startpagina verdwijnt en mbaw start niet op

• 

  harry

  12-04-2014 16:24

  Hallo ik wou een spelletje downloaden . stardefender

  maar dat is mislukt…

  nu start ik startpagina op maar verdwijnt binnen 5 seconden

  en mbaw start hellemaal niet meer op

  logje

  Logfile of Trend Micro HijackThis v2.0.5

  Scan saved at 16:22:46, on 12-4-2014

  Platform: Windows 7 SP1 (WinNT 6.00.3505)

  MSIE: Unable to get Internet Explorer version!

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Windows\system32\taskhost.exe

  C:\Program Files\AVAST Software\Avast\AvastUI.exe

  C:\Program Files\Common Files\Java\Java Update\jusched.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Users\Gebruiker\Downloads\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll

  O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll

  O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

  O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

  O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll

  O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKCU\..\Run: C:\Users\Gebruiker\AppData\Roaming\czzrzz\fkzrzz.exe

  O4 - HKCU\..\Run: C:\Users\Gebruiker\AppData\Roaming\czzrzz\\wnbuxg.exe

  O4 - HKCU\..\Run: C:\Users\Gebruiker\AppData\Roaming\czzrzz\\jaepew.exe

  O4 - HKCU\..\Run: C:\Users\Gebruiker\AppData\Roaming\czzrzz\\

  O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

  O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

  O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

  O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

  O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe

  O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

  O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

  O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

  O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

  –

  End of file - 8284 bytes

  Rapporteren
• 

  Ben

  12-04-2014 16:36

  Hallo,

  Je heb een infectie opgelopen, schakel IObit uit tot we overal mee klaar zijn gaat dat niet verwijder die dan.

  Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

  Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

  Download Zoek.exe naar het bureaublad.

  * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

  Zoek.exe uitvoeren

  Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

  * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

  * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

  * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

  firefoxlook;

  emptyclsid;

  ;r

  “fkzrzz.exe”=-;r

  “wnbuxg.exe”=-;r

  “jaepew.exe”=-;r

  @=-;r

  C:\Users\Gebruiker\AppData\Roaming\czzrzz;fs

  torpigcheck;

  emptyfolderscheck;delete

  chromelook;

  standardsearch;

  filesrcm;

  autoclean;

  startupall;

  * Klik nu op de knop "Run script".

  * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  * Post het geopende logje in het volgende bericht.

  Rapporteren
• 

  harry

  12-04-2014 17:53

  Zoek.exe v5.0.0.0 Updated 07-March-2014

  Tool run by Gebruiker on za 12-04-2014 at 17:20:54,57.

  Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

  Running in: Normal Mode Internet Access Detected

  Launched: C:\Users\Gebruiker\Desktop\zoek (1).exe

  ==== Older Logs ======================

  C:\zoek-results2014-04-12-150218.log 5927 bytes

  ==== Torpig Check ======================

  HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

  HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

  ==== Deleting CLSID Registry Keys ======================

  ==== Deleting CLSID Registry Values ======================

  ==== Running Processes ======================

  C:\Windows\System32\smss.exe

  C:\Windows\system32\csrss.exe

  C:\Windows\system32\csrss.exe

  C:\Windows\system32\wininit.exe

  C:\Windows\system32\services.exe

  C:\Windows\system32\lsass.exe

  C:\Windows\system32\lsm.exe

  C:\Windows\system32\winlogon.exe

  C:\Windows\system32\nvvsvc.exe

  C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

  C:\Windows\system32\nvvsvc.exe

  C:\Windows\System32\spoolsv.exe

  C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  C:\Program Files\Bonjour\mDNSResponder.exe

  C:\Program Files\Internetbeveiliging\fshoster32.exe

  C:\Windows\system32\taskhost.exe

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  C:\Program Files\OO Software\Defrag\oodag.exe

  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

  C:\Program Files\AVAST Software\Avast\AvastUI.exe

  C:\Program Files\Common Files\Java\Java Update\jusched.exe

  C:\Program Files\Windows Sidebar\sidebar.exe

  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

  C:\Windows\system32\SearchIndexer.exe

  C:\Windows\System32\WUDFHost.exe

  C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

  C:\Users\Gebruiker\Desktop\zoek (1).exe

  C:\Windows\system32\conhost.exe

  C:\Windows\system32\conhost.exe

  C:\Windows\system32\DllHost.exe

  C:\Windows\system32\svchost.exe -k DcomLaunch

  C:\Windows\system32\svchost.exe -k RPCSS

  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

  C:\Windows\system32\svchost.exe -k LocalService

  C:\Windows\system32\svchost.exe -k netsvcs

  C:\Windows\system32\svchost.exe -k GPSvcGroup

  C:\Windows\system32\svchost.exe -k NetworkService

  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

  C:\Windows\system32\svchost.exe -k imgsvc

  C:\Windows\System32\svchost.exe -k secsvcs

  C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

  ==== Deleting Services ======================

  ==== Registry Fix Code ======================

  Windows Registry Editor Version 5.00

  “fkzrzz.exe”=-

  “wnbuxg.exe”=-

  “jaepew.exe”=-

  @=-

  ==== Deleting Files \ Folders ======================

  C:\Users\Gebruiker\AppData\Roaming\czzrzz not found

  ==== System Specs ======================

  Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)

  Memory (RAM): 1792 MB

  CPU Info: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz

  CPU Speed: 1998,5 MHz

  Sound Card: Luidsprekers (High Definition A |

  Digitale audio (S/PDIF) (High D |

  Display Adapters: NVIDIA GeForce 7050 / NVIDIA nForce 610i | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

  Monitors: 1x; Algemeen PnP-beeldscherm |

  Screen Resolution: 1440 X 900 - 32 bit

  Network: Network Present

  Network Adapters: Realtek PCI GBE Family Controller | Realtek PCIe FE Family Controller

  CD / DVD Drives: 2x (D: | I: | ) D: Optiarc DVD RW AD-7200S | I:

  Ports: COM4 | COM3 LPT Port NOT Present.

  Mouse: 3 Button Wheel Mouse Present

  Hard Disks: C: 286,1GB

  Hard Disks - Free: C: 51,7GB

  Manufacturer *: American Megatrends Inc.

  BIOS Info: AT/AT COMPATIBLE | 04/08/08 | ACRSYS - 20080408

  Time Zone: West-Europa (standaardtijd)

  Motherboard *: Packard Bell BV MCP73VT-PM

  Country: Nederland

  Language: NLD

  ==== System Specs (Software) ======================

  Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

  Anti-Spyware: Windows Defender disabled (Outdated)

  Anti-Spyware: avast! Antivirus disabled (Outdated)

  Firewall: avast! Antivirus disabled

  Default Browser: Google Chrome 34.0.1847.116

  Internet Explorer Version: 11.0.9600.17041

  Google Chrome version: 34.0.1847.116

  Adobe Reader version: 11.0.06.70

  Sun Java version: 1.8.0 (32-bit)

  Flash Player version: 13.0.0.191

  ==== Files Recently Created / Modified ======================

  ====== C:\Windows ====

  2014-03-30 06:48:09 E1CBFDE5CAD6C373946A0D2C238E6522 43152 —-a-w- C:\Windows\avastSS.scr

  2014-03-22 09:05:23 EA3ECB92A2EA3A42273CB3B308CA1A5B 156910 —-a-w- C:\Windows\WMSysPr8.prx

  ====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

  ====== Java Cache =====

  ====== C:\Windows\system32 =====

  2014-04-12 14:57:40 E53BA3C7D8586C8DD422E57CB21D80C3 19936 —-a-w- C:\Windows\System32\PCloudBroom.exe

  2014-04-12 14:57:40 36C5CBA4612B670D20EBDD2F0BECB1A8 906 —-a-w- C:\Windows\System32\BroomData.bit

  2014-04-11 03:52:57 CE6921D33682C6C3DB8A45853CC69402 455168 —-a-w- C:\Windows\System32\vbscript.dll

  2014-04-11 03:52:56 AA12D7A960DB78DD9690AB5B5DAE6586 440832 —-a-w- C:\Windows\System32\ieui.dll

  2014-04-11 03:52:48 A127D17C354B473B0F4C6265538F5A2C 2724864 —-a-w- C:\Windows\System32\mshtml.tlb

  2014-04-11 03:52:45 BB185D4A9362AA17CBCEC0768CDBF249 704512 —-a-w- C:\Windows\System32\ieapfltr.dll

  2014-04-11 03:52:45 116632CE6DF92EA78C2B849E1279B1FA 4096 —-a-w- C:\Windows\System32\ieetwcollectorres.dll

  2014-04-11 03:52:41 EDACA6C44D9CE200F899B7DB0F201DFF 164864 —-a-w- C:\Windows\System32\msrating.dll

  2014-04-11 03:52:41 EBC35FE64056910A84485BEEB6DCCAC6 524288 —-a-w- C:\Windows\System32\msfeeds.dll

  2014-04-11 03:52:41 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 —-a-w- C:\Windows\System32\jsproxy.dll

  2014-04-11 03:52:39 7E9FE7DB43BC204E44F159F843E35C15 367616 —-a-w- C:\Windows\System32\dxtmsft.dll

  2014-04-11 03:52:39 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 —-a-w- C:\Windows\System32\dxtrans.dll

  2014-04-11 03:52:38 E5E97E94DD9D69D8EE90CFA96156CD8A 575488 —-a-w- C:\Windows\System32\ie4uinit.exe

  2014-04-11 03:52:38 21BF6759685FD193715B483F2B3F21B1 112128 —-a-w- C:\Windows\System32\ieUnatt.exe

  2014-04-11 03:52:37 82287FCFFA4A2D60FD744E3FEB3192C5 61952 —-a-w- C:\Windows\System32\iesetup.dll

  2014-04-11 03:52:37 0FDC1A576A3F40420882C0F7C4A66EAD 32768 —-a-w- C:\Windows\System32\iernonce.dll

  2014-04-11 03:52:36 C9CA9803299EB6AFA34CB520BAAB083D 32256 —-a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

  2014-04-11 03:52:35 BECAA526B8A1823A36A1BA123B8C41A9 646144 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

  2014-04-11 03:52:35 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 —-a-w- C:\Windows\System32\ieetwproxystub.dll

  2014-04-11 03:52:35 2101D94DED769CE86A3DE1152F4FCDF5 108032 —-a-w- C:\Windows\System32\ieetwcollector.exe

  2014-04-11 03:52:35 0F4A295516781897FFB09B4CCF2E8798 592896 —-a-w- C:\Windows\System32\jscript9diag.dll

  2014-04-11 03:52:28 05BD47136DE62FAFE9F95B40E4100144 2178048 —-a-w- C:\Windows\System32\iertutil.dll

  2014-04-11 03:52:25 E4E829EE073E046B0EB19B5FECB19B8C 1789440 —-a-w- C:\Windows\System32\wininet.dll

  2014-04-11 03:52:25 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 —-a-w- C:\Windows\System32\urlmon.dll

  2014-04-11 03:52:23 C4A383FD50FBD7E274DD41CF571DF898 1967104 —-a-w- C:\Windows\System32\inetcpl.cpl

  2014-04-11 03:52:21 2AFBB91BBD2378933B26E6D68C140D1B 11745792 —-a-w- C:\Windows\System32\ieframe.dll

  2014-04-11 03:52:19 EA85144F35EDE6EE25C484D4242FF2C8 17387008 —-a-w- C:\Windows\System32\mshtml.dll

  2014-04-11 03:52:14 8C46360D6EF9D4C563FE834C4F287DA3 4254720 —-a-w- C:\Windows\System32\jscript9.dll

  2014-04-09 05:09:44 F74FFA7654702F81884BDB41EB80DAC2 868352 —-a-w- C:\Windows\System32\kernel32.dll

  2014-04-05 12:35:26 C6A09FA46EF0123EE5485999D6D9607E 264600 —-a-w- C:\Windows\System32\javaws.exe

  2014-04-05 12:35:13 9DFF2C8F4CE048322FCB10D38820D510 176024 —-a-w- C:\Windows\System32\javaw.exe

  2014-04-05 12:35:13 743524979EF5F33BDB4DDEE63FD6C042 176024 —-a-w- C:\Windows\System32\java.exe

  ====== C:\Windows\system32\drivers =====

  2014-04-09 05:10:17 EB34CE31FABD4DC4343FD2AD16D2CAF9 234432 —-a-w- C:\Windows\System32\drivers\msiscsi.sys

  2014-04-09 05:10:15 F1A449D762657230629D8BFC107ABC14 149440 —-a-w- C:\Windows\System32\drivers\storport.sys

  2014-04-09 05:10:15 5FB4F271032B6435F3B2252F577A4815 27072 —-a-w- C:\Windows\System32\drivers\Diskdump.sys

  2014-04-09 05:09:48 C8DFF8D07755A66C7A4A738930F0FEAC 1212352 —-a-w- C:\Windows\System32\drivers\ntfs.sys

  ====== C:\Windows\Tasks ======

  ====== C:\Windows\Temp ======

  ======= C:\Program Files =====

  2014-04-05 12:35:50 ——– d—–w- C:\Program Files\Common Files\Java

  2014-03-22 09:12:41 ——– d—–w- C:\Program Files\PrintEco

  2014-03-22 09:05:26 ——– d—–w- C:\Program Files\Common Files\FlashIntegro

  2014-03-22 09:05:22 ——– d—–w- C:\Program Files\FlashIntegro

  ======= C: =====

  ====== C:\Users\Gebruiker\AppData\Roaming ======

  2014-04-05 12:35:41 ——– d—–w- C:\Users\Gebruiker\AppData\Locallow\Oracle

  2014-03-23 08:21:18 ——– d—–w- C:\Users\Gebruiker\AppData\Roaming\VideoEditor

  2014-03-21 11:27:22 EC2252505F2A25D70BD749F34A1793D9 155856 —-a-w- C:\Users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT

  ====== C:\Users\Gebruiker ======

  2014-04-12 14:35:10 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Gebruiker\Downloads\RSIT.exe

  2014-04-09 14:51:46 ——– d—–w- C:\Users\Gebruiker\louisia

  2014-04-05 12:32:45 DF4AB2AC812C932D2D4572FF29F469BA 31107992 —-a-w- C:\Users\Gebruiker\Downloads\jre-8-windows-i586.exe

  2014-04-05 12:32:13 565592D342E241EB6FCA351F9C810AE3 4787368 —-a-w- C:\Users\Gebruiker\Downloads\ccsetup412.exe

  2014-04-05 09:34:48 9C8BBC4D2C7CBA4AEE85EFFE110E6E36 4375224 —-a-w- C:\Users\Gebruiker\Downloads\F-SecureOnlineScanner.exe

  2014-03-30 07:06:21 D78EEC90A537CFCAB15BE2C081C4DE74 28413552 —-a-w- C:\Users\Gebruiker\Downloads\PandaCloudCleaner (1).exe

  2014-03-22 09:05:44 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro

  ====== C: exe-files ==

  2014-04-11 13:44:54 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 —-a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe

  2014-04-11 03:52:27 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 —-a-w- C:\Program Files\Internet Explorer\ielowutil.exe

  2014-04-11 03:52:26 F972DDD19A10F53D74021DDEAC07CCA6 470016 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe

  2014-04-11 03:52:24 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe

  === C: other files ==

  ==== Startup Registry Enabled ======================

  “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”

  “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

  “mctadmin”=“C:\Windows\System32\mctadmin.exe”

  “AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui”

  “SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”

  “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”

  ==== Startup Registry Disabled ======================

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“Adobe ARM”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“APSDaemon”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“BCSSync”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\“ /DelayServices”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“DivXMediaServer”

  “hkey”=“HKLM”

  “command”=“C:\\Program Files\\DivX\\DivX Media Server\\DivXMediaServer.exe”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“DivXUpdate”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\“ /CHECKNOW”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“F-Secure Hoster (45123)”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Internetbeveiliging\\fshoster32.exe\“ -app -hosterid:1”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“iTunesHelper”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\iTunes\\iTunesHelper.exe\“”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“PWRISOVM.EXE”

  “hkey”=“HKLM”

  “command”=“C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup”

  “command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”

  “hkey”=“HKLM”

  “item”=“SunJavaUpdateSched”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“SUPERAntiSpyware”

  “hkey”=“HKCU”

  “command”=“C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe”

  “path”=“C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DesktopEarth AutoStart.lnk”

  “backup”=“C:\\Windows\\pss\\DesktopEarth AutoStart.lnk.Startup”

  “backupExtension”=“.Startup”

  “command”=“C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Installer\\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\\_C1A9BF9D98647632ED5172.exe ”

  “item”=“DesktopEarth AutoStart”

  “backup”=“C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup”

  “backupExtension”=“.Startup”

  “item”=“OpenOffice.org 3.3 ”

  “Adobe ARM”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

  “SunJavaUpdateSched”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”

  ==== Task Scheduler Jobs ======================

  C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

  ==== Other Scheduled Tasks ======================

  “C:\Windows\system32\tasks\Adobe Flash Player Updater”

  “C:\Windows\system32\tasks\Adobe online update program”

  “C:\Windows\system32\tasks\CCleanerSkipUAC”

  “C:\Windows\system32\tasks\CreateChoiceProcessTask”

  “C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore”

  “C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA”

  “C:\Windows\system32\tasks\Java Update Scheduler”

  “C:\Windows\system32\tasks\{71D38923-DE99-49BA-918E-D5166CD26548}”

  “C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate”

  “C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”

  ==== Folders in C:\PROGRA~2 0-6 Months Old ======================

  2013-11-27 13:22:15 ——– d—–w- C:\PROGRA~2\Licenses

  2014-03-06 16:04:36 ——– d—–w- C:\PROGRA~2\.mono

  ==== Firefox Extensions Registry ======================

  “firefox@printecosoftware.com”=“C:\Program Files\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi”

  ==== Chrome Look ======================

  HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

  gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

  nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx

  Google Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

  Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

  YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

  Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

  Advanced SystemCare Surfing Protection - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd

  Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

  Bitdefender QuickScan - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

  Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

  ==== Set IE to Default ======================

  Old Values:

  “Start Page”=“http://www.google.com”

  New Values:

  “Start Page”=“http://www.google.com”

  ==== All HKCU SearchScopes ======================

  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

  “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”

  {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC”

  {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

  ==== HijackThis Entries ======================

  O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll

  O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll

  O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

  O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

  O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

  O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

  O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll

  O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

  O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

  O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

  O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

  O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

  O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

  O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

  O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

  O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

  O11 - Options group: Accelerated graphics

  O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

  O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab

  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

  O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

  O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

  O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe

  O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

  O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

  O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

  O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

  ==== Empty IE Cache ======================

  C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

  C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

  ==== Empty FireFox Cache ======================

  No FireFox Profiles found

  ==== Empty Chrome Cache ======================

  C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

  ==== Empty All Flash Cache ======================

  Flash Cache Emptied Successfully

  ==== Empty All Java Cache ======================

  Java Cache cleared successfully

  ==== C:\zoek_backup content ======================

  C:\zoek_backup (files=996 folders=154 271993202 bytes)

  ==== Empty Temp Folders ======================

  C:\Users\Default\AppData\Local\temp emptied successfully

  C:\Users\Default User\AppData\Local\temp emptied successfully

  C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

  C:\Users\Public\AppData\Local\temp emptied successfully

  C:\Users\UpdatusUser\AppData\Local\temp emptied successfully

  C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

  C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

  C:\Windows\Temp will be emptied at reboot

  ==== After Reboot ======================

  ==== Empty Temp Folders ======================

  C:\Windows\Temp successfully emptied

  C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

  ==== Empty Recycle Bin ======================

  C:\$RECYCLE.BIN successfully emptied

  ==== Deleting Files / Folders ======================

  “C:\Users\Gebruiker\AppData\Roaming\czzrzz” not found

  ==== EOF on za 12-04-2014 at 17:50:40,57 ======================

  Rapporteren
• 

  harry

  12-04-2014 17:55

  MBAW doet het weer en startpagina start ook weer op zonder te verdwijnen

  groet harry

  Rapporteren
• 

  Ben

  12-04-2014 18:03

  Hallo,

  Dan gaan we de goede kant op:

  Download Emsisoft Anti-Malware naar het bureaublad.

  Emsisoft Anti-Malware uitvoeren

  Dubbelklik op "EmsisoftAntiMalwareSetup.exe" om Emsisoft Anti-Malware te installeren.

  Kies in het volgende scherm de gewenste taal en klik op "OK"

  Selecteer de optie "Ik accepteer de licentieovereenkomst“ en klik op ”Installeren"

  Klik in het licentiescherm op de knop "Volgende" .

  Vink in het volgende scherm de optie "Update extra talen uit" en klik op volgende.

  Klik nu op de optie "Computer scannen“ en kies de optie ”Slim“ en druk op de knop ”scan"

  Laat de gevonden items in quarantaine plaatsen en klik op "Rapport bekijken", het logbestand wordt nu automatisch geopend.

  Plaats dit rapport.

  Rapporteren
• 

  harry

  12-04-2014 21:55

  Emsisoft Anti-Malware - Versie 8.1

  Laatste Update: 12-4-2014 18:53:29

  Gebruikersaccount: GEBRUIK-M9FNQAG\Gebruiker

  Scaninstellingen:

  Scanmodus: Diepe scan

  Objecten: Rootkits, Geheugen, Sporen, C:\

  Detecteer PUPs: Uit

  Scan archieven: Aan

  ADS Scan: Aan

  Bestandsextensiefilter: Uit

  Geavanceerde cache: Aan

  Directe schijftoegang: Uit

  Scan gestart: 12-4-2014 18:53:44

  Key: HKEY_CLASSES_ROOT\INTERFACE\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Ontdekt: Trace.Registry.Application.AdReg (A)

  Key: HKEY_USERS\.DEFAULT\SOFTWARE\SEARCH SETTINGS Ontdekt: Trace.Registry.Application.InstallAd (A)

  Key: HKEY_USERS\S-1-5-18\SOFTWARE\SEARCH SETTINGS Ontdekt: Trace.Registry.Application.InstallAd (A)

  Key: HKEY_LOCAL_MACHINE\SOFTWARE\IWIN Ontdekt: Trace.Registry.Application.InstallAd (A)

  Key: HKEY_USERS\S-1-5-21-3453345529-432745293-659397266-1000\SOFTWARE\CONDUIT Ontdekt: Trace.Registry.Application.InstallAd (A)

  Gescand: 291357

  Gevonden: 5

  Scan geëindigd: 12-4-2014 21:52:17

  Scantijd: 2:58:33

  Key: HKEY_USERS\.DEFAULT\SOFTWARE\SEARCH SETTINGS In quarantaine geplaatst Trace.Registry.Application.InstallAd (A)

  Key: HKEY_LOCAL_MACHINE\SOFTWARE\IWIN In quarantaine geplaatst Trace.Registry.Application.InstallAd (A)

  Key: HKEY_USERS\S-1-5-21-3453345529-432745293-659397266-1000\SOFTWARE\CONDUIT In quarantaine geplaatst Trace.Registry.Application.InstallAd (A)

  Key: HKEY_CLASSES_ROOT\INTERFACE\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} In quarantaine geplaatst Trace.Registry.Application.AdReg (A)

  In quarantaine geplaatst 4

  Rapporteren
• 

  Ben

  13-04-2014 09:43

  Hallo,

  Hoe staat het hierna met je klachten?

  Rapporteren
• 

  harry

  13-04-2014 10:12

  Hij loopt weer als een trein. thanks

  Vraag moet/zal ik emsisoft anti maleware op de achtergrond laten draaien of eet het teveel geheugen ?

  Scan zo en zo altyd 1x per week met MBAW

  Gr Harry

  Rapporteren
• 

  Ben

  13-04-2014 10:16

  Hallo,

  Emisoft mag je weer verwijderen en mbam blijven gebruiken (tu)

  Met het onderstaande tooltje ruim je o.a. de rest van de gebruikte tools op:

  Download Delfix by Xplode naar het bureaublad.

  Dubbelklik op Delfix.exe om de tool te starten.

  Zet nu vinkjes voor de volgende items:

  Remove disinfection tools

  Purge System Restore

  Reset system settings

  Klik nu op "Run" en wacht geduldig tot de tool gereed is.

  Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.

  Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.

  Rapporteren
• 

  Jos H

  13-04-2014 10:48

  Emisoft anti Malware is een 30 dagen trialversie.(daarna kopen) dus via configuratiescherm software verwijderen of via de knop uninstall in het programma menu.

  Rapporteren

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.