savings champion reclame

M@ria

10-07-2014 20:33

Hallo, sinds 2 dagen heb ik op paginas waar tekst in staat op het web, dikgedrukte woorden in de zinnen( deze woorden zijn normaal niet dik), wanneer ik er met mn muis over ga zie je pop up reclame , zie afbeelding 1 . diezelfde reclame geeft ook een balkje midden over de pagina, dit balkje is altijd in beeld op elke webpagina , zie afb 2
ook wou ik even melden dat in jullie link ‘' voer dit eerst uit’' de snelkoppeling RSIT een error geeft, ik heb hem elders gezocht.
Hoop dat jullie me kunnen helpen, en dat ik de goede info geef.
afbeelding 1 probleem
afbeelding 2 probleem
Logfile of random's system information tool 1.10 (written by random/random)
Run by Toshiba at 2014-07-10 20:01:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 156 GB (78%) free of 200 GB
Total RAM: 3933 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:01:35, on 10-7-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Toshiba.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iSafeService - Unknown owner - C:\Program Files (x86)\iSafe\iSafeSvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 7974 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
“c:\Program Files\Microsoft Security Client\MsMpEng.exe”
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
“C:\Windows\system32\Dwm.exe”
“taskhost.exe”
taskeng.exe {773E054B-FB81-4156-B192-767A073C02AB}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe”
“C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe” /starttray
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe”
C:\Windows\system32\svchost.exe -k imgsvc
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
“C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
“C:\Windows\System32\igfxtray.exe”
“C:\Windows\System32\hkcmd.exe”
“C:\Windows\System32\igfxpers.exe”
“C:\Program Files (x86)\Samsung\Kies\Kies.exe” /preload
“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
“C:\Program Files\Windows Media Player\wmpnetwk.exe”
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=gpu-process –channel=“3168.0.603352497\16207776” –disable-d3d11 –supports-dual-gpus=false –gpu-driver-bug-workarounds=1,5,15 –disable-accelerated-video-decode –gpu-vendor-id=0x8086 –gpu-device-id=0x2a42 –gpu-driver-vendor=“Intel Corporation” –gpu-driver-version=8.15.10.2302 –ignored=“ –type=renderer ” /prefetch:822062411
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/” –extension-process –renderer-print-preview –enable-threaded-compositing –enable-delegated-renderer –disable-accelerated-video-decode –enable-software-compositing –channel=“3168.2.16730138\1401706210” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/” –extension-process –renderer-print-preview –enable-threaded-compositing –enable-delegated-renderer –disable-accelerated-video-decode –enable-software-compositing –channel=“3168.3.436015138\2018517406” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/” –extension-process –renderer-print-preview –enable-threaded-compositing –enable-delegated-renderer –disable-accelerated-video-decode –enable-software-compositing –channel=“3168.6.1460922564\372913363” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/” –renderer-print-preview –enable-threaded-compositing –enable-delegated-renderer –disable-accelerated-video-decode –enable-software-compositing –channel=“3168.7.1734025624\1255658113” /prefetch:673131151
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=ppapi –channel=“3168.10.1882649004\1495935340” –ppapi-flash-args=enable_hw_video_decode=1 –lang=nl –ignored=“ –type=renderer ” /prefetch:-632637702
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/group_89/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/” –renderer-print-preview –enable-threaded-compositing –enable-delegated-renderer –disable-accelerated-video-decode –enable-software-compositing –channel=“3168.12.749050567\2004330381” /prefetch:673131151
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”
“C:\Windows\system32\SearchFilterHost.exe” 0 512 516 524 65536 520
“c:\Program Files\Microsoft Security Client\NisSrv.exe”
“C:\Users\Toshiba\Downloads\RSITx64.exe”
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\z8da63ey.default
prefs.js - “browser.startup.homepage” - “http://swle.yarold.eu/profile.php”
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\z8da63ey.default\extensions\
en-US@dictionaries.addons.mozilla.org
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
======Registry dump======
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“NCInstallQueue”=rundll32 netman.dll,ProcessQueue
“KiesPreload”=C:\Program Files (x86)\Samsung\Kies\Kies.exe
“TomTomHOME.exe”=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“KiesTrayAgent”=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
“SDTray”=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\igfxdev.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater”
“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service”
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“MSVideo8”=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-07-10 20:01:28 —-D—- C:\Program Files\trend micro
2014-07-10 20:01:27 —-D—- C:\rsit
2014-07-10 19:13:17 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-10 19:12:09 —-D—- C:\ProgramData\Malwarebytes
2014-07-10 19:12:09 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 19:12:09 —-A—- C:\Windows\system32\drivers\mwac.sys
2014-07-10 19:12:09 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-10 19:12:09 —-A—- C:\Windows\system32\drivers\mbam.sys
2014-07-10 19:00:26 —-SHD—- C:\Config.Msi
2014-07-10 16:48:22 —-A—- C:\Windows\system32\sdnclean64.exe
2014-07-10 16:48:07 —-D—- C:\ProgramData\Spybot - Search & Destroy
2014-07-10 16:47:53 —-D—- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-10 15:39:42 —-A—- C:\autoexec.bat
2014-07-10 15:39:01 —-D—- C:\Program Files\Enigma Software Group
2014-07-10 15:37:52 —-D—- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-10 14:26:06 —-D—- C:\Users\Toshiba\AppData\Roaming\eCyber
2014-07-10 14:25:49 —-A—- C:\Windows\system32\drivers\iSafeKrnlBoot.sys
2014-07-10 14:25:47 —-D—- C:\Windows\system32\log
2014-07-10 14:25:24 —-D—- C:\Users\Toshiba\AppData\Roaming\iSafe
2014-07-10 12:34:42 —-D—- C:\ProgramData\FlashPlayer
2014-07-09 14:22:36 —-A—- C:\Windows\system32\aepdu.dll
2014-07-09 14:22:35 —-A—- C:\Windows\system32\aeinv.dll
2014-07-09 14:22:19 —-A—- C:\Windows\system32\win32k.sys
2014-07-09 14:22:17 —-A—- C:\Windows\SYSWOW64\osk.exe
2014-07-09 14:22:16 —-A—- C:\Windows\system32\osk.exe
2014-07-09 14:22:15 —-A—- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 14:22:15 —-A—- C:\Windows\system32\qedit.dll
2014-07-09 14:22:14 —-A—- C:\Windows\system32\drivers\afd.sys
2014-07-09 14:22:09 —-A—- C:\Windows\SYSWOW64\kerberos.dll
2014-07-09 14:22:09 —-A—- C:\Windows\system32\schannel.dll
2014-07-09 14:22:09 —-A—- C:\Windows\system32\kerberos.dll
2014-07-09 14:22:08 —-A—- C:\Windows\SYSWOW64\wdigest.dll
2014-07-09 14:22:08 —-A—- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-09 14:22:08 —-A—- C:\Windows\SYSWOW64\schannel.dll
2014-07-09 14:22:08 —-A—- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-09 14:22:08 —-A—- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-09 14:22:08 —-A—- C:\Windows\system32\wdigest.dll
2014-07-09 14:22:08 —-A—- C:\Windows\system32\TSpkg.dll
2014-07-09 14:22:08 —-A—- C:\Windows\system32\ncrypt.dll
2014-07-09 14:22:08 —-A—- C:\Windows\system32\msv1_0.dll
2014-07-09 14:22:07 —-A—- C:\Windows\SYSWOW64\credssp.dll
2014-07-09 14:22:07 —-A—- C:\Windows\system32\credssp.dll
2014-07-09 14:21:53 —-A—- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 14:21:53 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-09 14:21:53 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-09 14:21:53 —-A—- C:\Windows\system32\iernonce.dll
2014-07-09 14:21:52 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 14:21:51 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 14:21:51 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 14:21:51 —-A—- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-09 14:21:51 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2014-07-09 14:21:51 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 14:21:51 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 14:21:51 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 14:21:51 —-A—- C:\Windows\system32\iedkcs32.dll
2014-07-09 14:21:49 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2014-07-09 14:21:49 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 14:21:49 —-A—- C:\Windows\system32\urlmon.dll
2014-07-09 14:21:48 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 14:21:48 —-A—- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-09 14:21:48 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 14:21:48 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-07-09 14:21:47 —-A—- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 14:21:47 —-A—- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 14:21:47 —-A—- C:\Windows\system32\msfeeds.dll
2014-07-09 14:21:47 —-A—- C:\Windows\system32\dxtmsft.dll
2014-07-09 14:21:46 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 14:21:46 —-A—- C:\Windows\system32\iesetup.dll
2014-07-09 14:21:46 —-A—- C:\Windows\system32\ie4uinit.exe
2014-07-09 14:21:45 —-A—- C:\Windows\system32\iertutil.dll
2014-07-09 14:21:44 —-A—- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 14:21:44 —-A—- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-09 14:21:44 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 14:21:44 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 14:21:43 —-A—- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 14:21:43 —-A—- C:\Windows\SYSWOW64\msrating.dll
2014-07-09 14:21:43 —-A—- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-09 14:21:43 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-09 14:21:43 —-A—- C:\Windows\system32\jsproxy.dll
2014-07-09 14:21:42 —-A—- C:\Windows\system32\ieui.dll
2014-07-09 14:21:42 —-A—- C:\Windows\system32\dxtrans.dll
2014-07-09 14:21:41 —-A—- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 14:21:41 —-A—- C:\Windows\system32\mshtmled.dll
2014-07-09 14:21:41 —-A—- C:\Windows\system32\ieframe.dll
2014-07-09 14:21:40 —-A—- C:\Windows\system32\vbscript.dll
2014-07-09 14:21:40 —-A—- C:\Windows\system32\jscript9diag.dll
2014-07-09 14:21:40 —-A—- C:\Windows\system32\jscript9.dll
2014-07-09 14:21:40 —-A—- C:\Windows\system32\ieUnatt.exe
2014-07-09 14:21:39 —-A—- C:\Windows\system32\wininet.dll
2014-07-09 14:21:39 —-A—- C:\Windows\system32\ieapfltr.dll
2014-07-09 14:21:38 —-A—- C:\Windows\system32\msrating.dll
2014-07-09 14:21:38 —-A—- C:\Windows\system32\MshtmlDac.dll
2014-07-09 14:21:37 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 14:21:37 —-A—- C:\Windows\system32\mshtml.dll
2014-07-09 14:21:26 —-A—- C:\Windows\system32\lsasrv.dll
2014-07-09 14:21:25 —-A—- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 14:21:25 —-A—- C:\Windows\SYSWOW64\secur32.dll
2014-06-18 22:11:16 —-D—- C:\Program Files (x86)\Mozilla Firefox
2014-06-11 03:50:12 —-A—- C:\Windows\system32\msxml6.dll
2014-06-11 03:50:11 —-A—- C:\Windows\SYSWOW64\msxml6.dll
2014-06-11 03:50:11 —-A—- C:\Windows\SYSWOW64\msxml3.dll
2014-06-11 03:50:11 —-A—- C:\Windows\system32\msxml3.dll
2014-06-11 03:50:10 —-A—- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-11 03:50:10 —-A—- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-11 03:50:10 —-A—- C:\Windows\system32\msxml6r.dll
2014-06-11 03:50:10 —-A—- C:\Windows\system32\msxml3r.dll
2014-06-11 03:50:10 —-A—- C:\Windows\system32\drivers\tcpip.sys
2014-06-11 03:50:09 —-A—- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 03:50:07 —-A—- C:\Windows\SYSWOW64\usp10.dll
2014-06-11 03:50:07 —-A—- C:\Windows\system32\usp10.dll
2014-06-11 03:50:05 —-A—- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 03:50:05 —-A—- C:\Windows\system32\rdpcorets.dll
======List of files/folders modified in the last 1 month======
2014-07-10 20:01:35 —-D—- C:\Windows\Prefetch
2014-07-10 20:01:28 —-RD—- C:\Program Files
2014-07-10 20:00:32 —-D—- C:\Windows\Temp
2014-07-10 19:57:12 —-D—- C:\Windows\system32\config
2014-07-10 19:49:36 —-D—- C:\Windows\System32
2014-07-10 19:49:36 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-07-10 19:45:38 —-D—- C:\Windows\system32\wdi
2014-07-10 19:42:43 —-RSD—- C:\Windows\Fonts
2014-07-10 19:42:43 —-D—- C:\Windows\system32\drivers
2014-07-10 19:12:09 —-RD—- C:\Program Files (x86)
2014-07-10 19:12:09 —-HD—- C:\ProgramData
2014-07-10 19:00:32 —-SHD—- C:\Windows\Installer
2014-07-10 19:00:32 —-SD—- C:\Users\Toshiba\AppData\Roaming\Microsoft
2014-07-10 19:00:32 —-D—- C:\Windows\system32\Tasks
2014-07-10 18:56:54 —-SHD—- C:\System Volume Information
2014-07-10 18:53:31 —-D—- C:\Windows
2014-07-10 16:48:32 —-SD—- C:\ProgramData\Microsoft
2014-07-10 15:39:10 —-D—- C:\Windows\inf
2014-07-10 15:37:50 —-D—- C:\Program Files (x86)\Common Files
2014-07-10 14:18:59 —-D—- C:\Windows\debug
2014-07-10 13:36:24 —-D—- C:\Program Files (x86)\Google
2014-07-10 13:35:05 —-D—- C:\Windows\Tasks
2014-07-10 11:31:18 —-D—- C:\Windows\winsxs
2014-07-10 11:28:40 —-D—- C:\Program Files\Windows Journal
2014-07-10 11:28:39 —-SD—- C:\Windows\system32\CompatTel
2014-07-10 11:28:39 —-D—- C:\Windows\SYSWOW64\Dism
2014-07-10 11:28:38 —-D—- C:\Windows\system32\Dism
2014-07-10 11:28:36 —-D—- C:\Windows\SysWOW64
2014-07-10 11:28:36 —-D—- C:\Windows\ehome
2014-07-10 11:28:34 —-D—- C:\Windows\system32\nl-NL
2014-07-10 11:28:33 —-D—- C:\Program Files\Internet Explorer
2014-07-10 11:28:32 —-D—- C:\Windows\SYSWOW64\en-US
2014-07-10 11:28:31 —-D—- C:\Windows\system32\en-US
2014-07-10 11:28:30 —-D—- C:\Program Files (x86)\Internet Explorer
2014-07-10 00:39:57 —-D—- C:\Windows\system32\MRT
2014-07-10 00:38:51 —-A—- C:\Windows\system32\MRT.exe
2014-07-10 00:38:19 —-D—- C:\ProgramData\Microsoft Help
2014-07-09 14:21:01 —-D—- C:\Windows\system32\catroot2
2014-07-09 14:21:01 —-D—- C:\Windows\system32\catroot
2014-06-30 14:19:34 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 09:34:03 —-D—- C:\Windows\rescache
2014-06-12 06:31:51 —-D—- C:\Windows\system32\DriverStore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys
S1 iSafeKrnlR3;iSafeKrnl Ring3 Driver; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 iSafeService;iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10-7-2014
Scan Time: 19:14:11
Logfile: MBA.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.10.05
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Toshiba
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271591
Time Elapsed: 11 min, 14 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
Trojan.FakeAdobe, C:\$Recycle.Bin\S-1-5-21-2059506328-3362234788-583328231-1000\$REUVLBG.exe, Quarantined, ,
PUP.Optional.Superfish.A, C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, ,
PUP.Optional.Superfish.A, C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, ,
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 10-7-2014 19:12:38, SYSTEM, TOSHIBA-PC, Protection, Malware Protection, Starting,
Protection, 10-7-2014 19:12:38, SYSTEM, TOSHIBA-PC, Protection, Malware Protection, Started,
Protection, 10-7-2014 19:12:38, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Starting,
Protection, 10-7-2014 19:13:15, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Started,
Update, 10-7-2014 19:13:33, SYSTEM, TOSHIBA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.9.1,
Update, 10-7-2014 19:13:59, SYSTEM, TOSHIBA-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.10.5,
Protection, 10-7-2014 19:14:00, SYSTEM, TOSHIBA-PC, Protection, Refresh, Starting,
Protection, 10-7-2014 19:14:00, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 10-7-2014 19:14:00, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 10-7-2014 19:14:06, SYSTEM, TOSHIBA-PC, Protection, Refresh, Success,
Protection, 10-7-2014 19:14:06, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Starting,
Protection, 10-7-2014 19:14:07, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Started,
Protection, 10-7-2014 19:43:21, SYSTEM, TOSHIBA-PC, Protection, Malware Protection, Starting,
Protection, 10-7-2014 19:43:21, SYSTEM, TOSHIBA-PC, Protection, Malware Protection, Started,
Protection, 10-7-2014 19:43:21, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Starting,
Protection, 10-7-2014 19:44:05, SYSTEM, TOSHIBA-PC, Protection, Malicious Website Protection, Started,
(end)
Ben

11-07-2014 09:11

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
M@ria

11-07-2014 14:12

zoek gaf een foutmelding zie hier
Zoek.exe v5.0.0.0 Updated 05-July-2014
Tool run by Toshiba on vr 11-07-2014 at 11:37:49,20.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Toshiba\Downloads\zoek.exe
==== System Restore Info ======================
11-7-2014 11:41:50 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Toshiba\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Toshiba\AppData\Roaming\eCyber deleted
C:\Users\Toshiba\AppData\Roaming\iSafe deleted
C:\Users\Toshiba\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3933 MB
CPU Info: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
CPU Speed: 811,8 MHz
Sound Card: Luidsprekers (High Definition A |
Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter | Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
CD / DVD Drives: 1x (E: | ) E: PIONEER DVD-RW DVRTD09A
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 195,2GB | D: 102,8GB
Hard Disks - Free: C: 151,7GB | D: 102,7GB
Manufacturer *: TOSHIBA
BIOS Info: AT/AT COMPATIBLE | 09/04/09 | TOSCPL - 6040000
Time Zone: West-Europa (standaardtijd)
Motherboard *: TOSHIBA KSWAA
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 35.0.1916.153
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 30.0 (x86 nl)
Google Chrome version: 35.0.1916.153
Adobe Reader version: 11.0.07.79
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Toshiba\AppData\Local\Temp ====
2014-07-10 13:39:09 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 —-a-w- C:\Users\Toshiba\AppData\Local\Temp\ESGScanner.sys
2014-07-10 13:36:01 526DFC8D4DB22124C0832309874CD42D 47329360 —-a-w- C:\Users\Toshiba\AppData\Local\Temp\SHSetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-09 12:22:17 C6A991D7DF17EBD8DE4739CD1F283133 646144 —-a-w- C:\Windows\SysWOW64\osk.exe
2014-07-09 12:22:15 492FF9C530EC0352B3C904CE9898269D 509440 —-a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-09 12:22:09 1A0BE0092646F564FAF204E678AF8E03 550912 —-a-w- C:\Windows\SysWOW64\kerberos.dll
2014-07-09 12:22:08 F95E1E9D97D25C11F29CA34C843A6F4D 247808 —-a-w- C:\Windows\SysWOW64\schannel.dll
2014-07-09 12:22:08 C71CC796F0E2E9BD542C87532706FCFE 172032 —-a-w- C:\Windows\SysWOW64\wdigest.dll
2014-07-09 12:22:08 C61DDFE40204F3BE3DF111981D91560E 220160 —-a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 12:22:08 8BA721F76C97A219599E88722AA48875 259584 —-a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 12:22:08 6CB2616152ADCDF39F05B08E4858F476 65536 —-a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 12:22:07 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 —-a-w- C:\Windows\SysWOW64\credssp.dll
2014-07-09 12:21:53 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 12:21:53 67EA1BB7F6428A10C64D5A732976F871 69632 —-a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 12:21:53 448854C4FE94C0FA329CC38FF103DC74 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 12:21:52 7C44C697BA6D0B698B91AC6516A731C3 1139200 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-09 12:21:51 E739AEDCA67F214F96C2520BA293B12B 526336 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 12:21:51 DFA59840BB1220AFD261FDAE83543959 17276416 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-09 12:21:51 BE0EA764820239F7785410CBE3880086 32256 —-a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 12:21:51 9385D7C5DF2566D01B1FB150F381D50B 367616 —-a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 12:21:51 91CF46BBB827E461C498A1D7D1A71AD6 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-09 12:21:50 42BF66A4DC35DAD3564065173372CCE9 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 12:21:49 CE94480E78CC3A1A17B53F2BB65639BD 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-09 12:21:49 4B774E842F268D51DB942EF9637828B9 1964544 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 12:21:49 084FB28A790685F32A6D7D003777696D 2179072 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-09 12:21:48 A9F8343A3234FC7A42DDA4569827B411 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 12:21:48 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 —-a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 12:21:47 F2A99A4293CAF7956FF7801D36D5A3B2 442368 —-a-w- C:\Windows\SysWOW64\ieui.dll
2014-07-09 12:21:47 573E522A27210701EB8A6C476D36FFF6 239616 —-a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 12:21:46 FC733FD7721200D5136F6F8112E97B00 11742208 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-09 12:21:44 FDA05E78813F543A6E9AC6B23EC696F2 1068032 —-a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 12:21:44 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-09 12:21:44 09CBE4B1AEF497FC05493B09EA2C1757 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:21:44 045A91095A605BB20FF2B37546FE62B0 455168 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2014-07-09 12:21:43 CCC198257901BEEA2FBF8EB1E7678356 1791488 —-a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-09 12:21:43 8046CF629D8AE766C22145F4A6AFFBE1 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-09 12:21:43 557D60DF85D61C290A1D09E7115B294B 62464 —-a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 12:21:43 175A663547805367C10746FC416D4605 704512 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 12:21:25 A0E053D8D97ED0F913D56E6AF21DD26F 22016 —-a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-09 12:21:25 230AAF45031E87638CA4053C0399C1E6 96768 —-a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-10 14:48:22 82446D358A9FB51CB9DA32A5C901D7A0 21040 —-a-w- C:\Windows\Sysnative\sdnclean64.exe
2014-07-09 12:22:36 03282D1ADC4F64D27D697CBB63F972C2 519168 —-a-w- C:\Windows\Sysnative\aepdu.dll
2014-07-09 12:22:35 980394E1FF94E460C4D71C1B098A0B4F 424448 —-a-w- C:\Windows\Sysnative\aeinv.dll
2014-07-09 12:22:19 F1726E14C8F7B40CD828345890AAF764 3157504 —-a-w- C:\Windows\Sysnative\win32k.sys
2014-07-09 12:22:16 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 —-a-w- C:\Windows\Sysnative\osk.exe
2014-07-09 12:22:15 D6AFBAA93169E6772565A1BC896D666B 624128 —-a-w- C:\Windows\Sysnative\qedit.dll
2014-07-09 12:22:09 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 —-a-w- C:\Windows\Sysnative\schannel.dll
2014-07-09 12:22:09 A805B5E68262302D1A60BE3DED5846C9 728064 —-a-w- C:\Windows\Sysnative\kerberos.dll
2014-07-09 12:22:08 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 —-a-w- C:\Windows\Sysnative\ncrypt.dll
2014-07-09 12:22:08 BFC98590EAB40C785D6134B1FA818A62 210944 —-a-w- C:\Windows\Sysnative\wdigest.dll
2014-07-09 12:22:08 7D1017ED11B7C3B162628069742B5E58 314880 —-a-w- C:\Windows\Sysnative\msv1_0.dll
2014-07-09 12:22:08 79EE13A5A406E4603874686B8005DA72 86528 —-a-w- C:\Windows\Sysnative\TSpkg.dll
2014-07-09 12:22:07 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 —-a-w- C:\Windows\Sysnative\credssp.dll
2014-07-09 12:21:53 FC50DF22550C565DD096ACFAF18A37ED 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-09 12:21:52 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-09 12:21:51 C2F62DF01E3552DB0571FEF4D514675B 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-07-09 12:21:51 C0F9F52C36E584C0339406ABF6DA1FBA 266424 —-a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-09 12:21:51 5E646AD50848A409291418B5759595B9 38400 —-a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-07-09 12:21:49 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 —-a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-09 12:21:48 7176CB0FFAAC3E54ABB2014E821120F9 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-07-09 12:21:48 391D68668CFC061F26BE593A61F745E0 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-07-09 12:21:47 D8E6706AECD7AA50764E126CE3F36555 631808 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-09 12:21:47 2E40D5E11BCC597352EE0314AF629A0F 452608 —-a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-09 12:21:46 CA67F68CEC788C0C69AD47C5125DDD8E 608768 —-a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-09 12:21:46 7469D4E046BD7D155CAC2697BD28B58B 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-09 12:21:45 A21C6231459F4CAC212676A9367A1A68 2768384 —-a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-09 12:21:45 1685AA234852657C4A6D253CCBBE84E0 2040832 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-09 12:21:43 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-09 12:21:42 854C5F171F5CEE272232AC0286F3B3B9 598016 —-a-w- C:\Windows\Sysnative\ieui.dll
2014-07-09 12:21:42 415DF2B045167D6D85223CFFF00FCFC7 292864 —-a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-09 12:21:41 945FA19B388FCF0FEA6124B5FD71C72F 1249280 —-a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-07-09 12:21:41 366FA6D38406DC8BED62825C196144D1 13527040 —-a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-09 12:21:41 1FD6C2F6AC489C271565730F6E9E1A05 85504 —-a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-09 12:21:40 CD76B3D60D28634A67B0AD7CB2E45929 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-07-09 12:21:40 50FF2DD806CC6CF3B3F98F9A1A711603 752640 —-a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-07-09 12:21:40 4EC7738394D2BC7BCB5F7A3657F57252 5721088 —-a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-09 12:21:40 00401347C3BC466E5F2516387EBBCA7D 548352 —-a-w- C:\Windows\Sysnative\vbscript.dll
2014-07-09 12:21:39 BDD4A74421B023C81DA63168BD10C01B 846336 —-a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-07-09 12:21:39 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 —-a-w- C:\Windows\Sysnative\wininet.dll
2014-07-09 12:21:38 F876957CA193B20A21D52F91418657D7 195584 —-a-w- C:\Windows\Sysnative\msrating.dll
2014-07-09 12:21:38 89A53CDE0DA5680AF48A181D82C752CA 83968 —-a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-07-09 12:21:37 FEC19C351EF1B2C998A85D1BFD765675 23464448 —-a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-09 12:21:37 52012C83F7E9AF65D13F04415F0508F5 940032 —-a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-07-09 12:21:26 D4CCE15190269486A5E6D4D4E597F798 1460736 —-a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-10 17:13:17 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-07-10 17:12:09 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-07-10 17:12:09 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-07-10 17:12:09 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-07-10 12:25:49 2526313ED5B17A70F47779251489C0AE 44544 —-a-w- C:\Windows\Sysnative\drivers\iSafeKrnlBoot.sys
2014-07-09 12:22:14 FA886682CFC5D36718D3E436AACF10B9 497152 —-a-w- C:\Windows\Sysnative\drivers\afd.sys
====== C:\Windows\Tasks ======
2014-07-10 19:57:14 F1BE1311CFE6DF7D685E9986467E4322 4054 —-a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-07-10 19:57:14 B3434A0F61F77DC79F28251713E623F0 1058 —-a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 19:57:13 B71CDA567AF2515A4D4848E0649A5AA1 3802 —-a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-07-10 19:57:13 73409F44F2CD48EE84F212DB61940408 1054 —-a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 14:48:44 ——– d—–w- C:\Windows\Sysnative\Tasks\Safer-Networking
2014-07-10 11:31:24 9F36B9C5789B34678138595B70EC6993 2992 —-a-w- C:\Windows\Sysnative\Tasks\{C90D2833-E286-40A4-AD91-565E40AB901D}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-10 18:01:28 ——– d—–w- C:\Program Files\trend micro
2014-07-10 13:39:01 ——– d—–w- C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2014-07-10 13:37:50 ——– d—–w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
======= C: =====
2014-07-10 13:39:42 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\autoexec.bat
====== C:\Users\Toshiba\AppData\Roaming ======
2014-07-10 14:46:36 ——– d—–w- C:\Users\Toshiba\AppData\Local\Programs
2014-07-10 11:34:35 ——– d—–w- C:\Users\Toshiba\AppData\Local\Deployment
2014-07-10 11:34:35 ——– d—–w- C:\Users\Toshiba\AppData\Local\Apps
====== C:\Users\Toshiba ======
2014-07-10 19:58:15 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-10 19:55:59 EC5BDA4602CC7C7B353D25570F2D4275 895120 —-a-w- C:\Users\Toshiba\Downloads\ChromeSetup(1).exe
2014-07-10 18:00:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\Toshiba\Downloads\RSITx64.exe
2014-07-10 17:09:48 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Toshiba\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 13:35:31 E503B9DCECA102941A5061F538B26CA6 728960 —-a-w- C:\Users\Toshiba\Downloads\SpyHunter-Installer.exe
2014-07-10 10:34:42 ——– d—–w- C:\ProgramData\FlashPlayer
====== C: exe-files ==
2014-07-10 19:57:57 EDAC53E2964C7ACE868208C3B6C5C8F1 39078480 —-a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\35.0.1916.153\35.0.1916.153_chrome_installer.exe
2014-07-10 19:57:11 EC5BDA4602CC7C7B353D25570F2D4275 895120 —-a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-07-10 19:57:11 AC6998D92A311E7CF0B4DAEC3566F444 51080 —-atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-07-10 19:57:11 956672375AF066D958E4D07F5ABAFC1A 51080 —-atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-07-10 19:57:11 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-07-10 19:57:09 AA0E4F73727BFC8BA404884B1C1DB719 285064 —-atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-07-10 19:57:09 80E350E0AA963B2125896B13E60A4D68 114568 —-atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-07-10 19:57:09 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-07-10 19:57:09 397D14958D6C9C2B365469A857B2AC4E 230792 —-atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-07-10 19:55:59 EC5BDA4602CC7C7B353D25570F2D4275 895120 —-a-w- C:\Users\Toshiba\Downloads\ChromeSetup(1).exe
2014-07-10 18:01:28 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Toshiba.exe
2014-07-10 18:00:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\Toshiba\Downloads\RSITx64.exe
2014-07-10 17:09:48 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Toshiba\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 16:57:09 25D473D7805261C752DA738B13E35816 185271 —-a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.exe
2014-07-10 14:48:22 82446D358A9FB51CB9DA32A5C901D7A0 21040 —-a-w- C:\Windows\System32\sdnclean64.exe
2014-07-10 13:38:05 15E51E8ADDED68AE73CD46AE671923E2 190437 —-a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla36.exe
2014-07-10 13:36:01 526DFC8D4DB22124C0832309874CD42D 47329360 —-a-w- C:\Users\Toshiba\AppData\Local\Temp\SHSetup.exe
2014-07-10 13:35:31 E503B9DCECA102941A5061F538B26CA6 728960 —-a-w- C:\Users\Toshiba\Downloads\SpyHunter-Installer.exe
2014-07-10 11:34:53 F2E1B9CBACF89B79F1EAF7F0034EAC1B 10120 ——w- C:\Users\Toshiba\AppData\Local\Apps\2.0\Y8ZZ5GLP.O1Q\PZZNE7OY.3PH\inst…app_4fe91ede9f9bdca3_0001.0003_220833ca61e45306\clickonce_bootstrap.exe
2014-07-10 11:34:53 901AC7A94B75648F4084A37640473271 895120 —-a-w- C:\Users\Toshiba\AppData\Local\Apps\2.0\Y8ZZ5GLP.O1Q\PZZNE7OY.3PH\inst…app_4fe91ede9f9bdca3_0001.0003_220833ca61e45306\GoogleUpdateSetup.exe
2014-07-10 11:34:53 901AC7A94B75648F4084A37640473271 895120 —-a-w- C:\Users\Toshiba\AppData\Local\Apps\2.0\Y8ZZ5GLP.O1Q\PZZNE7OY.3PH\clic…exe_4fe91ede9f9bdca3_0001.0003_none_b13295ce3920a12c\GoogleUpdateSetup.exe
2014-07-09 12:22:36 B1544CE66FD0135A170F09B66A9E7800 172200 —-a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-07-09 12:22:35 679A800CFFBB8EA970506887045F2E41 46752 —-a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-07-09 12:22:29 A1CF92651A2274E887189DABD2929DEF 82944 —-a-w- C:\Windows\SysWOW64\Dism\DismHost.exe
2014-07-09 12:22:29 516A5FCE06BB388499238A5F9286CB74 96768 —-a-w- C:\Windows\System32\Dism\DismHost.exe
2014-07-09 12:22:18 20235ED4653CFDDCDEF721F5126A1C47 224768 —-a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 12:22:17 C6A991D7DF17EBD8DE4739CD1F283133 646144 —-a-w- C:\Windows\SysWOW64\osk.exe
2014-07-09 12:22:16 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 —-a-w- C:\Windows\System32\osk.exe
2014-07-09 12:22:16 89D2706FCD45E33CECFBD46BCBAD7E16 10240 —-a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2014-07-09 12:21:52 61FF1A9683EDD471797FE0F56057FD09 222720 —-a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-07-09 12:21:52 24868C9D422EDB5B249C0C81B01A0C19 810160 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-09 12:21:49 CD900EFB4F8946A2BB1950D9F45915C2 812216 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-09 12:21:49 65D0ECD485C8605B07C8338708224818 222720 —-a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-07-09 12:21:49 2168067C03FADB690B77633104A2E64B 470016 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-07-09 12:21:48 7176CB0FFAAC3E54ABB2014E821120F9 111616 —-a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-09 12:21:46 CA67F68CEC788C0C69AD47C5125DDD8E 608768 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-07-09 12:21:45 8395829B1CE9E11C6441753257DC7591 482816 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-09 12:21:44 09CBE4B1AEF497FC05493B09EA2C1757 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 12:21:40 CD76B3D60D28634A67B0AD7CB2E45929 139264 —-a-w- C:\Windows\System32\ieUnatt.exe
2014-07-09 12:21:37 52012C83F7E9AF65D13F04415F0508F5 940032 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
=== C: other files ==
2014-07-10 17:13:17 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-10 17:12:09 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-10 17:12:09 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-10 17:12:09 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-10 13:39:42 D41D8CD98F00B204E9800998ECF8427E 0 —-a-w- C:\autoexec.bat
2014-07-10 13:39:09 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 —-a-w- C:\Users\Toshiba\AppData\Local\Temp\ESGScanner.sys
2014-07-10 12:25:49 2526313ED5B17A70F47779251489C0AE 44544 —-a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-07-10 10:34:42 FD08ECC659045580FEAFBE6951C42214 16174 —-a-w- C:\ProgramData\FlashPlayer\FlashPlayerv2.crx
2014-07-09 12:22:19 F1726E14C8F7B40CD828345890AAF764 3157504 —-a-w- C:\Windows\System32\win32k.sys
2014-07-09 12:22:14 FA886682CFC5D36718D3E436AACF10B9 497152 —-a-w- C:\Windows\System32\drivers\afd.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“KiesPreload”=“C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“KiesTrayAgent”=“C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe”
“SDTray”=“C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
“KiesPreload”=“C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload”
“TomTomHOME.exe”=“C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
==== Startup Registry Enabled x64 ======================
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Other Scheduled Tasks ======================
“C:\Windows\SysNative\tasks\CCleanerSkipUAC”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA”
“C:\Windows\SysNative\tasks\{C90D2833-E286-40A4-AD91-565E40AB901D}”
“C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates”
“C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization”
“C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system”
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
2014-02-25 20:15:40 ——– d—–w- C:\PROGRA~3\TomTom
2014-07-10 10:34:42 ——– d—–w- C:\PROGRA~3\FlashPlayer
2014-07-10 14:48:07 ——– d—–w- C:\PROGRA~3\Spybot - Search & Destroy
2014-07-10 17:12:09 ——– d—–w- C:\PROGRA~3\Malwarebytes
==== Firefox Extensions ======================
ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\z8da63ey.default
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Multi Links - %ProfilePath%\extensions\multilinks@plugin.xpi
- Reload Plus - %ProfilePath%\extensions\reloadplus@blackwind.xpi
- ReloadEvery - %ProfilePath%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
ProfilePath: C:\Users\Toshiba\AppData\Roaming\TomTom\HOME\Profiles\igyqs163.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ppcdpabdaaenpfihggajpnehffdcbima - C:\ProgramData\FlashPlayer\FlashPlayerv2.crx
Google Docs - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Adblock for Facebook - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbfjodonncabnangfknilmabjfofdikc
Google Wallet - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Last updated at time on date - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch
Gmail - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Pat - Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcdpabdaaenpfihggajpnehffdcbima
==== Set IE to Default ======================
Old Values:
“Start Page”=“https://www.google.nl/”
New Values:
“Start Page”=“https://www.google.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe”
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Toshiba\AppData\Local\Mozilla\Firefox\Profiles\z8da63ey.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=20 folders=8 499592 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Toshiba\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Toshiba\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on vr 11-07-2014 at 12:16:50,11 ======================
Ben

11-07-2014 14:16

Hallo,
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
M@ria

11-07-2014 14:49

moet ik dit verwijderen? of is het een ander tabblad dan register?
rudi

11-07-2014 15:40

Ja…dat bedoelt Ben.
Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
succes
Ben

11-07-2014 16:36

Hallo,
Klik maar op verwijderen (zoals rudi schrijft)
rudi

11-07-2014 17:25

Sorry voor mijn bemoeierigheid Ben, maar ik wist dit zooo zeker;)
M@ria

11-07-2014 18:13

Sorry had wat taxi ritjes tussendoor.
# AdwCleaner v3.215 - Rapport aangemaakt 11/07/2014 op 18:09:32
# Laatste Update 09/07/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Toshiba - TOSHIBA-PC
# Gestart vanuit : C:\Users\Toshiba\Downloads\adwcleaner_3.215.exe
# Optie : Verwijderen
***** *****
***** *****
***** *****
***** *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Sleutel Verwijderd : HKLM\Software\iSafe
***** *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v30.0 (nl)
-\\ Google Chrome v35.0.1916.153
Verwijderd : hxxp://www.marskramer.nl/zoeken?SearchQuery={searchTerms}
Verwijderd : hxxp://nl.softonic.com/s/{searchTerms}
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
M@ria

11-07-2014 18:38

De problemen als in de fotos omschreven, zijn weg -D (tu) Thanks
anders nog wat op de log aan te merken?

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

savings champion reclame

M@ria

Ben

M@ria

Ben

M@ria

rudi

Ben

rudi

M@ria

M@ria