Adware:Win32/CostMin

Dennis

14-08-2014 12:00

Goedenmorgen
heb last van een terug kerende Adware:Win32/CostMin
iemand idee om t weg te krijgen , MSE heeft m in qurantaine en mbam ook
krijg m toch weer terug steeds
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 14-8-2014
Scantijd: 11:49:34
Logbestand: mbam.txt
Beheerder: Ja
Versie: 2.00.2.1012
Malwaredatabase: v2014.08.14.03
Rootkitdatabase: v2014.08.04.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x86
Bestandssysteem: NTFS
Gebruiker: thuis
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 295942
Verstreken Tijd: 7 m, 1 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld
Processen: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registersleutels: 1
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1503026547-1912009487-2144695686-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantaine, ,
Registerwaardes: 0
(No malicious items detected)
Registerdata: 0
(No malicious items detected)
Mappen: 0
(No malicious items detected)
Bestanden: 0
(No malicious items detected)
Fysieke Sectoren: 0
(No malicious items detected)
(end)
Logfile of random's system information tool 1.10 (written by random/random)
Run by thuis at 2014-08-14 11:41:20
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 55 GB (36%) free of 153 GB
Total RAM: 1527 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:01, on 14-8-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\thuis\Downloads\RSIT.exe
C:\Program Files\trend micro\thuis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1406237157&from=irs&uid=ST3160815AS_6RX2X6XY&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
–
End of file - 4373 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\pv6o43hh.default
prefs.js - “browser.search.useDBForOrder” - true
“Description”=Adobe® Flash® Player 14.0.0.145 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\pv6o43hh.default\extensions\
azia@gggpaztkrb.net
C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\pv6o43hh.default\searchplugins\
yahoo.xml
======Registry dump======
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxdev.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-08-14 11:22:16 —-A—- C:\Windows\system32\infocardapi.dll
2014-08-14 11:22:09 —-A—- C:\Windows\system32\icardres.dll
2014-08-14 11:21:57 —-A—- C:\Windows\system32\icardagt.exe
2014-08-14 11:21:44 —-A—- C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:55:52 —-D—- C:\Users\thuis\AppData\Roaming\Oracle
2014-08-14 10:55:24 —-D—- C:\Program Files\Common Files\Java
2014-08-14 10:55:10 —-A—- C:\Windows\system32\javaws.exe
2014-08-14 10:54:59 —-A—- C:\Windows\system32\WindowsAccessBridge.dll
2014-08-14 10:54:59 —-A—- C:\Windows\system32\javaw.exe
2014-08-14 10:54:59 —-A—- C:\Windows\system32\java.exe
2014-08-14 10:54:43 —-D—- C:\Program Files\Java
2014-08-14 00:22:53 —-A—- C:\Windows\system32\rpcrt4.dll
2014-08-14 00:22:52 —-A—- C:\Windows\system32\drivers\dxgmms1.sys
2014-08-14 00:22:52 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-14 00:22:52 —-A—- C:\Windows\system32\cdd.dll
2014-08-14 00:22:46 —-A—- C:\Windows\system32\ieetwproxystub.dll
2014-08-14 00:22:45 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 00:22:45 —-A—- C:\Windows\system32\ieetwcollector.exe
2014-08-14 00:22:44 —-A—- C:\Windows\system32\urlmon.dll
2014-08-14 00:22:44 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 00:22:44 —-A—- C:\Windows\system32\iernonce.dll
2014-08-14 00:22:44 —-A—- C:\Windows\system32\iedkcs32.dll
2014-08-14 00:22:43 —-A—- C:\Windows\system32\jsproxy.dll
2014-08-14 00:22:43 —-A—- C:\Windows\system32\ieUnatt.exe
2014-08-14 00:22:42 —-A—- C:\Windows\system32\msfeeds.dll
2014-08-14 00:22:42 —-A—- C:\Windows\system32\dxtmsft.dll
2014-08-14 00:22:40 —-A—- C:\Windows\system32\msrating.dll
2014-08-14 00:22:40 —-A—- C:\Windows\system32\iesetup.dll
2014-08-14 00:22:40 —-A—- C:\Windows\system32\ie4uinit.exe
2014-08-14 00:22:39 —-A—- C:\Windows\system32\vbscript.dll
2014-08-14 00:22:39 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 00:22:38 —-A—- C:\Windows\system32\wininet.dll
2014-08-14 00:22:38 —-A—- C:\Windows\system32\ieapfltr.dll
2014-08-14 00:22:36 —-A—- C:\Windows\system32\ieui.dll
2014-08-14 00:22:36 —-A—- C:\Windows\system32\dxtrans.dll
2014-08-14 00:22:35 —-A—- C:\Windows\system32\ieframe.dll
2014-08-14 00:22:34 —-A—- C:\Windows\system32\mshtmled.dll
2014-08-14 00:22:33 —-A—- C:\Windows\system32\mshtmlmedia.dll
2014-08-14 00:22:32 —-A—- C:\Windows\system32\MshtmlDac.dll
2014-08-14 00:22:32 —-A—- C:\Windows\system32\iertutil.dll
2014-08-14 00:22:29 —-A—- C:\Windows\system32\jscript9diag.dll
2014-08-14 00:22:28 —-A—- C:\Windows\system32\jscript9.dll
2014-08-14 00:22:27 —-A—- C:\Windows\system32\mshtml.dll
2014-08-14 00:22:05 —-A—- C:\Windows\system32\win32k.sys
2014-08-14 00:22:04 —-A—- C:\Windows\system32\gdi32.dll
2014-08-14 00:22:00 —-A—- C:\Windows\system32\tzres.dll
2014-08-14 00:21:36 —-A—- C:\Windows\system32\msi.dll
2014-08-14 00:21:36 —-A—- C:\Windows\system32\authui.dll
2014-08-14 00:21:35 —-A—- C:\Windows\system32\msihnd.dll
2014-08-14 00:21:35 —-A—- C:\Windows\system32\consent.exe
2014-08-14 00:21:10 —-A—- C:\Windows\system32\aepdu.dll
2014-08-14 00:21:08 —-A—- C:\Windows\system32\aeinv.dll
2014-08-14 00:21:06 —-A—- C:\Windows\system32\shell32.dll
2014-08-14 00:20:59 —-A—- C:\Windows\system32\KBDTAT.DLL
2014-08-14 00:20:59 —-A—- C:\Windows\system32\KBDRU.DLL
2014-08-14 00:20:58 —-A—- C:\Windows\system32\KBDYAK.DLL
2014-08-14 00:20:58 —-A—- C:\Windows\system32\KBDRU1.DLL
2014-08-14 00:20:58 —-A—- C:\Windows\system32\KBDBASH.DLL
2014-07-25 23:25:15 —-A—- C:\Windows\system32\tasks.dll
2014-07-25 00:33:52 —-D—- C:\Users\thuis\AppData\Roaming\vlc
2014-07-24 23:41:53 —-D—- C:\Users\thuis\AppData\Roaming\BitTorrent
2014-07-24 23:25:47 —-D—- C:\Program Files\Supporter
2014-07-24 23:25:29 —-D—- C:\ProgramData\ced39d3a43eb61dd
2014-07-24 23:25:11 —-D—- C:\Program Files\GetPrivate
2014-07-24 23:25:08 —-D—- C:\Users\thuis\AppData\Roaming\GetPrivate
2014-07-24 23:19:43 —-D—- C:\ProgramData\TEMP
2014-07-24 23:15:28 —-D—- C:\Program Files\VideoLAN
2014-07-23 13:00:11 —-D—- C:\Program Files\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2014-08-14 11:41:56 —-D—- C:\Windows\Temp
2014-08-14 11:41:23 —-D—- C:\Program Files\trend micro
2014-08-14 11:32:52 —-D—- C:\Windows\system32\config
2014-08-14 11:32:04 —-D—- C:\Windows\Microsoft.NET
2014-08-14 11:32:03 —-RSD—- C:\Windows\assembly
2014-08-14 11:26:53 —-D—- C:\Windows\system32\wdi
2014-08-14 11:25:05 —-D—- C:\Windows
2014-08-14 11:23:15 —-D—- C:\Windows\winsxs
2014-08-14 11:23:03 —-D—- C:\Windows\system32\nl-NL
2014-08-14 11:23:03 —-D—- C:\Windows\System32
2014-08-14 11:22:58 —-D—- C:\Windows\system32\catroot
2014-08-14 11:22:55 —-D—- C:\Windows\system32\catroot2
2014-08-14 11:20:56 —-SHD—- C:\System Volume Information
2014-08-14 10:56:53 —-D—- C:\Windows\debug
2014-08-14 10:55:30 —-D—- C:\ProgramData\Oracle
2014-08-14 10:55:26 —-SHD—- C:\Windows\Installer
2014-08-14 10:55:24 —-D—- C:\Program Files\Common Files
2014-08-14 10:54:43 —-RD—- C:\Program Files
2014-08-14 10:54:22 —-D—- C:\Windows\Prefetch
2014-08-14 10:09:00 —-D—- C:\Windows\system32\en-US
2014-08-14 10:09:00 —-D—- C:\Windows\system32\drivers
2014-08-14 10:09:00 —-D—- C:\Windows\PolicyDefinitions
2014-08-14 10:09:00 —-D—- C:\Windows\ehome
2014-08-14 10:08:59 —-SD—- C:\Windows\system32\CompatTel
2014-08-14 10:08:59 —-D—- C:\Program Files\Internet Explorer
2014-08-14 10:08:56 —-RSD—- C:\Windows\Fonts
2014-08-14 09:53:40 —-D—- C:\ProgramData\Microsoft Help
2014-08-14 09:51:24 —-D—- C:\Windows\system32\MRT
2014-08-14 09:51:18 —-A—- C:\Windows\system32\MRT.exe
2014-07-29 16:17:43 —-D—- C:\Windows\inf
2014-07-28 02:08:53 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-07-26 10:49:17 —-D—- C:\Windows\Logs
2014-07-25 11:19:41 —-HD—- C:\ProgramData
2014-07-25 11:03:01 —-D—- C:\Windows\system32\Tasks
2014-07-25 11:01:33 —-D—- C:\Windows\Tasks
2014-07-24 23:25:25 —-HD—- C:\Windows\system32\GroupPolicy
2014-07-24 23:25:24 —-RD—- C:\Users
2014-07-24 23:12:01 —-D—- C:\Windows\Resources
2014-07-24 06:58:39 —-D—- C:\Program Files\Microsoft Silverlight
2014-07-23 18:35:34 —-D—- C:\Program Files\Mozilla Maintenance Service
2014-07-16 10:00:19 —-D—- C:\Users\thuis\AppData\Roaming\Newsbin
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S4 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Ben

14-08-2014 13:35

Hallo,
Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Download Zoek.exe naar het bureaublad.
* Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
* Dubbelklik vervolgens op Zoek.exe om de tool te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
* Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post het geopende logje in het volgende bericht.
Dennis

14-08-2014 15:02

gedaan
logje
Zoek.exe v5.0.0.0 Updated 13-08-2014
Tool run by thuis on do 14-08-2014 at 14:33:42,03.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\thuis\Desktop\zoek.exe
==== System Restore Info ======================
14-8-2014 14:35:17 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Supporter deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\Users\thuis\AppData\Roaming\BitTorrent deleted successfully
C:\Users\thuis\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\thuis\AppData\Roaming\Vso deleted successfully
C:\Users\thuis\AppData\Roaming\WinRAR deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1503026547-1912009487-2144695686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{17FF133C-7D4F-4C56-AEA7-C0ED4704B134} deleted successfully
HKEY_USERS\S-1-5-21-1503026547-1912009487-2144695686-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8AFC0CC5-60F8-4F1D-ABBE-05B366BC66D2} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Users\thuis\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\pv6o43hh.default
user.js not found
—- Lines conduit removed from prefs.js —-
user_pref(“plugin.state.npconduitfirefoxplugin”, 0);
—- Lines extensions.r3tNdqm removed from prefs.js —-
user_pref(“extensions.r3tNdqm.epoch”, “1408054175”);
user_pref(“extensions.r3tNdqm.url”, "http://winnerhomecompletezip.net/sync2/?q=hfZ9oeqLC6nHtNbPhd98qjkGqGhTB6lKDzt4ok4rtNtVh7n0rjnEqHs9rTwGqja5tMFHhd9
—- FireFox user.js and prefs.js backups —-
prefs_14-08-2014_1445_.backup
==== Deleting Files \ Folders ======================
C:\Users\thuis\Searches deleted
C:\Windows\system32\tasks\Optimizer Pro Schedule deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\thuis\Documents\Optimizer Pro deleted
C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\pv6o43hh.default\extensions\azia@gggpaztkrb.net deleted
“C:\PROGRA~2\ced39d3a43eb61dd\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140724232529” deleted
“C:\PROGRA~2\ced39d3a43eb61dd\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140724232602” deleted
“C:\PROGRA~2\ced39d3a43eb61dd” deleted
==== System Specs ======================
Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)
Memory (RAM): 1528 MB
CPU Info: Intel(R) Pentium(R) D CPU 3.40GHz
CPU Speed: 3350,0 MHz
Sound Card: Luidsprekers (High Definition A |
Display Adapters: Intel(R) Q965/Q963 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Broadcom NetXtreme Gigabit Ethernet
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH24NSB0
Ports: COM1 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 149,0GB | D: 149,0GB
Hard Disks - Free: C: 43,0GB | D: 148,7GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 08/31/06 | DELL - 20060831
Time Zone: West-Europa (standaardtijd)
Motherboard *: Hewlett-Packard 0A60h
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox 31.0
Internet Explorer Version: 11.0.9600.17239
Mozilla Firefox version: 31.0 (x86 nl)
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 14.0.0.145
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\thuis\AppData\Local\Temp ====
====== Java Cache =====
2014-08-14 08:55:49 E8C80BF60938EE72EE77AB866EA40E2B 282048 —-a-w- C:\Users\thuis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-4a94b8f9
2014-08-14 08:55:47 0B23B3044AE9E02DCE26DB4D5E007252 848 —-a-w- C:\Users\thuis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-676d6dbe
2014-08-14 08:55:48 0B23B3044AE9E02DCE26DB4D5E007252 848 —-a-w- C:\Users\thuis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-6bfb5657
2014-08-14 08:55:48 3340AFC01618083C3F36CEE16771719B 445 —-a-w- C:\Users\thuis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
====== C:\Windows\system32 =====
2014-08-14 09:22:16 AF6655214DEBB2C8446DE843A02AAEBA 99480 —-a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 09:22:09 370FC4421ADE62FC89AC93B345570388 8856 —-a-w- C:\Windows\System32\icardres.dll
2014-08-14 09:21:57 8D466B36076BCD7997838C0DDB69764C 619672 —-a-w- C:\Windows\System32\icardagt.exe
2014-08-14 09:21:44 28A8B99DE70F376B18709E6B07D6A352 35480 —-a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 08:55:10 07EF2978A5BC36720378F95566697FD8 272808 —-a-w- C:\Windows\System32\javaws.exe
2014-08-14 08:54:59 49E203776C2ACB289385168A9058EE9E 96680 —-a-w- C:\Windows\System32\WindowsAccessBridge.dll
2014-08-14 08:54:59 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 —-a-w- C:\Windows\System32\javaw.exe
2014-08-14 08:54:59 11FD45A41DF45298686ED39062AABE2A 175528 —-a-w- C:\Windows\System32\java.exe
2014-08-13 22:22:53 C9059EF0C94C55C0DA9CACEE160A5F66 654336 —-a-w- C:\Windows\System32\rpcrt4.dll
2014-08-13 22:22:52 5860EE5C807CB3866551B845123493C6 107520 —-a-w- C:\Windows\System32\cdd.dll
2014-08-13 22:22:46 41A3A54603686FD437FA4E8EB95025F9 51200 —-a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-13 22:22:45 FEE3E022B00A5165ED645E38C1E6C776 60416 —-a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-13 22:22:45 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 —-a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-13 22:22:44 7B051C4A70F23A84A09366999FE63CBD 307384 —-a-w- C:\Windows\System32\iedkcs32.dll
2014-08-13 22:22:44 6D017C0E499443ACDE3D9B5DCD753F32 1169920 —-a-w- C:\Windows\System32\urlmon.dll
2014-08-13 22:22:44 478824EC0BCE9968C0DC787164B1753B 32768 —-a-w- C:\Windows\System32\iernonce.dll
2014-08-13 22:22:44 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-13 22:22:43 87C2B5010779DF6BE4732751C5DB5D64 112128 —-a-w- C:\Windows\System32\ieUnatt.exe
2014-08-13 22:22:43 36B67392AFB8901CC442EA988AD4603D 43008 —-a-w- C:\Windows\System32\jsproxy.dll
2014-08-13 22:22:42 E9B28B60C0272E2E1E462E6FB38E6B55 367104 —-a-w- C:\Windows\System32\dxtmsft.dll
2014-08-13 22:22:42 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 —-a-w- C:\Windows\System32\mshtml.tlb
2014-08-13 22:22:42 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 —-a-w- C:\Windows\System32\msfeeds.dll
2014-08-13 22:22:41 E70C00791A18866BB23B3A652E3390A0 2001920 —-a-w- C:\Windows\System32\inetcpl.cpl
2014-08-13 22:22:40 B91AA3BC8083E66925FAE29FDA485CEA 164864 —-a-w- C:\Windows\System32\msrating.dll
2014-08-13 22:22:40 7EFBB7A3C664A8DF93C9937DF76760A4 663040 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-08-13 22:22:40 4D0E91438CE181AF94C653B3BBE3C65A 61952 —-a-w- C:\Windows\System32\iesetup.dll
2014-08-13 22:22:39 D7D412D3436CFB85B383CDD3C9B455F0 4096 —-a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-13 22:22:39 9D16B568E318F49535AD72539C9997C2 455168 —-a-w- C:\Windows\System32\vbscript.dll
2014-08-13 22:22:38 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 —-a-w- C:\Windows\System32\wininet.dll
2014-08-13 22:22:38 18A3154606E3F8945956948A4E708007 704512 —-a-w- C:\Windows\System32\ieapfltr.dll
2014-08-13 22:22:36 F48A1A114382AB4EF8000E1943E6CF1F 438784 —-a-w- C:\Windows\System32\ieui.dll
2014-08-13 22:22:36 239575F9EA0D227516843EEE8B7342CA 239616 —-a-w- C:\Windows\System32\dxtrans.dll
2014-08-13 22:22:35 90FF511B751A0327D07C4073760F1578 11772928 —-a-w- C:\Windows\System32\ieframe.dll
2014-08-13 22:22:34 444EB30B1610A35FC99D62A91B2BCAA7 69632 —-a-w- C:\Windows\System32\mshtmled.dll
2014-08-13 22:22:33 49FFD37673BD20279A8BF27CC20040B3 1068032 —-a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-13 22:22:32 FF4A917DD7C387BD2715A5F67307FED1 2184704 —-a-w- C:\Windows\System32\iertutil.dll
2014-08-13 22:22:32 272420427EB96EA052C719AA796C09F2 61952 —-a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-13 22:22:29 24FA5F74D3B4BA62539DF87285BA934E 597504 —-a-w- C:\Windows\System32\jscript9diag.dll
2014-08-13 22:22:28 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 —-a-w- C:\Windows\System32\jscript9.dll
2014-08-13 22:22:27 8453DDF167CE2986AA4AB04BC6824925 17524224 —-a-w- C:\Windows\System32\mshtml.dll
2014-08-13 22:22:05 EB0AAAAC964609473049AF9A1AE26F42 2352640 —-a-w- C:\Windows\System32\win32k.sys
2014-08-13 22:22:04 8C192180F49B102626B6517E9B94645F 305152 —-a-w- C:\Windows\System32\gdi32.dll
2014-08-13 22:22:00 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 —-a-w- C:\Windows\System32\tzres.dll
2014-08-13 22:21:36 C212A43AA83A717AD38505F23ACDCB33 2363392 —-a-w- C:\Windows\System32\msi.dll
2014-08-13 22:21:36 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 —-a-w- C:\Windows\System32\authui.dll
2014-08-13 22:21:35 CADC4CFE957C24984FFA718AB7E4EF3C 101824 —-a-w- C:\Windows\System32\consent.exe
2014-08-13 22:21:35 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 —-a-w- C:\Windows\System32\msihnd.dll
2014-08-13 22:21:10 D14DF403FF550F6B1F4702CD2F288ABD 412160 —-a-w- C:\Windows\System32\aepdu.dll
2014-08-13 22:21:08 C4675C2734716F56FCA370CF1183457F 302592 —-a-w- C:\Windows\System32\aeinv.dll
2014-08-13 22:21:06 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 —-a-w- C:\Windows\System32\shell32.dll
2014-08-13 22:21:01 06FC8A93A4FA1F42A3D1D06694F2B339 419992 —-a-w- C:\Windows\System32\locale.nls
2014-08-13 22:20:59 F1886C30C3E4A7C5513525CBA665AA31 6144 —-a-w- C:\Windows\System32\KBDTAT.DLL
2014-08-13 22:20:59 EB3D06A9EDFDFD12228AD7A9F24D15D6 5632 —-a-w- C:\Windows\System32\KBDRU.DLL
2014-08-13 22:20:58 40FFC65117C4AC69D33DEC6D567392FD 6144 —-a-w- C:\Windows\System32\KBDYAK.DLL
2014-08-13 22:20:58 33DB506498E0419CD50B144DE7CCFC75 6144 —-a-w- C:\Windows\System32\KBDBASH.DLL
2014-08-13 22:20:58 1235259E135F87BF4AE5864A818E1513 6144 —-a-w- C:\Windows\System32\KBDRU1.DLL
====== C:\Windows\system32\drivers =====
2014-08-13 22:22:52 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-13 22:22:52 0EC652D17AB4607745FB4E6958E8FAB6 219072 —-a-w- C:\Windows\System32\drivers\dxgmms1.sys
====== C:\Windows\Tasks ======
2014-07-25 09:03:01 0A1F407C55B4516E807487064E03B45E 3150 —-a-w- C:\Windows\system32\Tasks\{A88C1C7B-D5CD-4F80-8472-89C34C654A52}
2014-07-24 21:25:12 D4CF2B54BCE007AA84689842A93CB327 3244 —-a-w- C:\Windows\system32\Tasks\GPUP
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-08-14 08:55:24 ——– d—–w- C:\Program Files\Common Files\Java
2014-08-14 08:54:43 ——– d—–w- C:\Program Files\Java
2014-07-24 21:25:11 ——– d—–w- C:\Program Files\GetPrivate
======= C: =====
2014-08-14 09:57:54 C678053D30874186852620DA54AF6003 1323 —-a-w- C:\mbam.txt
====== C:\Users\thuis\AppData\Roaming ======
2014-08-14 08:55:52 ——– d—–w- C:\Users\thuis\AppData\Roaming\Oracle
2014-07-24 22:33:52 ——– d—–w- C:\Users\thuis\AppData\Roaming\vlc
2014-07-24 21:25:27 ——– d—–w- C:\Users\thuis\AppData\Locallow\{4DA21369-7D96-F53F-C8E5-61DDC8FEE3B0}
2014-07-24 21:25:25 ——– d—–w- C:\Users\thuis\AppData\Local\Torch
2014-07-24 21:25:25 ——– d—–w- C:\Users\thuis\AppData\Local\Chromatic Browser
2014-07-24 21:25:25 ——– d—–w- C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-24 21:25:25 ——– d—–w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-24 21:25:25 ——– d—–w- C:\Users\Gast\AppData\Local\Torch
2014-07-24 21:25:25 ——– d—–w- C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-24 21:25:25 ——– d—–w- C:\Users\Administrator\AppData\Local\Torch
2014-07-24 21:25:25 ——– d—–w- C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-24 21:25:24 ——– d—–w- C:\Users\thuis\AppData\Local\Google
2014-07-24 21:25:24 ——– d—–w- C:\Users\thuis\AppData\Local\Comodo
2014-07-24 21:25:24 ——– d—–w- C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-24 21:25:24 ——– d—–w- C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-24 21:25:24 ——– d—–w- C:\Users\Gast\AppData\Local\Google
2014-07-24 21:25:24 ——– d—–w- C:\Users\Gast\AppData\Local\Comodo
2014-07-24 21:25:24 ——– d—–w- C:\Users\Administrator\AppData\Local\Google
2014-07-24 21:25:24 ——– d—–w- C:\Users\Administrator\AppData\Local\Comodo
2014-07-24 21:25:08 ——– d—–w- C:\Users\thuis\AppData\Roaming\GetPrivate
====== C:\Users\thuis ======
2014-08-14 09:40:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\thuis\Downloads\RSIT.exe
2014-08-14 08:54:59 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-24 21:25:26 6471C52810B8A50B8C7897FBE5F0E2D1 398 –sha-r- C:\ProgramData\ntuser.pol
2014-07-24 21:25:24 ——– d—–w- C:\Users\HomeGroupUser$\AppData
2014-07-24 21:25:24 ——– d—–w- C:\Users\Gast\AppData
2014-07-24 21:25:24 ——– d—–w- C:\Users\Administrator\AppData
2014-07-24 21:19:43 ——– d—–w- C:\ProgramData\TEMP
2014-07-16 20:03:41 ——– d—–w- C:\Users\thuis\boeken
====== C: exe-files ==
2014-08-14 09:40:24 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\thuis\Downloads\RSIT.exe
2014-08-14 09:21:57 8D466B36076BCD7997838C0DDB69764C 619672 —-a-w- C:\Windows\System32\icardagt.exe
2014-08-14 09:21:44 28A8B99DE70F376B18709E6B07D6A352 35480 —-a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 08:55:10 07EF2978A5BC36720378F95566697FD8 272808 —-a-w- C:\Windows\System32\javaws.exe
2014-08-14 08:54:59 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 —-a-w- C:\Windows\System32\javaw.exe
2014-08-14 08:54:59 11FD45A41DF45298686ED39062AABE2A 175528 —-a-w- C:\Windows\System32\java.exe
2014-08-14 08:54:50 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 —-a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-08-14 08:54:50 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 —-a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-08-14 08:54:50 8B986C008892DB58928BC72483ADF7B9 16808 —-a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-08-14 08:54:50 7BDCC29DDFBB355761A018A74D4A1E8C 16296 —-a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-08-14 08:54:50 7A17013ABD895DFBD61A5AF9996D0E5E 50088 —-a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-08-14 08:54:50 34CEC403ED594B55D55DED61A3A53DAF 16296 —-a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-08-14 08:54:49 F67D9621616CB31217A497FEDE4913F5 16296 —-a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-08-14 08:54:49 A788E5ED0454307CBCFB95CC33E5F717 16808 —-a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-08-14 08:54:49 48442596BFEB26E56898A0E4D2596A95 16296 —-a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-08-14 08:54:48 EC4C47AADE6606AFCDEAB28E29654ECE 75688 —-a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-08-14 08:54:48 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 —-a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-08-14 08:54:48 BF918C9473D64BBD53C22C47045883F5 182696 —-a-w- C:\Program Files\Java\jre7\bin\jqs.exe
2014-08-14 08:54:48 7ED5C21F9F29B5278FFF39718C667235 16296 —-a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-08-14 08:54:48 7DC9A0127F850997B4CFD9923C680D7D 16296 —-a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-08-14 08:54:48 0371CFD6228F89B5B9E20F67807987FE 16296 —-a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-08-14 08:54:47 8B657BA869AE7D3C6A29792C986E0DD5 68008 —-a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-08-14 08:54:47 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 —-a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-08-14 08:54:47 07EF2978A5BC36720378F95566697FD8 272808 —-a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-08-14 08:54:46 F69D8BDC202973592D710BC913D01919 48040 —-a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-08-14 08:54:46 C8883F91C31CAC40890AC8B668E05F61 16296 —-a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-08-14 08:54:46 11FD45A41DF45298686ED39062AABE2A 175528 —-a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-08-14 08:53:14 3842C46F2FBC7522EF625F1833530804 145408 —-a-w- C:\Users\thuis\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe
2014-08-13 22:22:45 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 —-a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-13 22:22:44 7BAF83ECFCB4AC9E90A4B459BDD59BCA 222720 —-a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-08-13 22:22:44 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-13 22:22:43 87C2B5010779DF6BE4732751C5DB5D64 112128 —-a-w- C:\Windows\System32\ieUnatt.exe
2014-08-13 22:22:41 6A60D0D167D35A07646EBCF796D770B4 470016 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-08-13 22:22:40 7EFBB7A3C664A8DF93C9937DF76760A4 663040 —-a-w- C:\Windows\System32\ie4uinit.exe
2014-08-13 22:22:39 CDF01A5C7927786A708EAEE91F14797B 812224 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-08-13 22:22:00 B289EAC1F6635298B15D3939324C2720 40448 —-a-w- C:\Windows\servicing\GC32\tzupd.exe
2014-08-13 22:21:35 CADC4CFE957C24984FFA718AB7E4EF3C 101824 —-a-w- C:\Windows\System32\consent.exe
2014-08-13 22:21:10 8E115B7CA5166036FB9B27BCEC7A62C8 42656 —-a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-08-13 22:21:10 2D02882987E9EF01C38C1618FB772A9A 145568 —-a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
=== C: other files ==
2014-08-14 08:54:51 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 —-a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-08-13 22:22:52 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-13 22:22:52 0EC652D17AB4607745FB4E6958E8FAB6 219072 —-a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-08-13 22:22:05 EB0AAAAC964609473049AF9A1AE26F42 2352640 —-a-w- C:\Windows\System32\win32k.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“SPReview”=“C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601”
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\system32\tasks\Adobe Flash Player Updater”
“C:\Windows\system32\tasks\CCleanerSkipUAC”
“C:\Windows\system32\tasks\CreateChoiceProcessTask”
“C:\Windows\system32\tasks\GPUP”
==== Folders in C:\PROGRA~2 0-6 Months Old ======================
2014-02-23 17:40:24 ——– d-sh–we C:\PROGRA~2\Bureaublad
2014-02-23 17:40:24 ——– d-sh–we C:\PROGRA~2\Documenten
2014-02-23 17:40:24 ——– d-sh–we C:\PROGRA~2\Favorieten
2014-02-23 17:40:24 ——– d-sh–we C:\PROGRA~2\Menu Start
2014-02-23 17:40:24 ——– d-sh–we C:\PROGRA~2\Sjablonen
2014-02-24 11:41:23 ——– d—–w- C:\PROGRA~2\Sun
2014-02-24 11:44:33 ——– d—–w- C:\PROGRA~2\Adobe
2014-02-24 11:49:02 ——– d—–w- C:\PROGRA~2\Microsoft Help
2014-02-24 12:37:40 ——– d—–w- C:\PROGRA~2\Malwarebytes
2014-02-24 20:41:59 ——– d—–w- C:\PROGRA~2\Spotnet
2014-02-25 20:37:21 ——– d–h–w- C:\PROGRA~2\CanonBJ
2014-04-29 09:40:35 ——– d—–w- C:\PROGRA~2\Mozilla
2014-06-19 11:55:30 ——– d—–w- C:\PROGRA~2\vsosdk
2014-07-24 21:19:43 ——– d—–w- C:\PROGRA~2\TEMP
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\pv6o43hh.default
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
cosstminn - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Administrator\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - Gast\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - thuis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - thuis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - thuis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - thuis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
cosstminn - thuis\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl
==== Chrome Fix ======================
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\thuis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\thuis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\thuis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\thuis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
C:\Users\thuis\AppData\Local\Torch\User Data\Default\Extensions\dlnojijhklngjeimjjhmdlkafgndhcfl deleted successfully
==== Set IE to Default ======================
Old Values:
“Start Page”=“https://www.google.nl/?gws_rd=ssl”
“Search Page”=“http://istart.webssearches.com/web/?type=ds&ts=1406237157&from=irs&uid=ST3160815AS_6RX2X6XY&q={searchTerms}”
New Values:
“Start Page”=“https://www.google.nl/?gws_rd=ssl”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
==== HijackThis Entries ======================
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\RunOnce: “C:\Windows\System32\SPReview\SPReview.exe” /sp:1 /errorfwlink:“http://go.microsoft.com/fwlink/?LinkID=122915” /build:7601 (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
==== Empty IE Cache ======================
C:\Users\thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\thuis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=100 folders=46 325888 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\thuis\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\thuis\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on do 14-08-2014 at 15:00:26,73 ======================
Ben

14-08-2014 15:26

Hallo,
Voer zoek.exe nogmaals uit met de volgende code;
C:\Users\thuis\AppData\Local\Torch;fs
C:\Users\thuis\AppData\Local\Chromatic Browser;fs
C:\Users\HomeGroupUser$\AppData\Local\Torch;fs
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser;fs
C:\Users\Gast\AppData\Local\Torch;fs
C:\Users\Gast\AppData\Local\Chromatic Browser;fs
C:\Users\Administrator\AppData\Local\Torch;fs
C:\Users\Administrator\AppData\Local\Chromatic Browser;fs
Na de herstart mag je het volgende uitvoeren;
Download AdwCleaner by Xplode naar het bureaublad.
* Sluit alle openstaande vensters.
* Dubbelklik op AdwCleaner om hem te starten.
* Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,
* Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
* Klik vervolgens op Scannen.
* Klik vervolgens op Verwijderen als er items zijn gevonden.
* Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt
Post aansluitend de inhoud van dit log in je volgende bericht.
Dennis

14-08-2014 16:15

hoi Ben
ik had zoek.exe gedaan alleen niet als Admin ???
is wel gelukt
logje adwarecleaner
# AdwCleaner v3.305 - Rapport aangemaakt 14/08/2014 op 16:10:24
# Laatste Update 14/08/2014 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Gebruikersnaam : thuis - THUIS-PC
# Gestart vanuit : C:\Users\thuis\Desktop\adwcleaner_3.305.exe
# Optie : Verwijderen
***** *****
***** *****
Map Verwijderd : C:\Program Files\GetPrivate
Map Verwijderd : C:\Users\thuis\AppData\Roaming\GetPrivate
Bestand Verwijderd : C:\Windows\system32\GroupPolicy\Machine\Registry.pol
***** *****
Taak Verwijderd : Optimizer Pro Schedule
***** *****
***** *****
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\speedupmypc
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKCU\Software\Optimizer Pro
Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Verwijderd : HKLM\Software\SupTab
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 nl)
-\\ Google Chrome v
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Ben

14-08-2014 18:46

Hallo,
>>>ik had zoek.exe gedaan alleen niet als Admin ??? <<<
Dan had je waarschijnlijk alle rechte al.
Hoe staat het hierna met je probleem?
Dennis

14-08-2014 21:14

Hoi Ben
geen melding meer
staat alleen 2 meldingen in mse qurantaine box ! verwijderen?
en in mbam ook meldingen in qurantaine ! ook verwijderen?
Gr Dennis
Ben

14-08-2014 21:18

Hallo,
>>>staat alleen 2 meldingen in mse qurantaine box ! verwijderen?
en in mbam ook meldingen in qurantaine ! ook verwijderen? <<<
Ik zelf wacht altijd een week of 2 voordat ik het verwijderder, je weet maar nooit.
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
Dennis

14-08-2014 21:49

Bedankt Ben
super dat je hebt geholpen
fijne avond nog
gr Dennis,
Ben

14-08-2014 22:00

Hallo,
Bedankt en graag gedaan.(tu)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Adware:Win32/CostMin

Dennis

Ben

Dennis

Ben

Dennis

Ben

Dennis

Ben

Dennis

Ben