11:00 ——– d—–w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-03-14 21:56:48 ——– d—–w- C:\PROGRA~2\trend micro
2014-02-27 19:11:00 ——– d—–w- C:\PROGRA~2\iTunes
2014-02-27 18:58:17 ——– d—–w- C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\gebruiker\AppData\Roaming ======
2014-03-12 15:31:51 ——– d—–w- C:\Users\gebruiker\AppData\Roaming\LavasoftStatistics
====== C:\Users\gebruiker ======
2014-03-14 21:56:02 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\gebruiker\Desktop\RSIT.exe
2014-03-14 21:32:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\gebruiker\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-12 15:21:05 ——– d—–w- C:\ProgramData\Lavasoft
2014-02-27 19:12:27 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-02-27 19:11:00 ——– d—–w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-27 18:58:49 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-02-19 19:03:02 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
====== C: exe-files ==
2014-03-14 21:56:48 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files (x86)\trend micro\gebruiker.exe
2014-03-14 21:56:02 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\gebruiker\Desktop\RSIT.exe
2014-03-14 21:34:50 668B86A7B903461AC839C11123EBEC71 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2604653329-129161953-3400573590-1000\$ID3IZ1W.exe
2014-03-14 21:32:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\gebruiker\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-13 10:55:52 84BCBFB752B96543307E6602E669A95A 806104 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-13 10:55:51 3A3BEA53F039CE2E997A918E26E30B1D 808152 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-03-13 10:55:49 2A0FAE869BC99A460FEFD832F261DCC9 469504 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-03-13 10:55:45 D378AB3C9178424588B55AC7B652D7F9 218624 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-03-13 10:55:44 6254A3E46A65395BFFEB393938661738 482816 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-03-13 10:55:43 C8DBE0B5297FD85D7311E4791103517B 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 10:55:39 A0B690402E33DC9C78F22CB41F4FDC09 111616 —-a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-13 10:55:37 D3CAA61DE060BC74B4EFC638679DFE7A 139264 —-a-w- C:\Windows\System32\ieUnatt.exe
2014-03-13 10:55:34 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 15:25:43 C54B767CA838D6DD39CABC8DF017C34C 4048592 —-a-w- C:\Users\gebruiker\AppData\Local\Temp\e6b6caf5-6a61-4dbc-93bd-44dee20bd243.exe
=== C: other files ==
2014-03-14 21:38:16 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-13 10:53:22 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 —-a-w- C:\Windows\System32\win32k.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“iLivid”=“C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe -autorun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“BackupManagerTray”=“C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe -h -k”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”
“LManager”=“C:\Program Files (x86)\Launch Manager\LManager.exe”
“VideoWebCamera”=“C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe -a”
“PWRISOVM.EXE”=“C:\Program Files (x86)\PowerISO\PWRISOVM.EXE”
“GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“mobilegeni daemon”=“C:\Program Files (x86)\Mobogenie\DaemonProcess.exe”
“AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“iLivid”=“C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe -autorun”
==== Startup Registry Enabled x64 ======================
“RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“AmIcoSinglun64”=“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”
“PLFSetI”=“C:\Windows\PLFSetI.exe”
“Acer ePower Management”=“C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe”
“SynTPEnh”=“%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ”
==== Startup Registry Disabled ======================
“Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”
“QuickTime Task”=“\”C:\\Program Files (x86)\\QuickTime\\QTTask.exe\“ -atboottime”
“iTunesHelper”=“\”C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma”
“C:\Windows\SysNative\tasks\Java Update Scheduler”
“C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2013-11-13 13:54:41 ——– d—–w- C:\PROGRA~3\Licenses
2013-12-08 14:08:41 ——– d–h–w- C:\PROGRA~3\Common Files
2013-12-08 14:09:01 ——– d—–w- C:\PROGRA~3\AVG
2014-02-06 19:05:32 ——– d—–w- C:\PROGRA~3\Malwarebytes
2014-02-07 14:25:14 ——– d—–w- C:\PROGRA~3\HitmanPro
2014-02-27 19:11:00 ——– d—–w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-12 15:21:05 ——– d—–w- C:\PROGRA~3\Lavasoft
==== Firefox Extensions ======================
ExtDir: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- FreeHDSport TV 3 - %ExtDir%\fhdp3@freehdsp.tv.xpi
==== Firefox Plugins ======================
==== Deleted Firefox Extensions ======================
C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\fhdp3@freehdsp.tv.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx
Google Docs - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Default Plug-in - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjomioibmjcjfgpdcjcpgokjdganpjfm
Google Wallet - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Ask Toolbar - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne
DropToS - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo
Torch Games - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp
Torch Music - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad
FaceLift - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk
Torch Helper - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg
Torch Torrent - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc
Google Wallet - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Torch Music - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed
Hola - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjomioibmjcjfgpdcjcpgokjdganpjfm deleted successfully
C:\Users\gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-12&ent=hp&u=E8BE784BFA4767A6D855F053207CC09C”
“Default_Page_URL”=“http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_lm87&r=27360611m8b6l0420z1m5f47m1a243”
“DefaultScope”=“{515E4339-E4D1-4FC4-A259-F6076FDC583F}”
not found
New Values:
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://www.google.com”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe” -h -k
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe” -a
O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: “C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe” -autorun
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\gebruiker\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gebruiker\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\gebruiker\AppData\Local\Torch\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1556 folders=205 70180252 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\gebruiker\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\ProgramData\03f7115b-a2b3-4c6b-9812-2f35ab25f7fa” not found
==== EOF on vr 14-03-2014 at 23:40:19,23 ======================
Ben

15-03-2014 09:54

Hallo,
Je heb een torpig infectie;
Voer zoek.exe nogmaals uit met de volgende code;
;r
{118BEDCA-A901-4203-B4F2-ADCB957D188C};c
;r
{118BEDCA-A901-4203-B4F2-ADCB957D1880};c
;r
“iLivid”=-;r
C:\Users\gebruiker\AppData\Local\iLivid;fs
;r
“mobilegeni daemon”=-;r
C:\Program Files (x86)\Mobogenie;fs
;r
“iLivid”=-;r
Plaat het verkregen logje.
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scan.
* Klik vervolgens op Clean als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Dennis

15-03-2014 10:07

hallo Ben,
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by gebruiker on za 15-03-2014 at 10:01:09,92.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\gebruiker\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-03-14-224019.log 38951 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1880} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“iLivid”=-
“mobilegeni daemon”=-
“iLivid”=-
==== Deleting Files \ Folders ======================
C:\Users\gebruiker\AppData\Local\iLivid not found
C:\Program Files (x86)\Mobogenie not found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1556 folders=205 70180252 bytes)
==== EOF on za 15-03-2014 at 10:03:11,63 ======================
ADW cleaner is nu bezig.
Alvast bedankt.
Dennis

15-03-2014 10:16

hier het adw logje.
# AdwCleaner v3.022 - Report created 15/03/2014 at 10:10:57
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : gebruiker - GEBRUIKERMM
# Running from : C:\Users\gebruiker\Desktop\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\Users\gebruiker\AppData\Local\torch
File Deleted : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
***** *****
***** *****
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
***** *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v
-\\ Google Chrome v
Deleted : search_url
Deleted : keyword
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Ben

15-03-2014 10:39

Hallo,
Ondervind je nog problemen?
Dennis

15-03-2014 15:47

Hallo Ben,
Ik had geen problemen, maar mijn provider gaf dit aan.
Zie jij nog dingen die weg kunnen?
Heb ik verder geen besmettingen meer?
Wel zie ik nog iets waarvan ik niet weet wat het is, winSCP.
Ook heb ik nog een icoontje van Norton op mijn bureaublad.
En heb ik alle programma's uptodate?
Groet Dennis.
Ben

15-03-2014 17:31

>>> Wel zie ik nog iets waarvan ik niet weet wat het is, winSCP. <<<
https://www.google.nl/search?hl=nl&q=winSCP.
>>> Ook heb ik nog een icoontje van Norton op mijn bureaublad.<<<
Wat gebruik je van Norton ik zie niks?
Download: http://www.bleepingcomputer.com/download/securitycheck/ en sla het op je Bureaublad op.
Start Security Check.
Volg de Instructies in het scherm.
Aan het eind verschijnt een log (checkup.txt) plaats de inhoud ervan in je volgende antwoord
Dennis

15-03-2014 19:49

Gedaan.
Zie onderstaand.
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Java(TM) 6 Update 35
Java 7 Update 51
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

besmettingen volgens provider

Dennis

fazantje

Dennis

Ben

Dennis

Dennis

Ben

Dennis

Ben

Dennis