Qone8

Sammy1

22-05-2014 22:36

3,6 weken geleden hebben we het probleem van de qone8 startpagina in chrome opgelost maar nu verscijnt het probleem in Mozilla Firefox: hier het gedetailleerde log van Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 22-5-2014
Scan Time: 22:16:25
Logfile: log malware.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.22.10
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Elmar
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245295
Time Elapsed: 15 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Sammy1

22-05-2014 22:40

PS dit is de oorspronkelijke log (toen was ook Chrome geinfecteerd):
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 29-4-2014
Scan Time: 21:22:35
Logfile: log malware orig.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.29.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Elmar
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 236779
Time Elapsed: 18 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.IePluginService.A, C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe, 1796, Delete-on-Reboot,
Modules: 1
PUP.Optional.SupTab.A, C:\Program Files\SupTab\DpInterface32.dll, Delete-on-Reboot, ,
Registry Keys: 23
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, ,
PUP.Optional.SupTab.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, ,
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\INPROCSERVER32, Quarantined, ,
PUP.Optional.Melondrea.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{16F059CB-3D3F-4ECC-B426-BAFA47233676}, Quarantined, ,
PUP.Optional.Melondrea.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{16F059CB-3D3F-4ECC-B426-BAFA47233676}, Quarantined, ,
PUP.Optional.BestToolbars, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}, Quarantined, ,
PUP.Optional.BestToolbars, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}, Quarantined, ,
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test (4354).BackgroundHostObject, Quarantined, ,
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test (4354).BackgroundHostObject.1, Quarantined, ,
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, ,
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, ,
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, ,
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Torntv V9.0, Quarantined, ,
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, ,
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, ,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, ,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, ,
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, ,
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, Quarantined, ,
Registry Values: 3
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\extensions\quick_start@gmail.com, Quarantined,
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|Verifier, 001102b8bd0c8b254885aae7787e7ab4, Quarantined,
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Quarantined,
Registry Data: 6
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SupTab\SEARCH~1.DLL, Good: (), Bad: (C:\PROGRA~1\SupTab\SEARCH~1.DLL),Replaced,
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX),Replaced,
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX),Replaced,
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.qone8.com/?type=hp&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX),Replaced,
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,
Hijack.StartPage, HKU\S-1-5-21-1801674531-117609710-1606980848-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX),Replaced,
Folders: 61
PUP.Optional.SupTab.A, C:\Program Files\SupTab, Delete-on-Reboot, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW, Quarantined, ,
Adware.InstallBrain, C:\Documents and Settings\All Users\Application Data\IBUpdaterService, Quarantined, ,
PUP.Optional.FreeGames.A, C:\Documents and Settings\Elmar\Application Data\freegames4357, Quarantined, ,
PUP.Optional.SpeedTest.A, C:\Documents and Settings\Elmar\Application Data\speedtest4354, Quarantined, ,
PUP.Optional.IePluginService.A, C:\Documents and Settings\All Users\Application Data\IePluginService, Delete-on-Reboot, ,
PUP.Optional.IePluginService.A, C:\Documents and Settings\All Users\Application Data\IePluginService\update, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include\tools, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\en, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\en-US, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\es, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\es-419, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-BE, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-CA, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-CH, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-LU, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\it, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\it-CH, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\pl, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\pt-BR, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\ru, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\ru-MO, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\tr, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\vi, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\zh-CN, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\zh-TW, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\defaults, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\defaults\preferences, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules, Quarantined, ,
Files: 186
PUP.Optional.IePluginService.A, C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe, Delete-on-Reboot, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SupTab.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Documents and Settings\Elmar\Application Data\SupTab\SupTab.dll, Quarantined, ,
PUP.Optional.Softonic.A, C:\Documents and Settings\Elmar\Mijn documenten\Downloads\SoftonicDownloader_voor_windows-7-service-pack-1.exe, Quarantined, ,
PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Elmar\Mijn documenten\Downloads\windows 7 sp1 included setup (1).exe, Quarantined, ,
PUP.Optional.BundleInstaller.A, C:\Documents and Settings\Elmar\Mijn documenten\Downloads\windows 7 sp1 included setup.exe, Quarantined, ,
PUP.Optional.OneClickDownloader.A, C:\Documents and Settings\Elmar\Mijn documenten\Downloads\windows_7_ultimate_32_bit_Verified (1).exe, Quarantined, ,
PUP.Optional.OneClickDownloader.A, C:\Documents and Settings\Elmar\Mijn documenten\Downloads\windows_7_ultimate_32_bit_Verified.exe, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\install.data, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\DpInterface32.dll, Delete-on-Reboot, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\DpInterface64.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\DpInterfacef32.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\ient.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\RSHP.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SearchProtect32.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SearchProtect64.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SpAPPSv32.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SpAPPSv64.dll, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\uninstall.exe, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\WebDataJs, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\data.html, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE.html, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE8.html, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\main.css, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\ver.txt, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\arrow.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_add_logo_hover.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\default_logo.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\googlelogo2.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\google_trends.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon128.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon16.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon48.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\loading.gif, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\logo32.ico, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\search.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\sliders.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\weather\0.png, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\common.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ga.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ie8.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery.autocomplete.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\js.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\library.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\xagainit.js, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN\messages.json, Quarantined, ,
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW\messages.json, Quarantined, ,
Adware.InstallBrain, C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml, Quarantined, ,
PUP.Optional.FreeGames.A, C:\Documents and Settings\Elmar\Application Data\freegames4357\freegames4357.crx, Quarantined, ,
PUP.Optional.FreeGames.A, C:\Documents and Settings\Elmar\Application Data\freegames4357\freegames4357DeskTopIcon.ico, Quarantined, ,
PUP.Optional.FreeGames.A, C:\Documents and Settings\Elmar\Application Data\freegames4357\install_helper.exe, Quarantined, ,
PUP.Optional.SpeedTest.A, C:\Documents and Settings\Elmar\Application Data\speedtest4354\install_helper.exe, Quarantined, ,
PUP.Optional.SpeedTest.A, C:\Documents and Settings\Elmar\Application Data\speedtest4354\speedtest4354.crx, Quarantined, ,
PUP.Optional.SpeedTest.A, C:\Documents and Settings\Elmar\Application Data\speedtest4354\speedtest4354DeskTopIcon.ico, Quarantined, ,
PUP.Optional.IePluginService.A, C:\Documents and Settings\All Users\Application Data\IePluginService\update\conf, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome.manifest, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\install.rdf, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\index.html, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\quick_start.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\quick_start.xul, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js\common.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js\ga.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js\js.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js\library.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\default_logo.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\google_trends.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\icon.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\icon128.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\icon16.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\icon48.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\iconsmall.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\loading.gif, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\logo.ico, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\logo.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\logo32.ico, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\search.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\style.css, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\27.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\0.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\1.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\10.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\11.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\12.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\13.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\14.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\15.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\16.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\17.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\18.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\19.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\2.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\20.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\21.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\22.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\23.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\24.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\25.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\26.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\28.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\29.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\3.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\30.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\31.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\32.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\33.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\34.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\35.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\36.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\37.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\38.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\39.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\4.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\40.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\41.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\42.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\43.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\44.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\45.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\46.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\47.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\5.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\6.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\7.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\8.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\chrome\skin\weather\9.png, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\defaults\preferences\fvd.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\addonmanager.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\aes.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\config.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\dialogs.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\last_tab.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\misc.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\properties.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\remoterequest.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\restoreprefs.js, Quarantined, ,
PUP.Optional.QuickStart.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Extensions\quick_start@gmail.com\modules\settings.js, Quarantined, ,
PUP.Optional.Qone8.A, C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\prefs.js, Good: (), Bad: (user_pref(“browser.startup.homepage”, “http://start.qone8.com/?type=hppp&ts=1397745876&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX”), Replaced,
Physical Sectors: 0
(No malicious items detected)
(end)
fazantje

22-05-2014 22:44

Hoi Sammy,
Graag ook even het logje van RSIT, zo als in het stappenplan staat vermeld.
Groetjes Huib;)
Sammy1

22-05-2014 22:55

Hier is het :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:54:36, on 22-5-2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: SOUNDMAN.EXE
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
–
End of file - 8500 bytes
Ben

23-05-2014 09:24

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Sammy1

23-05-2014 20:41

Hallo Ben
ik heb de stappen gevolgd met dit resultaat:
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Elmar on vr 23-05-2014 at 20:16:53,34.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Elmar\Mijn documenten\Downloads\zoek.exe
==== System Restore Info ======================
23-5-2014 20:18:15 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\CDF {67EA19A0-CCEF-11d0-8024-00C04FD75D13} %SystemRoot%\system32\shdocvw.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files\FileZilla FTP Client\fzshellext.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\MyDocuments {ECF03A33-103D-11d2-854D-006008059367} %SystemRoot%\system32\mydocs.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll
==== Empty Folders Check ======================
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Windows Media Connect 2 deleted successfully
C:\Documents and Settings\All Users\Menu Start\Programma's\Nokia deleted successfully
C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles deleted successfully
C:\Documents and Settings\Elmar\Application Data\Canon deleted successfully
C:\Documents and Settings\Elmar\Application Data\Nokia Suite deleted successfully
C:\Documents and Settings\Elmar\Application Data\PerformerSoft deleted successfully
C:\Documents and Settings\Elmar\Application Data\SupTab deleted successfully
C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully
C:\Documents and Settings\Elmar\Local Settings\Application Data\uTorrentBar deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Elmar\Mijn documenten\Downloads\zoek.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default
—- Lines qone8 removed from prefs.js —-
user_pref(“browser.search.defaultenginename”, “qone8”);
—- FireFox user.js and prefs.js backups —-
user_23-05-2014_2028_.backup
prefs_23-05-2014_2028_.backup
==== Deleting Files \ Folders ======================
C:\Documents and Settings\Elmar\daemonprocess.txt deleted
C:\extensions deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WPM deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVG January 2013 Campaign deleted
C:\Documents and Settings\Elmar\Local Settings\Application Data\iLivid deleted
C:\Documents and Settings\Elmar\Local Settings\Application Data\Mobogenie deleted
C:\Documents and Settings\Elmar\Local Settings\Application Data\cache deleted
C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job deleted
C:\Users\wangzhisong deleted
C:\WINDOWS\system32\RegistryHelperLM.ocx deleted
C:\WINDOWS\system32\DiskCleanerLM.ocx deleted
C:\WINDOWS\system32\SafeAppRichList.ocx deleted
C:\WINDOWS\system32\CUUpdateComponent.ocx deleted
C:\WINDOWS\system32\ComputerUpdaterLM.ocx deleted
C:\WINDOWS\System32\scrrun.dll.tmp deleted
==== System Specs ======================
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Memory (RAM): 1024 MB
CPU Info: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU Speed: 3122,6 MHz
Sound Card: Realtek AC97 Audio |
Display Adapters: NVIDIA GeForce FX 5700 | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug en Play-monitor |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Bluetooth-apparaat (PAN - Personal Area Network) | Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter - Pakketplanner-minipoort | Realtek RTL8139 Family PCI Fast Ethernet NIC - Pakketplanner-minipoort
CD / DVD Drives: 1x (E: | ) E: AOPEN DUW1608/ARR
Ports: COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 48,8GB | D: 66,2GB
Hard Disks - Free: C: 24,9GB | D: 50,6GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 08/30/04 | XPC - 42302e31
Time Zone: West-Europa (standaardtijd)
Motherboard *: Shuttle Inc FB61
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Updated)
Default Browser: Google Chrome 34.0.1847.137
Internet Explorer version: 8.0.6001.18702
Mozilla Firefox version: 28.0 (x86 en-GB)
Google Chrome version: 34.0.1847.137
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_55 (32-bit)
Flash Player version: 13.0.0.214
Shockwave Player version: 11.6.8r638
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\DOCUME~1\Elmar\LOCALS~1\Temp ====
2014-05-23 08:48:11 59B1B99D7A0F42A4625E8107365E6A8D 17938608 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Temp\{DEDAED87-D55A-4971-BD75-725027FD030F}\InstallFlashPlayer.exe
====== Java Cache =====
2014-05-03 11:43:33 C1BBA7F1278F193AB584FFF460DB5E2A 17878 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\12\eef218c-32f59c32
2014-05-03 11:43:19 415FC9732A3F4D89A0E01251CD66E136 646 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\49a00451-3cc56bac
2014-05-03 11:43:19 E08230D1A0687FB20DBFC622ED69B465 425 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap
2014-05-03 11:43:21 34FA8033B50A3F99D3AB8209C72C0ABA 6860 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5c25627a
2014-05-03 15:09:46 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2fe38da4
====== C:\WINDOWS\system32 =====
2014-05-23 08:45:17 6F2B2FD4B37DEC7F37D58363FE034FF2 416656 —-a-w- C:\WINDOWS\System32\FNTCACHE.DAT
====== C:\WINDOWS\system32\drivers =====
2014-04-29 19:01:08 661B911FA04E73FB073FF9B1C9BD2E05 107736 —-a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-04-29 19:00:40 5F7B035B533B87EA936F8B04493879CC 50648 —-a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2014-04-29 19:00:40 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 —-a-w- C:\WINDOWS\System32\drivers\mbam.sys
====== C:\WINDOWS\Tasks ======
2014-05-23 08:49:09 97E38663CE54FF863207DFA8A67EF21A 940 —-a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-05-22 20:53:41 ——– d—–w- C:\Program Files\Trend Micro
2014-05-03 11:42:18 ——– d—–w- C:\Program Files\Common Files\Java
2014-05-03 11:40:39 ——– d—–w- C:\Program Files\Java
2014-04-29 18:59:27 ——– d—–w- C:\Program Files\Common Files\Wise Installation Wizard
======= C: =====
2014-05-19 15:39:04 C5EAEC1311F862AB6904436FD115A451 132413 —-a-w- C:\wubildr
====== C:\Documents and Settings\Elmar\Application Data ======
2014-05-03 11:43:06 ——– d—–w- C:\Documents and Settings\Elmar\Local Settings\Application Data\Sun
2014-05-03 11:33:38 ——– d—–w- C:\Documents and Settings\Elmar\Application Data\Sun
====== C:\Documents and Settings\Elmar ======
2014-05-22 17:28:29 ——– d–h–r- C:\Documents and Settings\Elmar\Onlangs geopend
====== C: exe-files ==
2014-05-23 08:48:11 59B1B99D7A0F42A4625E8107365E6A8D 17938608 —-a-w- C:\Documents and Settings\Elmar\Local Settings\Temp\{DEDAED87-D55A-4971-BD75-725027FD030F}\InstallFlashPlayer.exe
2014-05-20 07:27:28 DF7181D515DE9E7639EF6AB217F87B3F 62992 —-a-w- C:\Program Files\AVG\AVG2014\avguirux.exe
2014-05-20 07:27:28 CF72A115AC0342E0D1690B2277B1C5A4 6092288 —-a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
2014-05-20 07:27:28 8F9D0265F4CB7674F54D82EA25AE3992 15888 —-a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\update\backup\avgrdtestx.exe
2014-05-20 07:27:28 87C96EE0BFF3AC495CBDC951FA5CE8A0 62992 —-a-w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\update\backup\avguirux.exe
2014-05-20 07:27:28 2B806C2FDDE8C362513232CEC92A7290 15888 —-a-w- C:\Program Files\AVG\AVG2014\avgrdtestx.exe
=== C: other files ==
==== Startup Registry Enabled ======================
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE”
“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup”
“nwiz”=“nwiz.exe /install”
“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit”
“SoundMan”=“SOUNDMAN.EXE”
“AVG_UI”=“C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“BluetoothAuthenticationAgent”=“rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent”
“APSDaemon”=“C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe -atboottime”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ANIWZCS2Service”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AVG-Secure-Search-Update_0913b”
“hkey”=“HKCU”
“command”=“C:\\Documents and Settings\\Elmar\\Application Data\\AVG 0913b Campaign\\AVG-Secure-Search-Update-0913b.exe /PROMPT –mid ad24f0a2312847d6af79d1795d52f0bd-3ce1356ddf555949662c000255c0ff19f6935645 –CMPID 0913b”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“D-Link AirPlus G DWL-G510”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\D-Link\\AirPlus G DWL-G510\\AirGCFG.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“GrooveMonitor”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HP Software Update”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“iLivid”
“hkey”=“HKCU”
“command”=“\”C:\\Documents and Settings\\Elmar\\Local Settings\\Application Data\\iLivid\\iLivid.exe\“ -autorun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ISUSPM Startup”
“hkey”=“HKLM”
“command”=“C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ISUSScheduler”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\“ -start”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesAirMessage”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Samsung\\Kies\\KiesAirMessage.exe -startup”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesPreload”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Samsung\\Kies\\Kies.exe /preload”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“KiesTrayAgent”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Samsung\\Kies\\KiesTrayAgent.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“LogitechQuickCamRibbon”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe\“ /hide”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“TkBellExe”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\“ -osboot”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“VoipStunt”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe\“ -nosplash -minimized”
“item”=“HP Digital Imaging Monitor”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\HP Digital Imaging Monitor.lnk”
“backup”=“C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe”
“item”=“HP Image Zone Fast Start”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\HP Image Zone Fast Start.lnk”
“backup”=“C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe”
“item”=“Logitech . Productregistratie”
“path”=“C:\\Documents and Settings\\Elmar\\Menu Start\\Programma's\\Opstarten\\Logitech . Productregistratie.lnk”
“backup”=“C:\\WINDOWS\\pss\\Logitech . Productregistratie.lnkStartup”
“command”=“C:\\PROGRA~1\\Logitech\\LOGITE~1\\eReg.exe”
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job –a—— C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AppleSoftwareUpdate.job –a—— C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1801674531-117609710-1606980848-1003.job –a—— C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1801674531-117609710-1606980848-1003.job –a—— C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1801674531-117609710-1606980848-1003.job –a—— C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-117609710-1606980848-1003.job –a—— C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-117609710-1606980848-1003.job –a—— C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\WINDOWS\tasks\User_Feed_Synchronization-{D53FFD2B-16C4-4525-AF4C-BA200D1BF031}.job –ah—– C:\WINDOWS\system32\msfeedssync.exe
==== Folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 0-6 Months Old ======================
2013-12-14 16:10:45 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2014-02-15 17:57:59 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2014-03-22 09:02:18 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-29 19:00:40 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2014-05-03 11:42:19 ——– d—–w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sun
==== Firefox Extensions Registry ======================
“{ABDE892B-13A8-4d1b-88E6-365A6E755758}”=“C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext”
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
5596E40701BE8A4AEC399F57DBCE289E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
87FCE1D38F135B923EEC502825B5C7F6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
5A2AF08FEF626D3825AA7923B0A9DFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
B033D1486EAD65BE7857114DFAFD8429 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
DA632EC5CCC16F0B0FAC9BB21C10B2C3 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
Google Docs - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Windows Media Player Extension for HTML5 - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
RealDownloader - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/”
“Default_Page_URL”=“http://www.google.com”
“Default_Page_URL”=“http://www.google.com”
“Default_Search_URL”=“http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}”
“Search Page”=“http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}”
“Start Page”=“http://www.google.com”
“SearchAssistant”=“http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}”
“CustomizeSearch”=“http://www.qone8.com/web/?type=ds&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX&q={searchTerms}”
“DefaultScope”=“{33BB0A4E-99AF-4226-BDF6-49120163DE86}”
not found
New Values:
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://www.google.com/”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“CustomizeSearch”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
{1020AA50-5296-4DE9-B3AD-176DDB6AB331} Google NL Url=“http://www.google.nl/#hl=nl&source=hp&biw=1276&bih=823&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=ce042a1824cb5211”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG-Secure-Search-Update_0913b deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLivid deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully
==== HijackThis Entries ======================
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: SOUNDMAN.EXE
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2014\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Elmar\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Elmar\Local Settings\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Documents and Settings\Elmar\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2977 folders=430 192298709 bytes)
==== Empty Temp Folders ======================
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\Elmar\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Elmar\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
“C:\Documents and Settings\Elmar\Local Settings\Temporary Internet Files\Content.IE5\index.dat” not deleted
==== EOF on vr 23-05-2014 at 20:39:03,31 ======================
Alvast bedankt.
Ben

23-05-2014 20:51

Hallo,
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Sammy1

23-05-2014 21:38

Hi
hier het andere resultaat:
# AdwCleaner v3.210 - Rapport aangemaakt 23/05/2014 op 21:29:44
# Laatste Update 19/05/2014 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruikersnaam : Elmar - SHUTTLEX
# Gestart vanuit : C:\Documents and Settings\Elmar\Mijn documenten\Downloads\adwcleaner_3.210.exe
# Optie : Scannen
***** *****
***** *****
Bestand Gevonden : C:\Documents and Settings\Elmar\Application Data\Mozilla\Firefox\Profiles\vvsrackp.default\user.js
***** *****
Snelkoppeling Gevonden : C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox.lnk ( hxxp://start.qone8.com/?type=sc&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX )
Snelkoppeling Gevonden : C:\Documents and Settings\All Users\Menu Start\Programma's\Google Chrome\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX )
Snelkoppeling Gevonden : C:\Documents and Settings\Elmar\Menu Start\Programma's\Internet Explorer.lnk ( hxxp://start.qone8.com/?type=sc&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX )
Snelkoppeling Gevonden : C:\Documents and Settings\Elmar\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk ( hxxp://start.qone8.com/?type=sc&ts=1397674627&from=ild&uid=HDS722512VLSA80_VN6C3ECCDE798DDE798DX )
***** *****
Sleutel Gevonden : HKCU\Software\AVG Nation toolbar
Sleutel Gevonden : HKCU\Software\Classes\iLivid.torrent
Sleutel Gevonden : HKCU\Software\ilivid
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Sleutel Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Sleutel Gevonden : HKCU\Software\WEDLMNGR
Sleutel Gevonden : HKLM\Software\AVG Nation toolbar
Sleutel Gevonden : HKLM\Software\AVG Secure Search
Sleutel Gevonden : HKLM\Software\AVG Security Toolbar
Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Conduit.Engine
Sleutel Gevonden : HKLM\SOFTWARE\Classes\iLivid.torrent
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Sleutel Gevonden : HKLM\Software\Conduit
Sleutel Gevonden : HKLM\Software\IePlugin
Sleutel Gevonden : HKLM\Software\SupTab
Sleutel Gevonden : HKLM\Software\supWPM
Waarde Gevonden : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
Waarde Gevonden : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
***** *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v28.0 (en-GB)
-\\ Google Chrome v34.0.1847.137
Gevonden : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
BVD.
Sammy1

23-05-2014 21:50

By the way AdwCleaner nogmaals gerund, items verwijderd en Qone8 is verdwenen: nu in Mozilla heb ik de juiste startpagina.
Bedankt!
fazantje

23-05-2014 22:24

Hoi Sammy,
Dan gaan we opruimen.
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op “Run” en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Qone8

Sammy1

Sammy1

fazantje

Sammy1

Ben

Sammy1

Ben

Sammy1

Sammy1

fazantje