Microsoft Essentials schakeld beveiliging niet zelf meer in en pop-ups.

  • André van Es

    Mijn beveiliging moet ik iedere keer bij het opstarten zelf weer inschakelen en ik heb last van pop-ups

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 21:27:17, on 13-4-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16521)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    C:\Users\Subst\AppData\Local\PirritSuggestor\PirritDesktop.exe

    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O2 - BHO: (no name) - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - (no file)

    O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKCU\..\Run: C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart

    O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {9E858349-A287-4D37-8C27-034330E160F9} (MijnAlbum Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc_redesign/core/system/aus8.0.14/ImageUploader8.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: PirritDesktop - Unknown owner - C:\Users\Subst\AppData\Local\PirritSuggestor\PirritService.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 8038 bytes

  • fazantje

    Hoi Andre,

    Het is alweer 6 jaar geleden dat we je hier voor het laatst hebben gezien.

    Welkom terug.

    Er is wel het 1 en ander aan het stappenplan veranderd.

    Zou je het vernieuwde stappenplan willen uitvoeren en daarna de gevraagde logjes willen plaatsen.

    Daarna kunnen we je weer verder helpen.

    Succes,

    Huib;)

  • André van Es

    Ik heb ondertussen malwarebytes gebruikt, maar dat ging niet goed omdat de instellingen op de pc opeens veranderden en ik daarna geen internet meer had.

    Wel heb ik de pc in de veilige modus laten scannen en opnieuw hijackthis gebruikt en een scan gemaakt en alles opgeschoont met CC-cleaner.

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Subst at 2014-04-15 21:51:49

    Microsoft Windows 7 Ultimate Service Pack 1

    System drive C: has 230 GB (48%) free of 477 GB

    Total RAM: 7919 MB (74% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 21:51:52, on 15-4-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.16521)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    C:\Users\Subst\AppData\Roaming\uTorrent\uTorrent.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

    C:\Program Files\trend micro\Subst.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O2 - BHO: (no name) - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - (no file)

    O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKCU\..\Run: C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart

    O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {9E858349-A287-4D37-8C27-034330E160F9} (MijnAlbum Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc_redesign/core/system/aus8.0.14/ImageUploader8.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 7700 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    “C:\Program Files\Microsoft Security Client\MsMpEng.exe”

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    “taskhost.exe”

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    “C:\Windows\system32\Dwm.exe”

    C:\Windows\Explorer.EXE

    “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

    C:\Windows\system32\AEADISRV.EXE

    “C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”

    “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

    “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart

    “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    “C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    C:\Windows\system32\svchost.exe -k imgsvc

    “C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe”

    “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe”

    “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”

    WLIDSvcM.exe 1200

    “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart

    “C:\Program Files\iPod\bin\iPodService.exe”

    C:\Windows\system32\SearchIndexer.exe /Embedding

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    C:\Windows\system32\svchost.exe -k SDRSVC

    “C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9e06911f-9de9-4f43-bcd7-f3edb163aaca -SystemEventPortName:HostProcess-f2c3f3e0-0ee8-411f-87fc-4570a51f8653 -IoCancelEventPortName:HostProcess-6e176438-f789-4262-9b53-94f994186963 -NonStateChangingEventPortName:HostProcess-6ebd9266-3c57-48d6-aa4b-811279ad693e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d25068b2-f72c-42e6-b50a-83eb4161e496 -DeviceGroupId:WpdFsGroup

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

    “C:\Program Files\Microsoft Security Client\NisSrv.exe”

    “C:\Users\Subst\AppData\Roaming\uTorrent\uTorrent.exe” /RELOCATED

    “C:\Program Files (x86)\Mozilla Firefox\firefox.exe”

    “C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe” –channel=840.c87f590.558761742 “C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll” -greomni “C:\Program Files (x86)\Mozilla Firefox\omni.ja” -appomni “C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja” -appdir “C:\Program Files (x86)\Mozilla Firefox\browser” E7CF176E110C211B 840 “\\.\pipe\gecko-crash-server-pipe.840” plugin

    “C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe” –proxy-stub-channel=Flash1272.657F7F48.20471 –host-broker-channel=Flash1272.657F7F48.31686 –host-pid=1272 –host-npapi-version=27 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll”

    “C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe” –channel=3660.0039F658.742435888 –proxy-stub-channel=Flash1272.657F7F48.20471 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll” –host-npapi-version=27 –type=renderer

    “C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”

    “C:\Windows\system32\SearchFilterHost.exe” 0 516 520 528 65536 524

    “C:\Users\Subst\Downloads\RSITx64.exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default

    prefs.js - “browser.search.useDBForOrder” - “false”

    prefs.js - “browser.startup.homepage” - “http://nl.msn.com/”

    “Description”=Adobe® Flash® Player 13.0.0.182 Plugin

    “Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll

    “Description”=

    “Path”=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

    “Description”=Java™ Deployment Toolkit

    “Path”=C:\Windows\SysWOW64\npDeployJava1.dll

    “Description”=Oracle® Next Generation Java™ Plug-In

    “Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    “Description”=Ag Player Plugin

    “Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

    “Description”=WLPG Install MIME type

    “Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    “Description”=Google Update

    “Path”=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

    “Description”=Google Update

    “Path”=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

    “Description”=Handles PDFs in-place in Firefox

    “Path”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    “Description”=

    “Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

    “Description”=Adobe® Flash® Player 13.0.0.182 Plugin

    “Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll

    “Description”=

    “Path”=C:\Windows\system32\npDeployJava1.dll

    “Description”=Ag Player Plugin

    “Path”=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

    “Description”=

    “Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

    C:\Program Files (x86)\Mozilla Firefox\extensions\

    ffxtlbr@babylon.com

    C:\Program Files (x86)\Mozilla Firefox\components\

    nsIQTScriptablePlugin.xpt

    C:\Program Files (x86)\Mozilla Firefox\plugins\

    np-mswmp.dll

    NPOFF12.DLL

    nppdf32.dll

    npqtplugin.dll

    npqtplugin2.dll

    npqtplugin3.dll

    npqtplugin4.dll

    npqtplugin5.dll

    QuickTimePlugin.class

    WMP Firefox Plugin License.rtf

    WMP Firefox Plugin RelNotes.txt

    C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default\extensions\

    {87775fdb-6972-41f9-ae51-8326e38cb206}

    C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default\searchplugins\

    google-instant.xml

    ======Registry dump======

    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    “MSC”=C:\Program Files\Microsoft Security Client\msseces.exe

    “AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    “CAHeadless”=C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

    “GoogleDriveSync”=C:\Program Files (x86)\Google\Drive\googledrivesync.exe

    “TomTomHOME.exe”=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

    “iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe

    “Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=0

    “ConsentPromptBehaviorUser”=3

    “EnableLUA”=0

    “EnableUIADesktopToggle”=0

    “PromptOnSecureDesktop”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “NoDriveTypeAutoRun”=145

    “NoActiveDesktop”=1

    “NoActiveDesktopChanges”=1

    “ForceActiveDesktopOn”=0

    “c:\windows\mdm.exe”=“c:\windows\mdm.exe:*:Enabled:Microsoft Firevall Engine”

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2014-04-15 21:51:49 —-D—- C:\rsit

    2014-04-15 21:51:49 —-D—- C:\Program Files\trend micro

    2014-04-13 22:53:24 —-A—- C:\malware.txt

    2014-04-13 22:21:31 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys

    2014-04-13 22:21:08 —-D—- C:\ProgramData\Malwarebytes

    2014-04-09 20:32:41 —-D—- C:\Program Files\HitmanPro

    2014-04-09 20:29:47 —-D—- C:\ProgramData\Systweak

    2014-04-09 20:29:40 —-A—- C:\Windows\system32\sasnative64.exe

    2014-04-09 20:29:12 —-D—- C:\ProgramData\HitmanPro

    2014-04-09 20:29:11 —-D—- C:\Users\Subst\AppData\Roaming\systweak

    2014-04-09 02:01:52 —-A—- C:\Windows\system32\mshtml.dll

    2014-04-09 02:01:51 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2014-04-09 02:01:47 —-A—- C:\Windows\SYSWOW64\iologmsg.dll

    2014-04-09 02:01:47 —-A—- C:\Windows\system32\iologmsg.dll

    2014-04-09 02:01:47 —-A—- C:\Windows\system32\drivers\storport.sys

    2014-04-09 02:01:47 —-A—- C:\Windows\system32\drivers\msiscsi.sys

    2014-04-09 02:01:47 —-A—- C:\Windows\system32\drivers\Diskdump.sys

    2014-04-09 02:01:44 —-A—- C:\Windows\system32\kernel32.dll

    2014-04-09 02:01:43 —-A—- C:\Windows\SYSWOW64\setup16.exe

    2014-04-09 02:01:43 —-A—- C:\Windows\SYSWOW64\ntvdm64.dll

    2014-04-09 02:01:43 —-A—- C:\Windows\SYSWOW64\kernel32.dll

    2014-04-09 02:01:43 —-A—- C:\Windows\system32\wow64win.dll

    2014-04-09 02:01:43 —-A—- C:\Windows\system32\wow64cpu.dll

    2014-04-09 02:01:43 —-A—- C:\Windows\system32\wow64.dll

    2014-04-09 02:01:43 —-A—- C:\Windows\system32\ntvdm64.dll

    2014-04-09 02:01:42 —-A—- C:\Windows\SYSWOW64\wow32.dll

    2014-04-09 02:01:42 —-A—- C:\Windows\SYSWOW64\user.exe

    2014-04-09 02:01:42 —-A—- C:\Windows\SYSWOW64\instnm.exe

    2014-04-09 02:01:40 —-A—- C:\Windows\system32\drivers\ntfs.sys

    2014-04-04 10:32:38 —-A—- C:\Windows\SYSWOW64\mstscax.dll

    2014-04-04 10:32:38 —-A—- C:\Windows\system32\mstscax.dll

    2014-04-03 12:15:39 —-A—- C:\Windows\system32\TsUsbGDCoInstaller.dll

    2014-04-03 12:15:36 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

    2014-04-03 12:15:36 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

    2014-04-03 12:15:35 —-A—- C:\Windows\system32\drivers\TsUsbFlt.sys

    2014-04-03 12:15:33 —-A—- C:\Windows\SYSWOW64\wksprtPS.dll

    2014-04-03 12:15:33 —-A—- C:\Windows\SYSWOW64\tsgqec.dll

    2014-04-03 12:15:33 —-A—- C:\Windows\SYSWOW64\MsRdpWebAccess.dll

    2014-04-03 12:15:33 —-A—- C:\Windows\system32\wksprtPS.dll

    2014-04-03 12:15:33 —-A—- C:\Windows\system32\tsgqec.dll

    2014-04-03 12:15:33 —-A—- C:\Windows\system32\MsRdpWebAccess.dll

    2014-04-03 12:15:32 —-A—- C:\Windows\SYSWOW64\mstsc.exe

    2014-04-03 12:15:32 —-A—- C:\Windows\system32\wksprt.exe

    2014-04-03 12:15:32 —-A—- C:\Windows\system32\TSWbPrxy.exe

    2014-04-03 12:15:32 —-A—- C:\Windows\system32\mstsc.exe

    2014-04-03 12:15:31 —-A—- C:\Windows\SYSWOW64\rdvidcrl.dll

    2014-04-03 12:15:31 —-A—- C:\Windows\system32\rdvidcrl.dll

    2014-04-03 12:14:31 —-A—- C:\Windows\SYSWOW64\TSWorkspace.dll

    2014-04-03 12:14:31 —-A—- C:\Windows\system32\TSWorkspace.dll

    2014-03-29 12:28:31 —-D—- C:\Program Files (x86)\Mozilla Firefox

    ======List of files/folders modified in the last 1 month======

    2014-04-15 21:51:52 —-D—- C:\Windows\Prefetch

    2014-04-15 21:51:49 —-RD—- C:\Program Files

    2014-04-15 21:49:46 —-D—- C:\Users\Subst\AppData\Roaming\uTorrent

    2014-04-15 20:03:26 —-AD—- C:\Windows\Temp

    2014-04-15 20:03:14 —-D—- C:\Windows\system32\config

    2014-04-15 20:03:10 —-D—- C:\Windows\winsxs

    2014-04-15 19:56:42 —-D—- C:\Windows\system32\LogFiles

    2014-04-15 19:56:41 —-D—- C:\Windows\System32

    2014-04-15 19:56:41 —-D—- C:\Windows\inf

    2014-04-15 19:56:40 —-AD—- C:\Windows

    2014-04-15 19:55:08 —-D—- C:\Windows\system32\Tasks

    2014-04-15 19:53:09 —-SHD—- C:\Windows\Installer

    2014-04-15 19:53:08 —-SHD—- C:\Config.Msi

    2014-04-15 19:52:43 —-SHD—- C:\System Volume Information

    2014-04-15 18:45:10 —-D—- C:\ProgramData\Skype

    2014-04-15 18:45:09 —-RD—- C:\Program Files (x86)

    2014-04-15 18:45:09 —-D—- C:\Program Files (x86)\Common Files

    2014-04-15 18:44:59 —-D—- C:\Users\Subst\AppData\Roaming\Skype

    2014-04-15 05:37:26 —-D—- C:\Windows\SoftwareDistribution

    2014-04-13 23:03:52 —-D—- C:\Windows\system32\drivers

    2014-04-13 22:53:34 —-D—- C:\ProgramData\Windows

    2014-04-13 22:21:08 —-HD—- C:\ProgramData

    2014-04-13 08:50:45 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

    2014-04-12 05:54:51 —-D—- C:\Windows\system32\catroot2

    2014-04-11 23:03:06 —-D—- C:\Windows\debug

    2014-04-09 20:51:07 —-D—- C:\Windows\Tasks

    2014-04-09 20:45:57 —-D—- C:\Windows\system32\drivers\etc

    2014-04-09 04:00:47 —-D—- C:\Windows\rescache

    2014-04-09 03:21:00 —-D—- C:\Windows\SYSWOW64\nl-NL

    2014-04-09 03:21:00 —-D—- C:\Windows\SYSWOW64\en-US

    2014-04-09 03:21:00 —-D—- C:\Windows\SysWOW64

    2014-04-09 03:21:00 —-D—- C:\Windows\system32\nl-NL

    2014-04-09 03:21:00 —-D—- C:\Windows\system32\en-US

    2014-04-09 03:20:59 —-D—- C:\Windows\system32\DriverStore

    2014-04-09 03:20:59 —-D—- C:\Windows\AppPatch

    2014-04-09 03:05:45 —-D—- C:\ProgramData\Microsoft Help

    2014-04-09 03:04:38 —-D—- C:\Windows\system32\MRT

    2014-04-09 03:02:12 —-A—- C:\Windows\system32\MRT.exe

    2014-04-09 02:01:09 —-D—- C:\Windows\system32\catroot

    2014-04-04 10:28:04 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-04-03 22:08:55 —-SD—- C:\Users\Subst\AppData\Roaming\Microsoft

    2014-04-03 22:06:51 —-D—- C:\ProgramData\EPSON

    2014-04-03 22:06:50 —-D—- C:\Users\Subst\AppData\Roaming\Epson

    2014-04-03 12:24:22 —-D—- C:\Program Files\CCleaner

    2014-04-03 12:17:05 —-D—- C:\Windows\SYSWOW64\wbem

    2014-04-03 12:17:05 —-D—- C:\Windows\system32\wbem

    2014-04-03 12:17:05 —-D—- C:\Windows\system32\drivers\en-US

    2014-04-03 01:29:24 —-D—- C:\Program Files\Microsoft Security Client

    2014-04-03 01:29:24 —-D—- C:\Program Files (x86)\Microsoft Security Client

    2014-03-19 22:40:07 —-D—- C:\Users\Subst\AppData\Roaming\Adobe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys

    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys

    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys

    R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys

    R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys

    R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys

    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys

    S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys

    S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys

    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys

    S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys

    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys

    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys

    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys

    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys

    S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys

    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys

    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys

    S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys

    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys

    S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys

    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

    S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys

    S3 WSDScan;WSD Scan Support via UMB; C:\Windows\system32\drivers\WSDScan.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe

    R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe

    R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

    R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe

    R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

    R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe

    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe

    S4 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe

    S4 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

    S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe

    S4 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

    S4 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe

    S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    —————–EOF—————–

    Groet André.

  • Ben

    Hallo,

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    emptyclsid;

    torpigcheck;

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

  • André van Es

    Zoek.exe v5.0.0.0 Updated 14-April-2014

    Tool run by Subst on wo 16-04-2014 at 21:41:10,67.

    Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Subst\Downloads\zoek.exe

    ==== System Restore Info ======================

    16-4-2014 21:42:36 Zoek.exe System Restore Point Created Succesfully.

    ==== Empty Folders Check ======================

    C:\PROGRA~2\MSXML 4.0 deleted successfully

    C:\PROGRA~3\Systweak deleted successfully

    C:\PROGRA~3\Windows deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    ==== Deleting Services ======================

    ==== FireFox Fix ======================

    ProfilePath: C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default

    —- Lines delta removed from prefs.js —-

    user_pref(“extensions.delta.admin”, false);

    user_pref(“extensions.delta.aflt”, “babsst”);

    user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);

    user_pref(“extensions.delta.autoRvrt”, “false”);

    user_pref(“extensions.delta.dfltLng”, “nl”);

    user_pref(“extensions.delta.excTlbr”, false);

    user_pref(“extensions.delta.ffxUnstlRst”, true);

    user_pref(“extensions.delta.id”, “44acac1c000000000000002185300571”);

    user_pref(“extensions.delta.instlDay”, “15936”);

    user_pref(“extensions.delta.instlRef”, “sst”);

    user_pref(“extensions.delta.newTab”, false);

    user_pref(“extensions.delta.prdct”, “delta”);

    user_pref(“extensions.delta.prtnrId”, “delta”);

    user_pref(“extensions.delta.rvrt”, “false”);

    user_pref(“extensions.delta.smplGrp”, “none”);

    user_pref(“extensions.delta.tlbrId”, “base”);

    user_pref(“extensions.delta.tlbrSrchUrl”, “”);

    user_pref(“extensions.delta.vrsn”, “1.8.24.5”);

    user_pref(“extensions.delta.vrsnTs”, “1.8.24.512:50:45”);

    user_pref(“extensions.delta.vrsni”, “1.8.24.5”);

    user_pref(“extensions.delta_i.babExt”, “”);

    user_pref(“extensions.delta_i.babTrack”, “affID=120523&tt=180813_220&tsp=4979”);

    user_pref(“extensions.delta_i.srcExt”, “ss”);

    —- Lines delta removed from user.js —-

    user_pref(“extensions.delta.tlbrSrchUrl”, “”);

    user_pref(“extensions.delta.id”, “44acac1c000000000000002185300571”);

    user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);

    user_pref(“extensions.delta.instlDay”, “15936”);

    user_pref(“extensions.delta.vrsn”, “1.8.24.5”);

    user_pref(“extensions.delta.vrsni”, “1.8.24.5”);

    user_pref(“extensions.delta.vrsnTs”, “1.8.24.512:50:45”);

    user_pref(“extensions.delta.prtnrId”, “delta”);

    user_pref(“extensions.delta.prdct”, “delta”);

    user_pref(“extensions.delta.aflt”, “babsst”);

    user_pref(“extensions.delta.smplGrp”, “none”);

    user_pref(“extensions.delta.tlbrId”, “base”);

    user_pref(“extensions.delta.instlRef”, “sst”);

    user_pref(“extensions.delta.dfltLng”, “nl”);

    user_pref(“extensions.delta.excTlbr”, false);

    user_pref(“extensions.delta.ffxUnstlRst”, true);

    user_pref(“extensions.delta.admin”, false);

    user_pref(“extensions.delta_i.babTrack”, “affID=120523&tt=180813_220&tsp=4979”);

    user_pref(“extensions.delta_i.babExt”, “”);

    user_pref(“extensions.delta_i.srcExt”, “ss”);

    user_pref(“extensions.delta.autoRvrt”, “false”);

    user_pref(“extensions.delta.rvrt”, “false”);

    user_pref(“extensions.delta.newTab”, false);

    —- Lines CT2865317 removed from prefs.js —-

    user_pref(“CT2865317.FF19Solved”, “true”);

    user_pref(“CT2865317.fullUserID”, “UN19205325842337417.IN.20130819131146”);

    user_pref(“CT2865317.installDate”, “19/08/2013 13:11:46”);

    user_pref(“CT2865317.installerVersion”, “1.5.4.4”);

    user_pref(“CT2865317.installSessionId”, “-1”);

    user_pref(“CT2865317.installSp”, “false”);

    user_pref(“CT2865317.searchRevert”, “FALSE”);

    user_pref(“CT2865317.searchUserMode”, “1”);

    user_pref(“CT2865317.UserID”, “UN19205325842337417”);

    user_pref(“CT2865317.versionFromInstaller”, “10.16.70.5”);

    user_pref(“CT2865317.xpeMode”, “0”);

    —- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js —-

    user_pref(“extensions.installCache”, "

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “CAHeadless”=“C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe”

    “GoogleDriveSync”=“C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart”

    “TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”

    “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “CAHeadless”=“C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe”

    “GoogleDriveSync”=“C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart”

    “TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”

    ==== Startup Registry Enabled x64 ======================

    “MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”

    “AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”

    ==== Startup Registry Disabled x64 ======================

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\SysNative\tasks\Adobe Flash Player Updater”

    “C:\Windows\SysNative\tasks\CCleanerSkipUAC”

    “C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”

    “C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”

    “C:\Windows\SysNative\tasks\User_Feed_Synchronization-{83B83A59-2A1C-45B2-AE88-2AEE02D3BB33}”

    “C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate”

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default

    - Google Instant Integration - %ProfilePath%\extensions\{8746a873-332e-4c3f-b9bb-58b0d7a61d16}.xpi

    ProfilePath: C:\Users\Subst\AppData\Roaming\TomTom\HOME\Profiles\2iljr1tz.default

    - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

    - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

    AppDir: C:\Program Files (x86)\Mozilla Firefox

    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default

    ABE2E50533899C45DFA03E1D8767648F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash

    D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

    15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Subst\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx

    jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found

    jifflliplgeajjdhmkcfnngfpgbjonjg - C:\Program Files (x86)\Perion\NewTab\newTab.crx

    niogeckbkdcabhnapjbkeiklablhjoca - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx

    pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

    cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Subst\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://go.microsoft.com/fwlink/p/?LinkId=255141”

    “Start Page Redirect Cache”=“http://www.google.com”

    “Start Page Redirect Cache”=“http://www.google.com”

    “DefaultScope”=“{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}”

    not found

    New Values:

    “Start Page”=“http://go.microsoft.com/fwlink/p/?LinkId=255141”

    “Start Page Redirect Cache”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “Start Page Redirect Cache”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9AFCC37E-B4E9-4800-7ECE-B1CA2BDEE49E} deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Subst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Subst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\Subst\AppData\Local\Mozilla\Firefox\Profiles\pvljp0fc.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    No Chrome User Data found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=406 folders=121 232210664 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\Subst\AppData\Local\Temp will be emptied at reboot

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\Subst\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    C:\RECYCLER successfully emptied

    ==== EOF on wo 16-04-2014 at 22:03:47,08 ======================

  • fazantje

    Hoi Andre,

    Download AdwCleaner by Xplode naar het bureaublad.

    Sluit alle openstaande vensters.

    Klik met de rechtermuisknop op het icoontje (snelkoppeling) en kies voor Als Administrator uitvoeren.

    Klik vervolgens op Scan.

    Klik vervolgens op Clean als er items zijn gevonden.

    Klik bij Herstarten Noodzakelijk op OK.

    Nadat de PC opnieuw is opgestart, opent meestal een logfile.

    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt

    Post de inhoud van dit logje in je volgende bericht.

    Vertel gelijk hoe het nu gaat met jou computer.

    Succes,

    Huib;)

  • André van Es

    # AdwCleaner v3.023 - Report created 16/04/2014 at 23:17:09

    # Updated 01/04/2014 by Xplode

    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

    # Username : Subst - ANDRÉ-PC

    # Running from : C:\Users\Subst\Downloads\adwcleaner.exe

    # Option : Clean

    ***** *****

    ***** *****

    ***** *****

    ***** *****

    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

    Key Deleted : HKLM\SOFTWARE\Classes\oneclick

    Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dynamic-photo-hdr_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dynamic-photo-hdr_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

    Key Deleted : HKCU\Software\systweak

    Key Deleted : HKLM\Software\ExpressFiles

    Key Deleted : HKLM\Software\Pirrit

    Key Deleted : HKLM\Software\systweak

    Key Deleted : HKLM\Software\torch

    Key Deleted : HKLM\SOFTWARE\Pirrit

    Key Deleted : HKLM\SOFTWARE\Tarma Installer

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

    ***** *****

    -\\ Internet Explorer v11.0.9600.16521

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls

    -\\ Mozilla Firefox v28.0 (nl)

    *************************

    AdwCleaner.txt - -

    AdwCleaner.txt - -

    ########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########

  • fazantje

    Hoi Andre,

    Hoe gaat het nu??

    Dit was een mooie opruiming;)

    Groetjes Huib;)

  • André van Es

    Ik heb geen pop-ups meer en ook mijn antivirus programma start weer van zelf.

    Dus de problemen waarvoor ik aanklopte zijn er niet meer.

    Heel erg bedankt weer voor jullie hulp.

    Jullie zijn geweldig.

    Groetjes André.

  • fazantje

    Hoi Andre,

    Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:

    Download Delfix by Xplode naar het bureaublad.

    Dubbelklik op Delfix.exe om de tool te starten.

    Zet nu vinkjes voor de volgende items:

    Remove disinfection tools.

    Create registry backup.

    Purge System Restore.

    Reset system settings.

    Klik nu op “Run” en wacht geduldig tot de tool gereed is.

    Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.

    Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.

    Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.