Microsoft Essentials schakeld beveiliging niet zelf meer in en pop-ups.

André van Es

13-04-2014 21:33

Mijn beveiliging moet ik iedere keer bij het opstarten zelf weer inschakelen en ik heb last van pop-ups
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:17, on 13-4-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Subst\AppData\Local\PirritSuggestor\PirritDesktop.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - (no file)
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {9E858349-A287-4D37-8C27-034330E160F9} (MijnAlbum Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc_redesign/core/system/aus8.0.14/ImageUploader8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PirritDesktop - Unknown owner - C:\Users\Subst\AppData\Local\PirritSuggestor\PirritService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 8038 bytes
fazantje

13-04-2014 22:28

Hoi Andre,
Het is alweer 6 jaar geleden dat we je hier voor het laatst hebben gezien.
Welkom terug.
Er is wel het 1 en ander aan het stappenplan veranderd.
Zou je het vernieuwde stappenplan willen uitvoeren en daarna de gevraagde logjes willen plaatsen.
Daarna kunnen we je weer verder helpen.
Succes,
Huib;)
André van Es

15-04-2014 21:58

Ik heb ondertussen malwarebytes gebruikt, maar dat ging niet goed omdat de instellingen op de pc opeens veranderden en ik daarna geen internet meer had.
Wel heb ik de pc in de veilige modus laten scannen en opnieuw hijackthis gebruikt en een scan gemaakt en alles opgeschoont met CC-cleaner.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Subst at 2014-04-15 21:51:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 230 GB (48%) free of 477 GB
Total RAM: 7919 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:51:52, on 15-4-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Subst\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Program Files\trend micro\Subst.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: (no name) - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - (no file)
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {9E858349-A287-4D37-8C27-034330E160F9} (MijnAlbum Album Upload Software Control Control) - http://www.mijnalbum.nl/v3/skinsrc_redesign/core/system/aus8.0.14/ImageUploader8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 7700 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“C:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
“taskhost.exe”
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
C:\Windows\system32\AEADISRV.EXE
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe”
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe”
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 1200
“C:\Program Files (x86)\Google\Drive\googledrivesync.exe” /autostart
“C:\Program Files\iPod\bin\iPodService.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\system32\svchost.exe -k SDRSVC
“C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9e06911f-9de9-4f43-bcd7-f3edb163aaca -SystemEventPortName:HostProcess-f2c3f3e0-0ee8-411f-87fc-4570a51f8653 -IoCancelEventPortName:HostProcess-6e176438-f789-4262-9b53-94f994186963 -NonStateChangingEventPortName:HostProcess-6ebd9266-3c57-48d6-aa4b-811279ad693e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d25068b2-f72c-42e6-b50a-83eb4161e496 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
“C:\Program Files\Microsoft Security Client\NisSrv.exe”
“C:\Users\Subst\AppData\Roaming\uTorrent\uTorrent.exe” /RELOCATED
“C:\Program Files (x86)\Mozilla Firefox\firefox.exe”
“C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe” –channel=840.c87f590.558761742 “C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll” -greomni “C:\Program Files (x86)\Mozilla Firefox\omni.ja” -appomni “C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja” -appdir “C:\Program Files (x86)\Mozilla Firefox\browser” E7CF176E110C211B 840 “\\.\pipe\gecko-crash-server-pipe.840” plugin
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe” –proxy-stub-channel=Flash1272.657F7F48.20471 –host-broker-channel=Flash1272.657F7F48.31686 –host-pid=1272 –host-npapi-version=27 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll”
“C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe” –channel=3660.0039F658.742435888 –proxy-stub-channel=Flash1272.657F7F48.20471 –plugin-path=“C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll” –host-npapi-version=27 –type=renderer
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 516 520 528 65536 524
“C:\Users\Subst\Downloads\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default
prefs.js - “browser.search.useDBForOrder” - “false”
prefs.js - “browser.startup.homepage” - “http://nl.msn.com/”
“Description”=Adobe® Flash® Player 13.0.0.182 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
“Description”=
“Path”=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Windows\SysWOW64\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=Ag Player Plugin
“Path”=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
“Description”=Adobe® Flash® Player 13.0.0.182 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll
“Description”=
“Path”=C:\Windows\system32\npDeployJava1.dll
“Description”=Ag Player Plugin
“Path”=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=
“Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
ffxtlbr@babylon.com
C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default\extensions\
{87775fdb-6972-41f9-ae51-8326e38cb206}
C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default\searchplugins\
google-instant.xml
======Registry dump======
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
“CAHeadless”=C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
“GoogleDriveSync”=C:\Program Files (x86)\Google\Drive\googledrivesync.exe
“TomTomHOME.exe”=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“c:\windows\mdm.exe”=“c:\windows\mdm.exe:*:Enabled:Microsoft Firevall Engine”
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-04-15 21:51:49 —-D—- C:\rsit
2014-04-15 21:51:49 —-D—- C:\Program Files\trend micro
2014-04-13 22:53:24 —-A—- C:\malware.txt
2014-04-13 22:21:31 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-13 22:21:08 —-D—- C:\ProgramData\Malwarebytes
2014-04-09 20:32:41 —-D—- C:\Program Files\HitmanPro
2014-04-09 20:29:47 —-D—- C:\ProgramData\Systweak
2014-04-09 20:29:40 —-A—- C:\Windows\system32\sasnative64.exe
2014-04-09 20:29:12 —-D—- C:\ProgramData\HitmanPro
2014-04-09 20:29:11 —-D—- C:\Users\Subst\AppData\Roaming\systweak
2014-04-09 02:01:52 —-A—- C:\Windows\system32\mshtml.dll
2014-04-09 02:01:51 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-04-09 02:01:47 —-A—- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-09 02:01:47 —-A—- C:\Windows\system32\iologmsg.dll
2014-04-09 02:01:47 —-A—- C:\Windows\system32\drivers\storport.sys
2014-04-09 02:01:47 —-A—- C:\Windows\system32\drivers\msiscsi.sys
2014-04-09 02:01:47 —-A—- C:\Windows\system32\drivers\Diskdump.sys
2014-04-09 02:01:44 —-A—- C:\Windows\system32\kernel32.dll
2014-04-09 02:01:43 —-A—- C:\Windows\SYSWOW64\setup16.exe
2014-04-09 02:01:43 —-A—- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-09 02:01:43 —-A—- C:\Windows\SYSWOW64\kernel32.dll
2014-04-09 02:01:43 —-A—- C:\Windows\system32\wow64win.dll
2014-04-09 02:01:43 —-A—- C:\Windows\system32\wow64cpu.dll
2014-04-09 02:01:43 —-A—- C:\Windows\system32\wow64.dll
2014-04-09 02:01:43 —-A—- C:\Windows\system32\ntvdm64.dll
2014-04-09 02:01:42 —-A—- C:\Windows\SYSWOW64\wow32.dll
2014-04-09 02:01:42 —-A—- C:\Windows\SYSWOW64\user.exe
2014-04-09 02:01:42 —-A—- C:\Windows\SYSWOW64\instnm.exe
2014-04-09 02:01:40 —-A—- C:\Windows\system32\drivers\ntfs.sys
2014-04-04 10:32:38 —-A—- C:\Windows\SYSWOW64\mstscax.dll
2014-04-04 10:32:38 —-A—- C:\Windows\system32\mstscax.dll
2014-04-03 12:15:39 —-A—- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-03 12:15:36 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-03 12:15:36 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-03 12:15:35 —-A—- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-04-03 12:15:33 —-A—- C:\Windows\SYSWOW64\wksprtPS.dll
2014-04-03 12:15:33 —-A—- C:\Windows\SYSWOW64\tsgqec.dll
2014-04-03 12:15:33 —-A—- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-04-03 12:15:33 —-A—- C:\Windows\system32\wksprtPS.dll
2014-04-03 12:15:33 —-A—- C:\Windows\system32\tsgqec.dll
2014-04-03 12:15:33 —-A—- C:\Windows\system32\MsRdpWebAccess.dll
2014-04-03 12:15:32 —-A—- C:\Windows\SYSWOW64\mstsc.exe
2014-04-03 12:15:32 —-A—- C:\Windows\system32\wksprt.exe
2014-04-03 12:15:32 —-A—- C:\Windows\system32\TSWbPrxy.exe
2014-04-03 12:15:32 —-A—- C:\Windows\system32\mstsc.exe
2014-04-03 12:15:31 —-A—- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-04-03 12:15:31 —-A—- C:\Windows\system32\rdvidcrl.dll
2014-04-03 12:14:31 —-A—- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-04-03 12:14:31 —-A—- C:\Windows\system32\TSWorkspace.dll
2014-03-29 12:28:31 —-D—- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2014-04-15 21:51:52 —-D—- C:\Windows\Prefetch
2014-04-15 21:51:49 —-RD—- C:\Program Files
2014-04-15 21:49:46 —-D—- C:\Users\Subst\AppData\Roaming\uTorrent
2014-04-15 20:03:26 —-AD—- C:\Windows\Temp
2014-04-15 20:03:14 —-D—- C:\Windows\system32\config
2014-04-15 20:03:10 —-D—- C:\Windows\winsxs
2014-04-15 19:56:42 —-D—- C:\Windows\system32\LogFiles
2014-04-15 19:56:41 —-D—- C:\Windows\System32
2014-04-15 19:56:41 —-D—- C:\Windows\inf
2014-04-15 19:56:40 —-AD—- C:\Windows
2014-04-15 19:55:08 —-D—- C:\Windows\system32\Tasks
2014-04-15 19:53:09 —-SHD—- C:\Windows\Installer
2014-04-15 19:53:08 —-SHD—- C:\Config.Msi
2014-04-15 19:52:43 —-SHD—- C:\System Volume Information
2014-04-15 18:45:10 —-D—- C:\ProgramData\Skype
2014-04-15 18:45:09 —-RD—- C:\Program Files (x86)
2014-04-15 18:45:09 —-D—- C:\Program Files (x86)\Common Files
2014-04-15 18:44:59 —-D—- C:\Users\Subst\AppData\Roaming\Skype
2014-04-15 05:37:26 —-D—- C:\Windows\SoftwareDistribution
2014-04-13 23:03:52 —-D—- C:\Windows\system32\drivers
2014-04-13 22:53:34 —-D—- C:\ProgramData\Windows
2014-04-13 22:21:08 —-HD—- C:\ProgramData
2014-04-13 08:50:45 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-12 05:54:51 —-D—- C:\Windows\system32\catroot2
2014-04-11 23:03:06 —-D—- C:\Windows\debug
2014-04-09 20:51:07 —-D—- C:\Windows\Tasks
2014-04-09 20:45:57 —-D—- C:\Windows\system32\drivers\etc
2014-04-09 04:00:47 —-D—- C:\Windows\rescache
2014-04-09 03:21:00 —-D—- C:\Windows\SYSWOW64\nl-NL
2014-04-09 03:21:00 —-D—- C:\Windows\SYSWOW64\en-US
2014-04-09 03:21:00 —-D—- C:\Windows\SysWOW64
2014-04-09 03:21:00 —-D—- C:\Windows\system32\nl-NL
2014-04-09 03:21:00 —-D—- C:\Windows\system32\en-US
2014-04-09 03:20:59 —-D—- C:\Windows\system32\DriverStore
2014-04-09 03:20:59 —-D—- C:\Windows\AppPatch
2014-04-09 03:05:45 —-D—- C:\ProgramData\Microsoft Help
2014-04-09 03:04:38 —-D—- C:\Windows\system32\MRT
2014-04-09 03:02:12 —-A—- C:\Windows\system32\MRT.exe
2014-04-09 02:01:09 —-D—- C:\Windows\system32\catroot
2014-04-04 10:28:04 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-04-03 22:08:55 —-SD—- C:\Users\Subst\AppData\Roaming\Microsoft
2014-04-03 22:06:51 —-D—- C:\ProgramData\EPSON
2014-04-03 22:06:50 —-D—- C:\Users\Subst\AppData\Roaming\Epson
2014-04-03 12:24:22 —-D—- C:\Program Files\CCleaner
2014-04-03 12:17:05 —-D—- C:\Windows\SYSWOW64\wbem
2014-04-03 12:17:05 —-D—- C:\Windows\system32\wbem
2014-04-03 12:17:05 —-D—- C:\Windows\system32\drivers\en-US
2014-04-03 01:29:24 —-D—- C:\Program Files\Microsoft Security Client
2014-04-03 01:29:24 —-D—- C:\Program Files (x86)\Microsoft Security Client
2014-03-19 22:40:07 —-D—- C:\Users\Subst\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys
S3 WSDScan;WSD Scan Support via UMB; C:\Windows\system32\drivers\WSDScan.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S4 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
S4 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe
S4 SamsungAllShareV2.0;Samsung AllShare PC; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
S4 SimpleSlideShowServer;SimpleSlideShowServer; C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
—————–EOF—————–
Groet André.
Ben

16-04-2014 08:55

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
André van Es

16-04-2014 22:06

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Subst on wo 16-04-2014 at 21:41:10,67.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Subst\Downloads\zoek.exe
==== System Restore Info ======================
16-4-2014 21:42:36 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Systweak deleted successfully
C:\PROGRA~3\Windows deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default
—- Lines delta removed from prefs.js —-
user_pref(“extensions.delta.admin”, false);
user_pref(“extensions.delta.aflt”, “babsst”);
user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
user_pref(“extensions.delta.autoRvrt”, “false”);
user_pref(“extensions.delta.dfltLng”, “nl”);
user_pref(“extensions.delta.excTlbr”, false);
user_pref(“extensions.delta.ffxUnstlRst”, true);
user_pref(“extensions.delta.id”, “44acac1c000000000000002185300571”);
user_pref(“extensions.delta.instlDay”, “15936”);
user_pref(“extensions.delta.instlRef”, “sst”);
user_pref(“extensions.delta.newTab”, false);
user_pref(“extensions.delta.prdct”, “delta”);
user_pref(“extensions.delta.prtnrId”, “delta”);
user_pref(“extensions.delta.rvrt”, “false”);
user_pref(“extensions.delta.smplGrp”, “none”);
user_pref(“extensions.delta.tlbrId”, “base”);
user_pref(“extensions.delta.tlbrSrchUrl”, “”);
user_pref(“extensions.delta.vrsn”, “1.8.24.5”);
user_pref(“extensions.delta.vrsnTs”, “1.8.24.512:50:45”);
user_pref(“extensions.delta.vrsni”, “1.8.24.5”);
user_pref(“extensions.delta_i.babExt”, “”);
user_pref(“extensions.delta_i.babTrack”, “affID=120523&tt=180813_220&tsp=4979”);
user_pref(“extensions.delta_i.srcExt”, “ss”);
—- Lines delta removed from user.js —-
user_pref(“extensions.delta.tlbrSrchUrl”, “”);
user_pref(“extensions.delta.id”, “44acac1c000000000000002185300571”);
user_pref(“extensions.delta.appId”, “{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}”);
user_pref(“extensions.delta.instlDay”, “15936”);
user_pref(“extensions.delta.vrsn”, “1.8.24.5”);
user_pref(“extensions.delta.vrsni”, “1.8.24.5”);
user_pref(“extensions.delta.vrsnTs”, “1.8.24.512:50:45”);
user_pref(“extensions.delta.prtnrId”, “delta”);
user_pref(“extensions.delta.prdct”, “delta”);
user_pref(“extensions.delta.aflt”, “babsst”);
user_pref(“extensions.delta.smplGrp”, “none”);
user_pref(“extensions.delta.tlbrId”, “base”);
user_pref(“extensions.delta.instlRef”, “sst”);
user_pref(“extensions.delta.dfltLng”, “nl”);
user_pref(“extensions.delta.excTlbr”, false);
user_pref(“extensions.delta.ffxUnstlRst”, true);
user_pref(“extensions.delta.admin”, false);
user_pref(“extensions.delta_i.babTrack”, “affID=120523&tt=180813_220&tsp=4979”);
user_pref(“extensions.delta_i.babExt”, “”);
user_pref(“extensions.delta_i.srcExt”, “ss”);
user_pref(“extensions.delta.autoRvrt”, “false”);
user_pref(“extensions.delta.rvrt”, “false”);
user_pref(“extensions.delta.newTab”, false);
—- Lines CT2865317 removed from prefs.js —-
user_pref(“CT2865317.FF19Solved”, “true”);
user_pref(“CT2865317.fullUserID”, “UN19205325842337417.IN.20130819131146”);
user_pref(“CT2865317.installDate”, “19/08/2013 13:11:46”);
user_pref(“CT2865317.installerVersion”, “1.5.4.4”);
user_pref(“CT2865317.installSessionId”, “-1”);
user_pref(“CT2865317.installSp”, “false”);
user_pref(“CT2865317.searchRevert”, “FALSE”);
user_pref(“CT2865317.searchUserMode”, “1”);
user_pref(“CT2865317.UserID”, “UN19205325842337417”);
user_pref(“CT2865317.versionFromInstaller”, “10.16.70.5”);
user_pref(“CT2865317.xpeMode”, “0”);
—- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js —-
user_pref(“extensions.installCache”, "
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“CAHeadless”=“C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe”
“GoogleDriveSync”=“C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“CAHeadless”=“C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe”
“GoogleDriveSync”=“C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
==== Startup Registry Enabled x64 ======================
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
==== Startup Registry Disabled x64 ======================
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\User_Feed_Synchronization-{83B83A59-2A1C-45B2-AE88-2AEE02D3BB33}”
“C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate”
==== Firefox Extensions ======================
ProfilePath: C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default
- Google Instant Integration - %ProfilePath%\extensions\{8746a873-332e-4c3f-b9bb-58b0d7a61d16}.xpi
ProfilePath: C:\Users\Subst\AppData\Roaming\TomTom\HOME\Profiles\2iljr1tz.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Subst\AppData\Roaming\Mozilla\Firefox\Profiles\pvljp0fc.default
ABE2E50533899C45DFA03E1D8767648F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Subst\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found
jifflliplgeajjdhmkcfnngfpgbjonjg - C:\Program Files (x86)\Perion\NewTab\newTab.crx
niogeckbkdcabhnapjbkeiklablhjoca - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx
pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Subst\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://go.microsoft.com/fwlink/p/?LinkId=255141”
“Start Page Redirect Cache”=“http://www.google.com”
“Start Page Redirect Cache”=“http://www.google.com”
“DefaultScope”=“{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}”
not found
New Values:
“Start Page”=“http://go.microsoft.com/fwlink/p/?LinkId=255141”
“Start Page Redirect Cache”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page Redirect Cache”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9AFCC37E-B4E9-4800-7ECE-B1CA2BDEE49E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Subst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Subst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Subst\AppData\Local\Mozilla\Firefox\Profiles\pvljp0fc.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=406 folders=121 232210664 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Subst\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Subst\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== EOF on wo 16-04-2014 at 22:03:47,08 ======================
fazantje

16-04-2014 22:19

Hoi Andre,
Download AdwCleaner by Xplode naar het bureaublad.
Sluit alle openstaande vensters.
Klik met de rechtermuisknop op het icoontje (snelkoppeling) en kies voor Als Administrator uitvoeren.
Klik vervolgens op Scan.
Klik vervolgens op Clean als er items zijn gevonden.
Klik bij Herstarten Noodzakelijk op OK.
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post de inhoud van dit logje in je volgende bericht.
Vertel gelijk hoe het nu gaat met jou computer.
Succes,
Huib;)
André van Es

16-04-2014 23:23

# AdwCleaner v3.023 - Report created 16/04/2014 at 23:17:09
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Subst - ANDRÉ-PC
# Running from : C:\Users\Subst\Downloads\adwcleaner.exe
# Option : Clean
***** *****
***** *****
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dynamic-photo-hdr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_dynamic-photo-hdr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Pirrit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\SOFTWARE\Pirrit
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
***** *****
-\\ Internet Explorer v11.0.9600.16521
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls
-\\ Mozilla Firefox v28.0 (nl)
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
fazantje

16-04-2014 23:45

Hoi Andre,
Hoe gaat het nu??
Dit was een mooie opruiming;)
Groetjes Huib;)
André van Es

17-04-2014 05:48

Ik heb geen pop-ups meer en ook mijn antivirus programma start weer van zelf.
Dus de problemen waarvoor ik aanklopte zijn er niet meer.
Heel erg bedankt weer voor jullie hulp.
Jullie zijn geweldig.
Groetjes André.
fazantje

17-04-2014 07:41

Hoi Andre,
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools.
Create registry backup.
Purge System Restore.
Reset system settings.
Klik nu op “Run” en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Microsoft Essentials schakeld beveiliging niet zelf meer in en pop-ups.

André van Es

fazantje

André van Es

Ben

André van Es

fazantje

André van Es

fazantje

André van Es

fazantje