Sweet-page startpagina en zoekmachine

Mark

08-06-2014 00:29

Beste experts,
Ik ben slachtoffer van het (al hier bekende) sweet-page. Zowel de startpagina als de zoekmachine zijn in mijn browser, Chrome (versie 35.0.1916.114) niet te verwijderen. Ik hoor het graag als meer info gewenst is. De logjes:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8-6-2014
Scan Time: 0:09:03
Logfile: MBAM01.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.07.07
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: G. den Dulk
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277494
Time Elapsed: 14 min, 57 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 37
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\ar, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\Configs, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\de, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\es, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\fr, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\he, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\helperbar@helperbar.com, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\images, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\helperbar@helperbar.com\chrome\PublisherImages, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\nl, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\pt, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\it, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\ru, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Application\tr, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Common, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Common\Configs, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Common\icons, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Common\iconsWide, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\Common\ServicesPlugins, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Configs, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Profiles, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.714, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.935, Quarantined, ,
PUP.Optional.OpenCandy, C:\Users\G. den Dulk\AppData\Roaming\OpenCandy, Quarantined, ,
PUP.Optional.OpenCandy, C:\Users\G. den Dulk\AppData\Roaming\OpenCandy\6FB8E54FFE254974B5E394B9CF1802D0, Quarantined, ,
PUP.Optional.OpenCandy, C:\Users\G. den Dulk\AppData\Roaming\OpenCandy\OpenCandy_6FB8E54FFE254974B5E394B9CF1802D0, Quarantined, ,
PUP.Optional.MixiDJToolBar.A, C:\Users\G. den Dulk\AppData\Local\Temp\mt_ffx\mixidj, Quarantined, ,
PUP.Optional.MixiDJToolBar.A, C:\Users\G. den Dulk\AppData\Local\Temp\mt_ffx\mixidj\mixidj, Quarantined, ,
PUP.Optional.MixiDJToolBar.A, C:\Users\G. den Dulk\AppData\Local\Temp\mt_ffx\mixidj\mixidj\1.8.18.8, Quarantined, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, ,
Files: 12
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Configs\LocalMethods.xml, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Configs\ProfileManager.xml, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Configs\PublisherSettings.xml, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xml, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\DistributionFiles\Profiles\F3B1A35F-8F34-4AA2-9F30-6B414BABD905.xml, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.714\user.config, Quarantined, ,
PUP.Optional.SmartBar.A, C:\Users\G. den Dulk\AppData\Local\Smartbar\QuickShare.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.935\user.config, Quarantined, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantined, ,
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, ,
PUP.Optional.SweetPage.A, C:\Users\G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( “homepage”: “http://www.sweet-page.com/?type=hppp&ts=1400489841&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6”,), Replaced,
PUP.Optional.SweetPage.A, C:\Users\G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( “search_url”: “http://www.sweet-page.com/web/?type=dspp&ts=1400489841&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6&q={searchTerms}”,), Replaced,
PUP.Optional.SweetPage.A, C:\Users\G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( “startup_urls”: ,), Replaced,
Physical Sectors: 0
(No malicious items detected)
(end)
——————–
Logfile of random's system information tool 1.10 (written by random/random)
Run by G. den Dulk at 2014-06-08 00:27:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 257 GB (54%) free of 477 GB
Total RAM: 3540 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:28:04, on 8-6-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\ApVxdWin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\AVENGINE.EXE
C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\BitComet\tools\BitCometService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\G. den Dulk\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\G. den Dulk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: “C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe” -a
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files (x86)\BitComet\BitComet.exe” /tray
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: Dropbox.lnk = G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 14385 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
SMART Notebook Download Utility - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{ae07101b-46d4-4a98-af68-0333ea26e113} - QuickShare Widget - C:\WINDOWS\SYSTEM32\mscoree.dll
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“”=
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“APVXDWIN”=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE
“SCANINICIO”=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe
“SMART Floating Tools”=C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
“SMARTNotification”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
“SMART Tray Tools”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
“SMART Board Service”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
“sbsdk-server”=C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe
“SMART Ink”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“BitComet”=C:\Program Files (x86)\BitComet\BitComet.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\SysWOW64\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
“vidc.tscc”=tsccvid.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE “%1” %*
.vbs - open - C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE “%1” %*
======List of files/folders created in the last 1 month======
2014-06-07 23:29:52 —-D—- C:\Program Files (x86)\trend micro
2014-06-07 23:29:50 —-D—- C:\rsit
2014-06-07 23:25:35 —-D—- C:\ProgramData\Malwarebytes
2014-06-07 23:25:35 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 13:39:02 —-D—- C:\Users\G. den Dulk\AppData\Roaming\LavasoftStatistics
2014-05-19 11:02:47 —-D—- C:\ProgramData\Lavasoft
2014-05-19 11:02:23 —-D—- C:\ProgramData\Spybot - Search & Destroy
2014-05-19 11:02:23 —-D—- C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-15 23:31:03 —-A—- C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 23:31:03 —-A—- C:\Windows\SysWOW64\mshtml.dll
2014-05-15 23:30:29 —-D—- C:\Program Files (x86)\Common Files\DESIGNER
2014-05-15 10:12:15 —-A—- C:\Windows\SysWOW64\shell32.dll
2014-05-15 10:11:59 —-A—- C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 10:11:59 —-A—- C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 10:11:59 —-A—- C:\Windows\SysWOW64\kerberos.dll
2014-05-15 10:11:58 —-A—- C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 10:11:56 —-A—- C:\Windows\SysWOW64\wdigest.dll
2014-05-15 10:11:56 —-A—- C:\Windows\SysWOW64\objsel.dll
2014-05-15 10:11:56 —-A—- C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 10:11:55 —-A—- C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 10:11:54 —-A—- C:\Windows\SysWOW64\schannel.dll
2014-05-15 10:11:54 —-A—- C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 10:11:54 —-A—- C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 10:11:54 —-A—- C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 10:11:54 —-A—- C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 10:11:54 —-A—- C:\Windows\SysWOW64\adprovider.dll
2014-05-15 10:11:53 —-A—- C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 10:11:53 —-A—- C:\Windows\SysWOW64\credssp.dll
2014-05-15 10:11:52 —-A—- C:\Windows\SysWOW64\sspicli.dll
2014-05-15 10:11:52 —-A—- C:\Windows\SysWOW64\secur32.dll
2014-05-11 15:21:48 —-D—- C:\Users\G. den Dulk\AppData\Roaming\SupTab
2014-05-11 15:21:45 —-D—- C:\ProgramData\WPM
2014-05-11 15:21:44 —-D—- C:\Program Files (x86)\SupTab
2014-05-11 15:20:41 —-D—- C:\Users\G. den Dulk\AppData\Roaming\sweet-page
======List of files/folders modified in the last 1 month======
2014-06-08 00:28:03 —-D—- C:\Windows\Temp
2014-06-08 00:26:59 —-D—- C:\Windows\Prefetch
2014-06-08 00:26:33 —-HD—- C:\ProgramData
2014-06-08 00:25:39 —-D—- C:\Users\G. den Dulk\AppData\Roaming\BitComet
2014-06-07 23:55:07 —-D—- C:\Users\G. den Dulk\AppData\Roaming\Dropbox
2014-06-07 23:55:01 —-D—- C:\Users\G. den Dulk\AppData\Roaming\DropboxMaster
2014-06-07 23:54:24 —-D—- C:\Windows\System32
2014-06-07 23:52:44 —-SHD—- C:\Windows\Installer
2014-06-07 23:29:52 —-RD—- C:\Program Files (x86)
2014-06-04 20:12:09 —-D—- C:\Users\G. den Dulk\AppData\Roaming\Spotify
2014-06-03 16:30:47 —-SHD—- C:\System Volume Information
2014-05-24 20:15:40 —-D—- C:\Windows\inf
2014-05-19 11:04:42 —-RD—- C:\Program Files
2014-05-16 11:54:29 —-D—- C:\Windows\rescache
2014-05-16 10:38:20 —-D—- C:\Windows\Microsoft.NET
2014-05-16 10:37:02 —-RSD—- C:\Windows\assembly
2014-05-16 09:53:13 —-D—- C:\Windows\winsxs
2014-05-16 09:51:03 —-D—- C:\Windows\SysWOW64
2014-05-15 23:32:03 —-D—- C:\ProgramData\Microsoft Help
2014-05-15 23:30:29 —-D—- C:\Program Files (x86)\Common Files
2014-05-11 15:27:30 —-D—- C:\Users\G. den Dulk\AppData\Roaming\NCH Software
2014-05-11 15:27:30 —-D—- C:\Program Files (x86)\NCH Software
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys
R0 pavboot;Panda boot driver; C:\Windows\system32\Drivers\pavboot64.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys
R1 ShldFlt;Panda File Shield Driver; C:\Windows\System32\DRIVERS\ShldFlt.sys
R2 AmFSM;AmFSM; C:\Windows\system32\DRIVERS\amm6460.sys
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys
R3 PavTPK.sys;PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 SMARTMouseFilterx64;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
R3 SMARTVHidMiniVistaAmd64;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
R2 Panda Software Controller;Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
R2 PAVFNSVR;Panda Function Service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
R2 PSIMSVC;Panda IManager Service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
R2 PskSvcRetail;Panda PSK service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
R2 SMARTHelperService;SMART Helper Service; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R2 TPSrv;Panda TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Ik hoor graag over vervolgstappen.
Groeten,
Mark.
Ben

08-06-2014 11:08

Hallo,
Verwijder eerst:
Ad-Aware Antivirus
Spybot - Search & Destroy
Herstart je pc (als dat nog niet is gebeurt) en doe het volgende;
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
{ae07101b-46d4-4a98-af68-0333ea26e113};c
;r
@=-;r
C:\Users\G. den Dulk\AppData\Roaming\SupTab;fs
C:\ProgramData\WPM;fs
C:\Program Files (x86)\SupTab;fs
C:\Users\G. den Dulk\AppData\Roaming\sweet-page;fs
C:\Users\G. den Dulk\AppData\Roaming\NCH Software;fs
C:\Program Files (x86)\NCH Software;fs
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Mark

08-06-2014 13:24

Bedankt Ben.
Hoe zit dat met Sptbot en Ad-Aware? Zijn die niet meer relevant/de besten op de markt?
Zoek.exe duurt erg lang om te openen. Bij eerste run bevroor de pc, dus gereset.
Eerste log:
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by G. den Dulk on zo 08-06-2014 at 12:26:17,13.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\G. den Dulk\Desktop\zoek.exe
==== System Restore Info ======================
8-6-2014 12:30:25 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\Program Files\Lavasoft deleted successfully
C:\PROGRA~3\Babylon deleted successfully
C:\Users\G. den Dulk\AppData\Roaming\SupTab deleted successfully
C:\Users\G. den Dulk\AppData\Local\VirtualStore deleted successfully
Vervolgens wel de hele run kunnen doen. Logje:
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by G. den Dulk on zo 08-06-2014 at 12:48:26,37.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\G. den Dulk\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-06-08-103240.log 1023 bytes
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-272929204-382550164-3633803829-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-272929204-382550164-3633803829-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-272929204-382550164-3633803829-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-272929204-382550164-3633803829-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\AVENGINE.EXE
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\ApVxdWin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files (x86)\BitComet\tools\BitCometService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Users\G. den Dulk\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
@=-
==== Deleting Files \ Folders ======================
C:\Users\G. den Dulk\AppData\Roaming\SupTab not found
C:\ProgramData\WPM deleted
C:\Program Files (x86)\SupTab deleted
C:\Users\G. den Dulk\AppData\Roaming\sweet-page deleted
C:\Users\G. den Dulk\AppData\Roaming\NCH Software deleted
C:\Program Files (x86)\NCH Software deleted
C:\Users\G. den Dulk\AppData\Roaming\Babylon deleted
C:\PROGRA~3\StarApp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic deleted
C:\Users\G. den Dulk\AppData\LocalLow\Smartbar deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3540 MB
CPU Info: AMD A8-5600K APU with Radeon™ HD Graphics
CPU Speed: 3623,7 MHz
Sound Card: Luidsprekers (Realtek High Defi |
Display Adapters: AMD Radeon HD 7560D | AMD Radeon HD 7560D | AMD Radeon HD 7560D | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH24NS90
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 465,7GB
Hard Disks - Free: C: 271,4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 11/23/12 | ALASKA - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASRock FM2A75M-DGS
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Panda Antivirus Pro 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Panda Antivirus Pro 2014 disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 35.0.1916.114
Internet Explorer Version: 11.0.9600.17107
Google Chrome version: 35.0.1916.114
Adobe Reader version: 11.0.07.79
Flash Player version: 11.8.800.94
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\GC2FC~1.DEN\AppData\Local\Temp ====
2014-06-08 10:45:20 5634C601025C31032A0AF1590B4C0CA6 43008 —-a-w- C:\Users\GC2FC~1.DEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnoqla.dll
2014-06-08 10:45:20 5634C601025C31032A0AF1590B4C0CA6 43008 —-a-w- C:\Users\G. den Dulk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnoqla.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-06-07 21:26:22 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-06-07 21:25:35 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-06-07 21:25:35 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-06-07 21:25:35 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-05-15 08:11:55 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 —-a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-15 08:11:54 353009DEDF918B2A51414F330CF72DEC 95680 —-a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-06-07 21:29:52 ——– d—–w- C:\PROGRA~2\trend micro
2014-05-15 21:30:29 ——– d—–w- C:\PROGRA~2\COMMON~1\DESIGNER
======= C: =====
====== C:\Users\G. den Dulk\AppData\Roaming ======
2014-05-19 11:39:02 ——– d—–w- C:\Users\GC2FC~1.DEN\AppData\Roaming\LavasoftStatistics
2014-05-19 11:39:02 ——– d—–w- C:\Users\G. den Dulk\AppData\Roaming\LavasoftStatistics
====== C:\Users\G. den Dulk ======
2014-06-07 21:27:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\GC2FC~1.DEN\Desktop\RSIT.exe
2014-06-07 21:27:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\G. den Dulk\Desktop\RSIT.exe
2014-05-19 09:02:47 ——– d—–w- C:\ProgramData\Lavasoft
====== C: exe-files ==
2014-06-07 21:29:57 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files (x86)\trend micro\G. den Dulk.exe
2014-06-07 21:29:10 8B4C798DA4BA47477BA3E8B98063AB1E 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-272929204-382550164-3633803829-1000\$IBRFPAM.exe
2014-06-07 21:27:43 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\G. den Dulk\Desktop\RSIT.exe
2014-06-07 21:24:26 AA45956156D24610C696CBC21412BBFE 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-272929204-382550164-3633803829-1000\$IC4TRSP.exe
2014-06-07 21:23:36 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\$Recycle.Bin\S-1-5-21-272929204-382550164-3633803829-1000\$RC4TRSP.exe
2014-06-07 21:23:28 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\$Recycle.Bin\S-1-5-21-272929204-382550164-3633803829-1000\$RBRFPAM.exe
=== C: other files ==
2014-06-07 21:26:22 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-07 21:25:35 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-07 21:25:35 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-07 21:25:35 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\System32\drivers\mwac.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“BitComet”=“C:\Program Files (x86)\BitComet\BitComet.exe /tray”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“APVXDWIN”=“C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE /s”
“SCANINICIO”=“C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“SMART Floating Tools”=“C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe”
“SMARTNotification”=“C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe”
“SMART Tray Tools”=“C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe”
“SMART Board Service”=“C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe -d”
“sbsdk-server”=“C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe”
“SMART Ink”=“C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe -a”
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”
“BitComet”=“C:\Program Files (x86)\BitComet\BitComet.exe /tray”
==== Startup Registry Enabled x64 ======================
“NUSB3MON”=“C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe”
“RTHDVCPL”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Browser Infrastructure Helper”
“hkey”=“HKCU”
“command”=“C:\\Users\\G. den Dulk\\AppData\\Local\\Smartbar\\Application\\QuickShare.exe startup”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Reader Application Helper”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Sony\\ReaderDesktop\\appHelper\\ReaderAppHelper.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“TomTomHOME.exe”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“WinampAgent”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Winamp\\winampa.exe\“”
“path”=“C:\\Users\\G. den Dulk\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Schermopname en Snel starten.lnk”
“backup”=“C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\PROGRA~2\\MICROS~1\\Office14\\ONENOTEM.EXE /tsr”
“item”=“OneNote 2010 Schermopname en Snel starten”
==== Startup Folders ======================
2014-02-12 12:12:21 1060 —-a-w- C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-02-12 12:12:21 1060 —-a-w- C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\Adobe Flash Player Updater”
“C:\Windows\SysNative\tasks\CreateChoiceProcessTask”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2014-01-21 12:38:07 ——– d—–w- C:\PROGRA~3\Apple
2014-01-21 12:39:24 ——– d—–w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-21 12:39:24 ——– d—–w- C:\PROGRA~3\Apple Computer
2014-01-30 13:57:08 ——– d—–w- C:\PROGRA~3\Downloaded Installations
2014-01-30 13:58:03 ——– d—–w- C:\PROGRA~3\SMART Technologies
2014-01-30 14:23:58 ——– d—–w- C:\PROGRA~3\FLEXnet
2014-05-19 09:02:23 ——– d—–w- C:\PROGRA~3\Spybot - Search & Destroy
2014-05-19 09:02:47 ——– d—–w- C:\PROGRA~3\Lavasoft
2014-06-07 21:25:35 ——– d—–w- C:\PROGRA~3\Malwarebytes
==== Firefox Extensions ======================
ProfilePath: C:\Users\GC2FC~1.DEN\AppData\Roaming\TomTom\HOME\Profiles\njlwi3ur.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Carminat TomTom - C:\Users\G. den Dulk\AppData\Roaming\TomTom\HOME\Profiles\njlwi3ur.default\extensions\RenaultTheme@tomtom.com
- Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com
==== Firefox Plugins ======================
==== Chrome Look ======================
Google Docs - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_translator.babylon.com_0.localstorage deleted successfully
C:\Users\G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_translator.babylon.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
“Search Bar”=“http://www.google.com”
“Use Search Asst”=“yes”
“Default”=“http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=b9e3811a-2c1f-4d9f-b38b-d125e8e1791c&searchtype=ds&q={searchTerms}&installDate={installDate}”
“Default”=“http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=b9e3811a-2c1f-4d9f-b38b-d125e8e1791c&searchtype=ds&q={searchTerms}&installDate={installDate}”
“Default”=“http://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=NL&userid=b9e3811a-2c1f-4d9f-b38b-d125e8e1791c&searchtype=ds&q={searchTerms}&installDate={installDate}”
“Default_Search_URL”=“http://www.google.com”
“SearchAssistant”=“http://www.google.com”
“DefaultScope”=“{33BB0A4E-99AF-4226-BDF6-49120163DE86}”
not found
New Values:
“Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Use Search Asst”=“no”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“(Default)”=“http://search.msn.com/results.asp?q=%s”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“SearchAssistant”=“http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== shortcuts on Users Desktops ======================
C:\Users\G. den Dulk\Desktop\Documenten - Snelkoppeling.lnk - C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\G. den Dulk\Desktop\EZ Vinyl Tape Converter.lnk - C:\Program Files (x86)\MixMeister\EZ Vinyl Tape Converter\EZAudioConverter.exe
C:\Users\G. den Dulk\Desktop\Free Screen Recorder.lnk - C:\Program Files (x86)\Free Screen Recorder\screenrecorder.exe
C:\Users\G. den Dulk\Desktop\Spotify.lnk - C:\Users\G. den Dulk\AppData\Roaming\Spotify\spotify.exe
C:\Users\GC2FC~1.DEN\Desktop\Documenten - Snelkoppeling.lnk - C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\GC2FC~1.DEN\Desktop\EZ Vinyl Tape Converter.lnk - C:\Program Files (x86)\MixMeister\EZ Vinyl Tape Converter\EZAudioConverter.exe
C:\Users\GC2FC~1.DEN\Desktop\Free Screen Recorder.lnk - C:\Program Files (x86)\Free Screen Recorder\screenrecorder.exe
C:\Users\GC2FC~1.DEN\Desktop\Spotify.lnk - C:\Users\G. den Dulk\AppData\Roaming\Spotify\spotify.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\BitComet.lnk - C:\Program Files (x86)\BitComet\BitComet.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\Public\Desktop\MuseScore.lnk - C:\Program Files (x86)\MuseScore\bin\mscore.exe
C:\Users\Public\Desktop\Panda Antivirus Pro 2014.lnk - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Public\Desktop\Reader for PC.lnk - C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe
C:\Users\Public\Desktop\SMART Notebook 11.lnk - C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
==== shortcuts in Users Start Menu ======================
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2014.lnk - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Iface.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1399814437&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\GC2FC~1.DEN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{032A6D9C-CCE7-08FC-8415-7EB62DB750C3} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: “C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe” -a
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files (x86)\BitComet\BitComet.exe” /tray
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: Dropbox.lnk = G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\G. den Dulk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\G. den Dulk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\G. den Dulk\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GC2FC~1.DEN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GC2FC~1.DEN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\GC2FC~1.DEN\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\G. den Dulk\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\GC2FC~1.DEN\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=154 folders=86 8206033 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\G. den Dulk\AppData\Local\Temp will be emptied at reboot
C:\Users\GC2FC~1.DEN\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GC2FC~1.DEN\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on zo 08-06-2014 at 13:19:25,31 ======================
Hoor graag de vervolgstappen.
Alvast bedankt,
Mark.
Ben

08-06-2014 13:53

Hallo,
Ad-Aware Antivirus en Spybot - Search & Destroy hun malware herkenning is niet meer zo hoog, en we behouden straks
Malwarebytes Anti-Malware er in de plaats.
Voer zoek.exe nogmaals uit met de volgende code;
C:\Users\GC2FC~1.DEN\AppData\Roaming\LavasoftStatistics;fs
C:\Users\G. den Dulk\AppData\Roaming\LavasoftStatistics;fs
C:\ProgramData\Lavasoft;fs
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Vertel er ook bij hoe het hierna gaat?
Mark

08-06-2014 14:14

Ha Ben,
Dank, dat verduidelijkt een hoop.
Hierbij het logje van Zoek.exe nog een keer:
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by G. den Dulk on zo 08-06-2014 at 13:57:44,57.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\G. den Dulk\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2014-06-08-103240.log 1023 bytes
C:\zoek-results2014-06-08-111925.log 49220 bytes
==== Deleting Files \ Folders ======================
C:\Users\GC2FC~1.DEN\AppData\Roaming\LavasoftStatistics deleted
C:\ProgramData\Lavasoft deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=157 folders=91 10174198 bytes)
==== EOF on zo 08-06-2014 at 13:58:43,80 ======================
En het logje van AdwCleaner:
# AdwCleaner v3.212 - Rapport aangemaakt 08/06/2014 op 14:07:09
# Laatste Update 05/06/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : G. den Dulk - HOOFDCOMPUTER
# Gestart vanuit : C:\Users\G. den Dulk\Desktop\adwcleaner_3.212.exe
# Optie : Verwijderen
***** *****
***** *****
***** *****
***** *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\5c4da8bb13bb847
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bitcomet_RASAPI32
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_bitcomet_RASMANCS
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Sleutel Verwijderd : HKCU\Software\BabSolution
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\adawarebp
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\videosaver
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\Software\SupTab
Sleutel Verwijderd : HKLM\Software\supWPM
Sleutel Verwijderd : HKLM\Software\Wpm
Sleutel Verwijderd : HKLM\SOFTWARE\Tarma Installer
***** *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
Verwijderd : hxxp://www.arbounie.nl/search?SearchableText={searchTerms}
Verwijderd : hxxp://nl.softonic.com/s/{searchTerms}
Verwijderd : hxxp://www.vd.nl/search.jsf?suggesturl=hxxp%3A%2F%2Fquery.published.live1.suggest.eu1.fredhopperservices.com%2Fvd_nl%2Fjscript%3Fscope%3D%2F%2Fcatalog01%2Fnl_NL%26search%3D%25query%25%26random%3D%25random%25&searchQuery={searchTerms}&SearchSuggestUsed=true
Verwijderd : hxxp://www.sweet-page.com/web/?type=dspp&ts=1400489841&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6&q={searchTerms}
Verwijderd : hxxp://www.sweet-page.com/?type=hppp&ts=1400489841&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
Verwijderd : hxxp://www.sweet-page.com/?type=hppp&ts=1400489841&from=sof&uid=ST500DM002-1BD142_Z3T21HJ6XXXXZ3T21HJ6
Verwijderd : boipimhfjpakfgckhbljjengakjhkcbp
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Logje liet volgens mij al zien dat de startpagina en zoekmachine verwijderd waren. Heb nu inderdaad google.com als startpagina en zoekmachine. Dank!
Is de pc weer clean, of zijn er nog (meer/laatste) stappen te doorlopen?
Ben

08-06-2014 14:16

Hallo,
Zo is het weer netjes.
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
fazantje

21-06-2014 21:31

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer geopend
Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Sweet-page startpagina en zoekmachine

Mark

Ben

Mark

Ben

Mark

Ben

fazantje