besmettingen volgens provider

  • Dennis

    Hallo,

    Ik heb van mijn provider bericht gehad dat er besmettingen op mijn laptop zitten, met als gevolg dat mijn internet verbinding word afgesloten.

    Zouden jullie mij kunnen helpen om deze besmettingen te verwijderen, zodat ik kan aangeven dat mijn laptop schoon is.

    Ik heb het stappenplan uitgevoerd, zie onderstaande logjes.

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2014.03.14.07

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 11.0.9600.16521

    gebruiker :: GEBRUIKERMM

    14-3-2014 22:38:49

    mbam-log-2014-03-14 (22-38-49).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 229693

    Verstreken tijd: 8 minuut/minuten, 3 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\ProgramData\Search Protection\SearchProtection.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by gebruiker at 2014-03-14 23:00:18

    Microsoft Windows 7 Home Premium Service Pack 1

    System drive C: has 135 GB (46%) free of 292 GB

    Total RAM: 2996 MB (57% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 23:00:21, on 14-3-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16521)

    Boot mode: Normal

    Running processes:

    C:\Windows\PLFSetI.exe

    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

    C:\Program Files (x86)\Launch Manager\LManager.exe

    C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Launch Manager\LMworker.exe

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    C:\Users\gebruiker\Desktop\RSIT.exe

    C:\Program Files (x86)\trend micro\gebruiker.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_lm87&r=27360611m8b6l0420z1m5f47m1a243

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-12&ent=hp&u=E8BE784BFA4767A6D855F053207CC09C

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe” -h -k

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: C:\Program Files (x86)\Launch Manager\LManager.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe” -a

    O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

    O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    O4 - HKCU\..\Run: “C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe” -autorun

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 11671 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    ======Registry dump======

    Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    “IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    “BackupManagerTray”=C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

    “StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    “LManager”=C:\Program Files (x86)\Launch Manager\LManager.exe

    “VideoWebCamera”=C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

    “PWRISOVM.EXE”=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

    “GrooveMonitor”=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe

    “APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    “Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    “mobilegeni daemon”=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    “AvastUI.exe”=C:\Program Files\AVAST Software\Avast\AvastUI.exe

    “QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe

    “iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe

    “iLivid”=C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe -autorun

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=0

    “ConsentPromptBehaviorUser”=3

    “EnableLUA”=0

    “EnableUIADesktopToggle”=0

    “PromptOnSecureDesktop”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “NoActiveDesktop”=1

    “NoActiveDesktopChanges”=1

    “ForceActiveDesktopOn”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\SysWOW64\l3codeca.acm

    “vidc.cvid”=iccvid.dll

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “aux1”=wdmaud.drv

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “msacm.siren”=sirenacm.dll

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    “aux2”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2014-03-14 22:56:48 —-D—- C:\rsit

    2014-03-14 22:56:48 —-D—- C:\Program Files (x86)\trend micro

    2014-03-14 22:38:16 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2014-03-13 11:55:55 —-A—- C:\Windows\SysWOW64\iernonce.dll

    2014-03-13 11:55:53 —-A—- C:\Windows\SysWOW64\iertutil.dll

    2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\urlmon.dll

    2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\mshtml.dll

    2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\msfeeds.dll

    2014-03-13 11:55:52 —-A—- C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-03-13 11:55:50 —-A—- C:\Windows\SysWOW64\iesetup.dll

    2014-03-13 11:55:49 —-A—- C:\Windows\SysWOW64\jsproxy.dll

    2014-03-13 11:55:49 —-A—- C:\Windows\SysWOW64\jscript9diag.dll

    2014-03-13 11:55:47 —-A—- C:\Windows\SysWOW64\ieui.dll

    2014-03-13 11:55:46 —-A—- C:\Windows\SysWOW64\ieframe.dll

    2014-03-13 11:55:43 —-A—- C:\Windows\SysWOW64\jscript9.dll

    2014-03-13 11:55:43 —-A—- C:\Windows\SysWOW64\ieUnatt.exe

    2014-03-13 11:55:42 —-A—- C:\Windows\SysWOW64\ieapfltr.dll

    2014-03-13 11:55:41 —-A—- C:\Windows\SysWOW64\wininet.dll

    2014-03-13 11:55:40 —-A—- C:\Windows\SysWOW64\msrating.dll

    2014-03-13 11:53:23 —-A—- C:\Windows\SysWOW64\wer.dll

    2014-03-13 11:49:02 —-A—- C:\Windows\SysWOW64\qedit.dll

    2014-03-13 11:48:59 —-A—- C:\Windows\SysWOW64\WindowsCodecs.dll

    2014-03-12 16:31:51 —-D—- C:\Users\gebruiker\AppData\Roaming\LavasoftStatistics

    2014-03-12 16:27:03 —-D—- C:\Users\gebruiker\AppData\Roaming\SecureSearch

    2014-03-12 16:21:05 —-D—- C:\ProgramData\Lavasoft

    2014-02-27 21:53:59 —-D—- C:\Windows\Migration

    2014-02-27 20:11:00 —-D—- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    2014-02-27 20:11:00 —-D—- C:\Program Files (x86)\iTunes

    2014-02-27 19:58:17 —-D—- C:\Program Files (x86)\QuickTime

    2014-02-20 05:32:28 —-D—- C:\Users\gebruiker\AppData\Roaming\AVAST Software

    ======List of files/folders modified in the last 1 month======

    2014-03-14 23:00:20 —-D—- C:\Windows\Temp

    2014-03-14 22:56:48 —-RD—- C:\Program Files (x86)

    2014-03-14 22:49:01 —-A—- C:\Windows\SysWOW64\log.txt

    2014-03-14 22:35:26 —-D—- C:\Users\gebruiker\AppData\Roaming\Seas0nPass

    2014-03-14 22:26:23 —-RD—- C:\Program Files

    2014-03-14 19:42:37 —-SHD—- C:\Windows\Installer

    2014-03-14 19:42:37 —-HD—- C:\ProgramData

    2014-03-14 19:42:26 —-SHD—- C:\System Volume Information

    2014-03-14 19:41:04 —-RSD—- C:\Windows\assembly

    2014-03-14 10:13:59 —-D—- C:\Windows\System32

    2014-03-14 10:13:59 —-D—- C:\Windows\inf

    2014-03-14 10:08:36 —-D—- C:\Windows\winsxs

    2014-03-14 10:06:25 —-D—- C:\Windows\SysWOW64

    2014-03-14 10:06:24 —-D—- C:\Program Files (x86)\Internet Explorer

    2014-03-14 10:06:12 —-D—- C:\Program Files (x86)\Microsoft Silverlight

    2014-03-13 12:39:50 —-D—- C:\ProgramData\Microsoft Help

    2014-03-12 17:33:54 —-D—- C:\Windows\Prefetch

    2014-03-12 16:25:37 —-A—- C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-02-28 10:46:06 —-D—- C:\Windows\Microsoft.NET

    2014-02-28 09:19:12 —-A—- C:\Windows\SysWOW64\PerfStringBackup.INI

    2014-02-27 21:54:30 —-D—- C:\Windows\SysWOW64\en-US

    2014-02-27 21:53:59 —-SD—- C:\ProgramData\Microsoft

    2014-02-27 21:53:59 —-D—- C:\Windows

    2014-02-27 20:11:04 —-D—- C:\Program Files (x86)\Common Files\Apple

    2014-02-19 19:55:48 —-D—- C:\ProgramData\AVAST Software

    2014-02-19 09:20:10 —-D—- C:\Users\gebruiker\AppData\Roaming\BitTorrent

    2014-02-15 11:37:48 —-D—- C:\Windows\rescache

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 aswRvrt;avast! Revert; C:\Windows\SysWOW64\drivers\aswRvrt.sys

    R0 aswVmm;avast! VM Monitor; C:\Windows\SysWOW64\drivers\aswVmm.sys

    R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys

    R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys

    R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys

    R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys

    R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys

    R1 SCDEmu;SCDEmu; C:\Windows\SysWOW64\drivers\SCDEmu.sys

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys

    R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys

    R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys

    R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys

    R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys

    R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys

    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys

    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys

    R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys

    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys

    R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys

    S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS

    S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys

    S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys

    S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys

    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys

    S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

    R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe

    R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

    R2 Greg_Service;GRegService; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

    R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

    R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V

    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    —————–EOF—————–

  • fazantje

    Hoi Dennis,

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Download Zoek.exe naar het bureaublad.

    Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren.

    Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    Windows Vista, 7 en 8: Klik met de rechtermuisknop en kies voor Als Administrator uitvoeren.

    Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    firefoxlook;

    emptyclsid;

    torpigcheck;

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    resethosts;

    Klik nu op de knop “Run script”.

    Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    Post het geopende logje in het volgende bericht.

    Succes,

    Huib;)

  • Dennis

    Hallo Huib,

    Bedankt voor de snelle reactie.

    Hier het logje van zoek exe.

    Zoek.exe v5.0.0.0 Updated 07-March-2014

    Tool run by gebruiker on vr 14-03-2014 at 23:20:02,93.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\gebruiker\Desktop\zoek.exe

    ==== System Restore Info ======================

    14-3-2014 23:21:54 Zoek.exe System Restore Point Created Succesfully.

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\poagrxjlbdsugmxaprh {118BEDCA-A901-4203-B4F2-ADCB957D188C} C:\ProgramData\4061\lmbd.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\rprhfysqkecvtnhfysq {118BEDCA-A901-4203-B4F2-ADCB957D1880} C:\ProgramData\4061\lmbd.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\WinSCPCopyHook {E15E1D68-0D1C-49F7-BEB8-812B1E00FA60} C:\Program Files (x86)\WinSCP\DragExt64.dll

    2013-10-24 15:35:02 d—–w- C:\PROGRA~3\4061

    2013-10-24 15:35:02 4 —-a-w- C3E9985569D5A7A64CF35D60D57E74A8 C:\PROGRA~3\4061\5427165.dat

    2013-10-24 15:35:02 4 —-a-w- C3E9985569D5A7A64CF35D60D57E74A8 C:\PROGRA~3\4061\5427165.dll

    2013-10-24 15:35:20 101888 —-a-w- A0CE38A328EA57657BDD6898E0E3492F C:\PROGRA~3\4061\colu.dat

    2013-10-24 15:56:20 1331472 —-a-w- F1A713631B55CA0B145E9A8EA3E65FB1 C:\PROGRA~3\4061\hljhb.dat

    2013-10-24 15:35:22 124928 —-a-w- C839D60827836FAA3EA2419DB6F52B0B C:\PROGRA~3\4061\lmbd.dll

    2013-10-24 15:35:20 716800 —-a-w- 93435A0B02E1E6F34A421A7EB8E77872 C:\PROGRA~3\4061\vvve.dat

    ==== Reset Hosts File ======================

    # Copyright © 1993-2006 Microsoft Corp.

    #

    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

    #

    # This file contains the mappings of IP addresses to host names. Each

    # entry should be kept on an individual line. The IP address should

    # be placed in the first column followed by the corresponding host name.

    # The IP address and the host name should be separated by at least one

    # space.

    #

    # Additionally, comments (such as these) may be inserted on individual

    # lines or following the machine name denoted by a ‘#’ symbol.

    #

    # For example:

    #

    # 102.54.94.97 rhino.acme.com # source server

    # 38.25.63.10 x.acme.com # x client host

    # localhost name resolution is handle within DNS itself.

    127.0.0.1 localhost

    ::1 localhost

    ==== Empty Folders Check ======================

    C:\PROGRA~2\MSXML 4.0 deleted successfully

    C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

    C:\Program Files\Google deleted successfully

    C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully

    C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully

    C:\Users\gebruiker\AppData\Local\genienext deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully

    HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{41E0CC49-534F-4C60-BB3E-BB0C898B4F7B} deleted successfully

    HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\SearchScopes\{515E4339-E4D1-4FC4-A259-F6076FDC583F} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully

    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully

    HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

    HKEY_USERS\S-1-5-21-2604653329-129161953-3400573590-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{434D452D-5637-006A-76A7-7A786E7484D7} deleted successfully

    ==== Running Processes ======================

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Launch Manager\dsiwmis.exe

    C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

    c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

    C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

    C:\Windows\PLFSetI.exe

    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

    C:\Program Files (x86)\Launch Manager\LManager.exe

    C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Launch Manager\LMworker.exe

    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    C:\Users\gebruiker\Desktop\zoek.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    ==== Deleting Services ======================

    ==== Deleting Files \ Folders ======================

    C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found

    C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found

    C:\Users\gebruiker\daemonprocess.txt deleted

    C:\Users\gebruiker\.android deleted

    C:\Users\gebruiker\AppData\Roaming\SecureSearch deleted

    C:\Users\gebruiker\AppData\Local\Mobogenie deleted

    C:\Users\gebruiker\AppData\Local\cache deleted

    C:\user.js deleted

    C:\Users\gebruiker\Documents\Mobogenie deleted

    “C:\ProgramData\03f7115b-a2b3-4c6b-9812-2f35ab25f7fa” not deleted

    “C:\PROGRA~3\4061\5427165.dat” deleted

    “C:\PROGRA~3\4061\5427165.dll” deleted

    “C:\PROGRA~3\4061\colu.dat” deleted

    “C:\PROGRA~3\4061\hljhb.dat” deleted

    “C:\PROGRA~3\4061\lmbd.dll” deleted

    “C:\PROGRA~3\4061\vvve.dat” deleted

    “C:\PROGRA~3\2e687b13-02f2-4869-853e-f359f18b5a39\2f7517f0-da52-4b79-9b53-f627379ae2f2” deleted

    “C:\PROGRA~3\4061” deleted

    “C:\PROGRA~3\2e687b13-02f2-4869-853e-f359f18b5a39” deleted

    ==== System Specs ======================

    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

    Memory (RAM): 2997 MB

    CPU Info: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz

    CPU Speed: 2430.9 MHz

    Sound Card: Speakers (Realtek High Definiti |

    Display Adapters: ATI Mobility Radeon HD 5470 | ATI Mobility Radeon HD 5470 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 1x; Generic PnP Monitor |

    Screen Resolution: 1600 X 900 - 32 bit

    Network: Network Present

    Network Adapters: Atheros AR5B93 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet

    CD / DVD Drives: 2x (D: | E: | ) D: Optiarc DVD RW AD-7585H | E:

    Ports: COM Ports NOT Present. LPT Port NOT Present.

    Mouse: 5 Button Wheel Mouse Present

    Hard Disks: C: 285.3GB

    Hard Disks - Free: C: 132.0GB

    Manufacturer *: Phoenix Technologies LTD

    BIOS Info: AT/AT COMPATIBLE | 06/21/10 | ACRSYS - 6040000

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: Packard Bell EasyNote LM87

    Country: Nederland

    Language: NLD

    ==== System Specs (Software) ======================

    Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Anti-Spyware: avast! Antivirus disabled (Outdated)

    Internet Explorer Version: 11.0.9600.16521

    Adobe Reader version: 10.1.9.22

    Sun Java version: 1.6.0_35 (32-bit)

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    ====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

    2014-03-12 15:25:43 C54B767CA838D6DD39CABC8DF017C34C 4048592 —-a-w- C:\Users\gebruiker\AppData\Local\Temp\e6b6caf5-6a61-4dbc-93bd-44dee20bd243.exe

    ====== Java Cache =====

    ====== C:\Windows\SysWOW64 =====

    2014-03-13 10:55:55 8B521873651E62EF5868DC7B339959DB 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll

    2014-03-13 10:55:53 BD5E6C894130E7BB7ECE9A0925383068 2168320 —-a-w- C:\Windows\SysWOW64\iertutil.dll

    2014-03-13 10:55:52 A045DAE4D242A9A50FF6902774C55BE0 524288 —-a-w- C:\Windows\SysWOW64\msfeeds.dll

    2014-03-13 10:55:52 7EDA015D4E74177A1B187326EDB14670 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-03-13 10:55:52 70462E0A4E293FC80620AB945D8A59BB 17074688 —-a-w- C:\Windows\SysWOW64\mshtml.dll

    2014-03-13 10:55:52 0FF358906F2333B26267BC0064DC02C4 1156096 —-a-w- C:\Windows\SysWOW64\urlmon.dll

    2014-03-13 10:55:50 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll

    2014-03-13 10:55:49 E23497E11866154A97BA9877656113FE 1964032 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl

    2014-03-13 10:55:49 2CF6CF90BF7FE0E616C363343FFA686B 553472 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll

    2014-03-13 10:55:49 1CEE521E90703BB8A01211C77747E727 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll

    2014-03-13 10:55:47 E84073A2F2D3A9448CA02F48B0360490 440832 —-a-w- C:\Windows\SysWOW64\ieui.dll

    2014-03-13 10:55:46 5C207FABA707CE496E1E0A304925D1E5 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb

    2014-03-13 10:55:46 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 —-a-w- C:\Windows\SysWOW64\ieframe.dll

    2014-03-13 10:55:43 FC46FE32B043CA7251B1D707B91BA6A7 4244480 —-a-w- C:\Windows\SysWOW64\jscript9.dll

    2014-03-13 10:55:43 C8DBE0B5297FD85D7311E4791103517B 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe

    2014-03-13 10:55:42 4605E0295C8E742B28FD63D255322795 703488 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll

    2014-03-13 10:55:41 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 —-a-w- C:\Windows\SysWOW64\wininet.dll

    2014-03-13 10:55:40 B61F47EB8CACBE09C8117E4FF7D9656D 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll

    2014-03-13 10:53:23 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 —-a-w- C:\Windows\SysWOW64\wer.dll

    2014-03-13 10:49:02 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 —-a-w- C:\Windows\SysWOW64\qedit.dll

    2014-03-13 10:48:59 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 —-a-w- C:\Windows\SysWOW64\WindowsCodecs.dll

    ====== C:\Windows\SysWOW64\drivers =====

    ====== C:\Windows\Sysnative =====

    2014-03-13 10:55:55 76862AAF77C049EC20217FDC209F7F13 2765824 —-a-w- C:\Windows\Sysnative\iertutil.dll

    2014-03-13 10:55:54 10B2786774CC43D835FE8303D1970874 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

    2014-03-13 10:55:50 F6BA9A0266DA93AFB8EA9BA12BF81367 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll

    2014-03-13 10:55:50 0A5996995F33967A46E3D5A3D9F1433D 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb

    2014-03-13 10:55:49 BA0A21F761CE5001DF712C51BF11F953 1393664 —-a-w- C:\Windows\Sysnative\urlmon.dll

    2014-03-13 10:55:48 8BA97E7747A53F80873431178889911A 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll

    2014-03-13 10:55:47 E6ACA421DA3E50D7F0A31228F0C547B0 627200 —-a-w- C:\Windows\Sysnative\msfeeds.dll

    2014-03-13 10:55:45 D378AB3C9178424588B55AC7B652D7F9 218624 —-a-w- C:\Windows\Sysnative\ie4uinit.exe

    2014-03-13 10:55:45 8EA01E83528503D312224FC63D40BC2B 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll

    2014-03-13 10:55:44 B3DFA392735A5FBE2896BAB67950123A 2041856 —-a-w- C:\Windows\Sysnative\inetcpl.cpl

    2014-03-13 10:55:40 4F131DB206096854505AFEDD2153FD83 53760 —-a-w- C:\Windows\Sysnative\jsproxy.dll

    2014-03-13 10:55:39 A0B690402E33DC9C78F22CB41F4FDC09 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe

    2014-03-13 10:55:38 422106B7565350885D0930DFA5BA21A1 574976 —-a-w- C:\Windows\Sysnative\ieui.dll

    2014-03-13 10:55:37 D3CAA61DE060BC74B4EFC638679DFE7A 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe

    2014-03-13 10:55:37 9C5ADB26632D46919ABB231CF7DE98B9 13051904 —-a-w- C:\Windows\Sysnative\ieframe.dll

    2014-03-13 10:55:36 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 —-a-w- C:\Windows\Sysnative\jscript9.dll

    2014-03-13 10:55:36 8D46ACDFA065C423BED405702F075B54 708608 —-a-w- C:\Windows\Sysnative\jscript9diag.dll

    2014-03-13 10:55:35 DF79CE9B950C62677D232154E93A81C7 2334208 —-a-w- C:\Windows\Sysnative\wininet.dll

    2014-03-13 10:55:35 48ED94DA88F65684B28FCD87C01288A7 817664 —-a-w- C:\Windows\Sysnative\ieapfltr.dll

    2014-03-13 10:55:34 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 —-a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

    2014-03-13 10:55:34 262B8883ECFD0C7CB303B56F9D9F210E 195584 —-a-w- C:\Windows\Sysnative\msrating.dll

    2014-03-13 10:55:33 4E0709D9BB951AD1C22E4FF519B90839 23133696 —-a-w- C:\Windows\Sysnative\mshtml.dll

    2014-03-13 10:53:26 04F82965C09CBDF646B487E145060301 228864 —-a-w- C:\Windows\Sysnative\wwansvc.dll

    2014-03-13 10:53:23 1075AB2C077B415760C0E948856B5126 484864 —-a-w- C:\Windows\Sysnative\wer.dll

    2014-03-13 10:53:22 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 —-a-w- C:\Windows\Sysnative\win32k.sys

    2014-03-13 10:49:02 2C619F6023E3F7A3ABF3475ED2223359 624128 —-a-w- C:\Windows\Sysnative\qedit.dll

    2014-03-13 10:48:59 AFCA5C1ECEAF948FC815178BC077680E 1424384 —-a-w- C:\Windows\Sysnative\WindowsCodecs.dll

    ====== C:\Windows\Sysnative\drivers =====

    2014-03-14 21:38:16 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys

    2014-02-19 19:02:26 FD3EA14ADF6216BDF4030DB2EFD43D96 80184 —-a-w- C:\Windows\Sysnative\drivers\aswStm.sys

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    2014-02-27 19:11:05 ——– d—–w- C:\Program Files\iPod

    2014-02-27 19:11:00 ——– d—–w- C:\Program Files\iTunes

    ======= C:\PROGRA~2 =====

    2014-03-14 21:56:48 ——– d—–w- C:\PROGRA~2\trend micro

    2014-02-27 19:11:00 ——– d—–w- C:\PROGRA~2\iTunes

    2014-02-27 18:58:17 ——– d—–w- C:\PROGRA~2\QuickTime

    ======= C: =====

    ====== C:\Users\gebruiker\AppData\Roaming ======

    2014-03-12 15:31:51 ——– d—–w- C:\Users\gebruiker\AppData\Roaming\LavasoftStatistics

    ====== C:\Users\gebruiker ======

    2014-03-14 21:56:02 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\gebruiker\Desktop\RSIT.exe

    2014-03-14 21:32:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\gebruiker\Desktop\mbam-setup-1.75.0.1300.exe

    2014-03-12 15:21:05 ——– d—–w- C:\ProgramData\Lavasoft

    2014-02-27 19:12:27 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

    2014-02-27 19:11:00 ——– d—–w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    2014-02-27 18:58:49 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    2014-02-19 19:03:02 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast

    ====== C: exe-files ==

    2014-03-14 21:56:48 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files (x86)\trend micro\gebruiker.exe

    2014-03-14 21:56:02 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\gebruiker\Desktop\RSIT.exe

    2014-03-14 21:34:50 668B86A7B903461AC839C11123EBEC71 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2604653329-129161953-3400573590-1000\$ID3IZ1W.exe

    2014-03-14 21:32:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\gebruiker\Desktop\mbam-setup-1.75.0.1300.exe

    2014-03-13 10:55:52 84BCBFB752B96543307E6602E669A95A 806104 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe

    2014-03-13 10:55:51 3A3BEA53F039CE2E997A918E26E30B1D 808152 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

    2014-03-13 10:55:49 2A0FAE869BC99A460FEFD832F261DCC9 469504 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

    2014-03-13 10:55:45 D378AB3C9178424588B55AC7B652D7F9 218624 —-a-w- C:\Windows\System32\ie4uinit.exe

    2014-03-13 10:55:44 6254A3E46A65395BFFEB393938661738 482816 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe

    2014-03-13 10:55:43 C8DBE0B5297FD85D7311E4791103517B 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe

    2014-03-13 10:55:39 A0B690402E33DC9C78F22CB41F4FDC09 111616 —-a-w- C:\Windows\System32\ieetwcollector.exe

    2014-03-13 10:55:37 D3CAA61DE060BC74B4EFC638679DFE7A 139264 —-a-w- C:\Windows\System32\ieUnatt.exe

    2014-03-13 10:55:34 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

    2014-03-12 15:25:43 C54B767CA838D6DD39CABC8DF017C34C 4048592 —-a-w- C:\Users\gebruiker\AppData\Local\Temp\e6b6caf5-6a61-4dbc-93bd-44dee20bd243.exe

    === C: other files ==

    2014-03-14 21:38:16 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys

    2014-03-13 10:53:22 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 —-a-w- C:\Windows\System32\win32k.sys

    ==== Startup Registry Enabled ======================

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “iLivid”=“C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe -autorun”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”

    “BackupManagerTray”=“C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe -h -k”

    “StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”

    “LManager”=“C:\Program Files (x86)\Launch Manager\LManager.exe”

    “VideoWebCamera”=“C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe -a”

    “PWRISOVM.EXE”=“C:\Program Files (x86)\PowerISO\PWRISOVM.EXE”

    “GrooveMonitor”=“C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”

    “APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “mobilegeni daemon”=“C:\Program Files (x86)\Mobogenie\DaemonProcess.exe”

    “AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui”

    “QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”

    “iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    “iLivid”=“C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe -autorun”

    ==== Startup Registry Enabled x64 ======================

    “RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”

    “AmIcoSinglun64”=“C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”

    “PLFSetI”=“C:\Windows\PLFSetI.exe”

    “Acer ePower Management”=“C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe”

    “SynTPEnh”=“%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ”

    ==== Startup Registry Disabled ======================

    “Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

    “SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”

    “QuickTime Task”=“\”C:\\Program Files (x86)\\QuickTime\\QTTask.exe\“ -atboottime”

    “iTunesHelper”=“\”C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\“”

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\SysNative\tasks\Adobe Flash Player Updater”

    “C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma”

    “C:\Windows\SysNative\tasks\Java Update Scheduler”

    “C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate”

    ==== Folders in C:\PROGRA~3 0-6 Months Old ======================

    2013-11-13 13:54:41 ——– d—–w- C:\PROGRA~3\Licenses

    2013-12-08 14:08:41 ——– d–h–w- C:\PROGRA~3\Common Files

    2013-12-08 14:09:01 ——– d—–w- C:\PROGRA~3\AVG

    2014-02-06 19:05:32 ——– d—–w- C:\PROGRA~3\Malwarebytes

    2014-02-07 14:25:14 ——– d—–w- C:\PROGRA~3\HitmanPro

    2014-02-27 19:11:00 ——– d—–w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69

    2014-03-12 15:21:05 ——– d—–w- C:\PROGRA~3\Lavasoft

    ==== Firefox Extensions ======================

    ExtDir: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

    - FreeHDSport TV 3 - %ExtDir%\fhdp3@freehdsp.tv.xpi

    ==== Firefox Plugins ======================

    ==== Deleted Firefox Extensions ======================

    C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\fhdp3@freehdsp.tv.xpi deleted

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx

    Google Docs - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

    Google Drive - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

    YouTube - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    Google Search - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    Default Plug-in - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjomioibmjcjfgpdcjcpgokjdganpjfm

    Google Wallet - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    Gmail - gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    Ask Toolbar - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne

    DropToS - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo

    Torch Games - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp

    Torch Music - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad

    FaceLift - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk

    Torch Helper - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg

    Torch Torrent - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc

    Google Wallet - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    Torch Music - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed

    Hola - gebruiker\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh

    YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ==== Chrome Fix ======================

    C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjomioibmjcjfgpdcjcpgokjdganpjfm deleted successfully

    C:\Users\gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-12&ent=hp&u=E8BE784BFA4767A6D855F053207CC09C”

    “Default_Page_URL”=“http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_lm87&r=27360611m8b6l0420z1m5f47m1a243”

    “DefaultScope”=“{515E4339-E4D1-4FC4-A259-F6076FDC583F}”

    not found

    New Values:

    “Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “Start Page”=“http://www.google.com”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully

    ==== HijackThis Entries ======================

    F2 - REG:system.ini: UserInit=userinit.exe,

    O1 - Hosts: ::1 localhost

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe” -h -k

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: C:\Program Files (x86)\Launch Manager\LManager.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe” -a

    O4 - HKLM\..\Run: C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

    O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

    O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime

    O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    O4 - HKCU\..\Run: “C:\Users\gebruiker\AppData\Local\iLivid\iLivid.exe” -autorun

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\gebruiker\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\gebruiker\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Cache found

    ==== Empty Chrome Cache ======================

    C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\Users\gebruiker\AppData\Local\Torch\User Data\Default\Cache emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=1556 folders=205 70180252 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\gebruiker\AppData\Local\Temp will be emptied at reboot

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    “C:\ProgramData\03f7115b-a2b3-4c6b-9812-2f35ab25f7fa” not found

    ==== EOF on vr 14-03-2014 at 23:40:19,23 ======================

  • Ben

    Hallo,

    Je heb een torpig infectie;

    Voer zoek.exe nogmaals uit met de volgende code;

    ;r

    {118BEDCA-A901-4203-B4F2-ADCB957D188C};c

    ;r

    {118BEDCA-A901-4203-B4F2-ADCB957D1880};c

    ;r

    “iLivid”=-;r

    C:\Users\gebruiker\AppData\Local\iLivid;fs

    ;r

    “mobilegeni daemon”=-;r

    C:\Program Files (x86)\Mobogenie;fs

    ;r

    “iLivid”=-;r

    Plaat het verkregen logje.

    Download AdwCleaner by Xplode naar het bureaublad.

    * Sluit alle openstaande vensters.

    * Dubbelklik op AdwCleaner om hem te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,

    * Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Klik vervolgens op Scan.

    * Klik vervolgens op Clean als er items zijn gevonden.

    * Klik bij Herstarten Noodzakelijk op OK

    Nadat de PC opnieuw is opgestart, opent meestal een logfile.

    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt

    Post aansluitend de inhoud van dit log in je volgende bericht.

  • Dennis

    hallo Ben,

    Zoek.exe v5.0.0.0 Updated 07-March-2014

    Tool run by gebruiker on za 15-03-2014 at 10:01:09,92.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\gebruiker\Desktop\zoek.exe

    ==== Older Logs ======================

    C:\zoek-results2014-03-14-224019.log 38951 bytes

    ==== Deleting CLSID Registry Keys ======================

    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188C} deleted successfully

    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1880} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    ==== Registry Fix Code ======================

    Windows Registry Editor Version 5.00

    “iLivid”=-

    “mobilegeni daemon”=-

    “iLivid”=-

    ==== Deleting Files \ Folders ======================

    C:\Users\gebruiker\AppData\Local\iLivid not found

    C:\Program Files (x86)\Mobogenie not found

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=1556 folders=205 70180252 bytes)

    ==== EOF on za 15-03-2014 at 10:03:11,63 ======================

    ADW cleaner is nu bezig.

    Alvast bedankt.

  • Dennis

    hier het adw logje.

    # AdwCleaner v3.022 - Report created 15/03/2014 at 10:10:57

    # Updated 13/03/2014 by Xplode

    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Username : gebruiker - GEBRUIKERMM

    # Running from : C:\Users\gebruiker\Desktop\adwcleaner.exe

    # Option : Clean

    ***** *****

    ***** *****

    Folder Deleted : C:\Users\gebruiker\AppData\Local\torch

    File Deleted : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

    ***** *****

    ***** *****

    Key Deleted : HKCU\Software\Classes\iLivid.torrent

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

    Key Deleted : HKCU\Software\ilivid

    Key Deleted : HKCU\Software\Softonic

    Key Deleted : HKCU\Software\torch

    Key Deleted : HKLM\Software\torch

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

    ***** *****

    -\\ Internet Explorer v11.0.9600.16521

    -\\ Mozilla Firefox v

    -\\ Google Chrome v

    Deleted : search_url

    Deleted : keyword

    *************************

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    ########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########

  • Ben

    Hallo,

    Ondervind je nog problemen?

  • Dennis

    Hallo Ben,

    Ik had geen problemen, maar mijn provider gaf dit aan.

    Zie jij nog dingen die weg kunnen?

    Heb ik verder geen besmettingen meer?

    Wel zie ik nog iets waarvan ik niet weet wat het is, winSCP.

    Ook heb ik nog een icoontje van Norton op mijn bureaublad.

    En heb ik alle programma's uptodate?

    Groet Dennis.

  • Ben

    >>> Wel zie ik nog iets waarvan ik niet weet wat het is, winSCP. <<<

    https://www.google.nl/search?hl=nl&q=winSCP.

    >>> Ook heb ik nog een icoontje van Norton op mijn bureaublad.<<<

    Wat gebruik je van Norton ik zie niks?

    Download: http://www.bleepingcomputer.com/download/securitycheck/ en sla het op je Bureaublad op.

    Start Security Check.

    Volg de Instructies in het scherm.

    Aan het eind verschijnt een log (checkup.txt) plaats de inhoud ervan in je volgende antwoord

  • Dennis

    Gedaan.

    Zie onderstaand.

    Results of screen317's Security Check version 0.99.80

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 11

    ``````````````Antivirus/Firewall Check:``````````````

    avast! Antivirus

    Antivirus up to date!

    `````````Anti-malware/Other Utilities Check:`````````

    SpywareBlaster 5.0

    Java(TM) 6 Update 35

    Java 7 Update 51

    Adobe Flash Player 12.0.0.77

    Adobe Reader XI

    Mozilla Firefox (27.0.1)

    ````````Process Check: objlist.exe by Laurent````````

    AVAST Software Avast AvastSvc.exe

    AVAST Software Avast AvastUI.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 0%

    ````````````````````End of Log``````````````````````

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.