websearch wil niet weg :(

  • San70

    Goedemorgen,

    IK heb sinds gisteren last van websearch :(

    Ik krijg hem niet meer weg uit mijn software

    zodra ik dat probeer krijg ik een schermpje te zien in me software van websearch

    en daar moet ik dus betreffende letters overnemen en als ik dat doe dan gaat hij laden , alleen er komt geen eind aan

    er wordt ook gevraagd of ik op repair wil klikken of gelijk wil verwijderen.

    Ik hoop dat iemand mij kan helpen , Alvast bedankt

    Groetjes San

    Malwarebytes Anti-Malware

    www.malwarebytes.org

    Scan Date: 11-9-2014

    Scan Time: 8:32:21

    Logfile: bam.txt

    Administrator: Yes

    Version: 2.00.2.1012

    Malware Database: v2014.09.11.01

    Rootkit Database: v2014.09.10.02

    License: Trial

    Malware Protection: Enabled

    Malicious Website Protection: Enabled

    Self-protection: Disabled

    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: Gebruiker

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 319632

    Time Elapsed: 9 min, 51 sec

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

    Processes: 0

    (No malicious items detected)

    Modules: 27

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak\bin\2f0ff925183b421098f5.dll, Delete-on-Reboot, ,

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak\bin\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}.dll, Delete-on-Reboot, ,

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak\bin\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    Registry Keys: 0

    (No malicious items detected)

    Registry Values: 0

    (No malicious items detected)

    Registry Data: 0

    (No malicious items detected)

    Folders: 126

    PUP.Optional.CouponSupport.A, C:\Support, Delete-on-Reboot, ,

    PUP.Optional.CouponSupport.A, C:\Support\649636217, Quarantined, ,

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak, Delete-on-Reboot, ,

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak\bin, Delete-on-Reboot, ,

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak\bin\plugins, Quarantined, ,

    PUP.Optional.Adanak.A, C:\Program Files (x86)\Adanak\bin\TEMP, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\de, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\en, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es_419, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\fr, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\it, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ja, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pl, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_BR, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_PT, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ru, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\tr, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\vi, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_CN, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_TW, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_metadata, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log, Quarantined, ,

    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, ,

    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, ,

    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, ,

    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarantined, ,

    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, ,

    PUP.Optional.SystemSpeedup, C:\Users\Gebruiker\AppData\Roaming\Systweak\ssd, Quarantined, ,

    PUP.Optional.MultiPlug.A, C:\ProgramData\cosstminn, Quarantined, ,

    PUP.Optional.MultiPlug.A, C:\Program Files (x86)\cosstminn, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\2.1.1000.13665, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Gebruiker\AppData\Roaming\Systweak\Advanced-System-Protector, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Gebruiker\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Delete-on-Reboot, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Delete-on-Reboot, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, ,

    Files: 193

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\download.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\icons.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\loading.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\weather.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\css\style.css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\logo.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\line.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\locationIcon.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\searchButton.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\weather.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\css\all.css, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\game.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_128.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_16.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_48.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\NEW.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\shopping.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\weather.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\webstore.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\default.jpg, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\iconsprite.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\idialog_s.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\ios5_button.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\left.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\loading.gif, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\loading2.gif, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\qBoxBg.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_bg.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_bg0.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_left.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_left0.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_right.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_right0.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\right.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\selected.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\titleBg.png, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\all.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\background.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\ga.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\jq.mobi.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\jump.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\pop.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\redirect.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\xagainit.js, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\de\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\en\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es_419\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\fr\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\it\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ja\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pl\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_BR\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_PT\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ru\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\tr\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\vi\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_CN\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_TW\messages.json, Quarantined, ,

    PUP.Optional.QuickStart.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_metadata\verified_contents.json, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\237.json, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\MessageBox.xml, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\uninstallDlg2.xml, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\uninstalled2.ini, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\UninstallManager.exe, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\bg.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\bg1.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\bk_shadow.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\button.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\button1.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\checkbox.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\checkbox_select.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\checked.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\close.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\loading_bg.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\loading_light.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\min.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\scrollbar.bmp, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\Thumbs.db, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\unchecked.png, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\code1.jpg, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\code2.jpg, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\code3.jpg, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\code4.jpg, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\code5.jpg, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\code6.jpg, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\images\code\Thumbs.db, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Roaming\webssearches\log\UninstallManager_2014-09-11.log, Quarantined, ,

    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, ,

    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-10.log, Quarantined, ,

    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, ,

    PUP.Optional.SystemSpeedup, C:\Users\Gebruiker\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Delete-on-Reboot, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, ,

    PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\completedatabase.db, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Cookies.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\DigSign.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePathFIX.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePaths.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FileSignature.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Folders.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Md5.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Registry.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\SetupSign.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\StrSetupSign.bin, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\100oupdate.zip, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1835completedatabase.zip, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1947mupdate.zip, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1948update.zip, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1949update.zip, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Gebruiker\AppData\Roaming\Systweak\Advanced-System-Protector\QDetail.db, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Gebruiker\AppData\Roaming\Systweak\Advanced-System-Protector\Settings.db, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Gebruiker\AppData\Roaming\Systweak\Advanced-System-Protector\Update.ini, Quarantined, ,

    PUP.Optional.AdvancedSystemProtector.A, C:\Users\Gebruiker\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665\ASPLog.txt, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, Quarantined, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, Delete-on-Reboot, ,

    PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, Quarantined, ,

    PUP.Optional.Astromenda.A, C:\Users\Gebruiker\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe, Quarantined, ,

    PUP.Optional.WebsSearches.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( “homepage”: “http://istart.webssearches.com/?type=hp&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB”,), Replaced,

    Physical Sectors: 0

    (No malicious items detected)

    (end)

  • San70

    Logfile of random's system information tool 1.10 (written by random/random)

    Run by Gebruiker at 2014-09-11 08:52:24

    Microsoft Windows 7 Home Premium Service Pack 1

    System drive C: has 752 GB (79%) free of 954 GB

    Total RAM: 8174 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 8:52:40, on 11-9-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.17280)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe

    C:\Program Files (x86)\Origin\Origin.exe

    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files\trend micro\Gebruiker.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB&q={searchTerms}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\Direct3DVideoOutput.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectShowAudioDecode.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectSoundAudioOutput.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DivXDeinterlaceFilter.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DFXAudioTransform.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll”,DllRegisterServer

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun

    O4 - HKCU\..\Run: “C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe” /MINIMIZED

    O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Origin\Origin.exe” -AutoStart

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O11 - Options group: Accelerated graphics

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 12327 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    winlogon.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    “c:\Program Files\Microsoft Security Client\MsMpEng.exe”

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k NetworkService

    atieclxx

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    “C:\Windows\system32\Dwm.exe”

    C:\Windows\Explorer.EXE

    “taskhost.exe”

    “C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe” /launchService

    “C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe”

    “C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe”

    “C:\Program Files (x86)\Online Games Manager\ogmservice.exe” –service-run

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\viakaraokesrv.exe

    “C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe” /starttray

    “c:\Program Files\Microsoft Security Client\NisSrv.exe”

    C:\Windows\system32\SearchIndexer.exe /Embedding

    “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

    “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun

    “C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe” /MINIMIZED

    “C:\Windows\System32\StikyNot.exe”

    “C:\Program Files (x86)\Origin\Origin.exe” -AutoStart

    “C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe” -r

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM” PriorityLow

    “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW

    “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0

    “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” https://www.google.nl/

    “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=gpu-process –channel=“4644.0.559771807\440153501” –supports-dual-gpus=false –gpu-driver-bug-workarounds=1,17 –gpu-vendor-id=0x1002 –gpu-device-id=0x6819 –gpu-driver-vendor=“Advanced Micro Devices, Inc.” –gpu-driver-version=9.10.8.0 –ignored=“ –type=renderer ” /prefetch:822062411

    “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –type=renderer –lang=nl –force-fieldtrials=“ChromeSuggestions/ML Kodachrome dev/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionInstallVerification/None/GoogleNow/Enable/HpackHuffmanAggregator/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/SDCH/EnabledHttpOnly/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_42/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WindowsLogoffRace/WindowsLogoffRace/” –renderer-print-preview –enable-offline-auto-reload –enable-offline-auto-reload-visible-only –device-scale-factor=1 –enable-threaded-compositing –enable-delegated-renderer –channel=“4644.1.1769447327\1278197579” /prefetch:673131151

    C:\Windows\system32\sppsvc.exe

    C:\Windows\servicing\TrustedInstaller.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    “C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”

    “C:\Windows\system32\SearchFilterHost.exe” 0 524 528 536 65536 532

    “C:\Users\Gebruiker\Downloads\RSITx64.exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

    C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf2ab477afdd26.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

    ======Registry dump======

    SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

    SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    “MSC”=c:\Program Files\Microsoft Security Client\msseces.exe

    “Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe

    “BitTorrent”=C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe

    “RESTART_STICKY_NOTES”=C:\Windows\System32\StikyNot.exe

    “EADM”=C:\Program Files (x86)\Origin\Origin.exe

    “HDAudDeck”=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

    “StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    “DivXMediaServer”=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

    “DivXUpdate”=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

    “SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\Direct3DVideoOutput.dll”=C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\Direct3DVideoOutput.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectShowAudioDecode.dll”=C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectShowAudioDecode.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectSoundAudioOutput.dll”=C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectSoundAudioOutput.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DivXDeinterlaceFilter.dll”=C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DivXDeinterlaceFilter.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DFXAudioTransform.dll”=C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DFXAudioTransform.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll”=C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “NoActiveDesktop”=1

    “NoActiveDesktopChanges”=1

    “ForceActiveDesktopOn”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “aux1”=wdmaud.drv

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    “aux2”=wdmaud.drv

    “VIDC.LAGS”=lagarith.dll

    “vidc.XVID”=xvidvfw.dll

    “wave3”=wdmaud.drv

    “midi3”=wdmaud.drv

    “mixer3”=wdmaud.drv

    “aux3”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    .js - open - C:\Windows\System32\WScript.exe “%1” %*

    ======List of files/folders created in the last 1 month======

    2014-09-11 08:52:24 —-D—- C:\rsit

    2014-09-11 08:52:24 —-D—- C:\Program Files\trend micro

    2014-09-11 08:51:15 —-A—- C:\mamlog2.txt

    2014-09-11 08:44:17 —-A—- C:\malware.txt

    2014-09-11 08:29:55 —-A—- C:\Windows\system32\drivers\MBAMSwissArmy.sys

    2014-09-11 08:29:19 —-D—- C:\ProgramData\Malwarebytes

    2014-09-11 08:29:19 —-D—- C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-09-11 08:29:19 —-A—- C:\Windows\system32\drivers\mwac.sys

    2014-09-11 08:29:19 —-A—- C:\Windows\system32\drivers\mbamchameleon.sys

    2014-09-11 08:29:19 —-A—- C:\Windows\system32\drivers\mbam.sys

    2014-09-10 15:41:03 —-A—- C:\Windows\SYSWOW64\ieui.dll

    2014-09-10 15:41:03 —-A—- C:\Windows\system32\ieui.dll

    2014-09-10 15:41:02 —-A—- C:\Windows\SYSWOW64\MshtmlDac.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\SYSWOW64\ieUnatt.exe

    2014-09-10 15:41:01 —-A—- C:\Windows\SYSWOW64\dxtmsft.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\MshtmlDac.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\jscript9diag.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\ieUnatt.exe

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\iernonce.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\ieetwcollectorres.dll

    2014-09-10 15:41:01 —-A—- C:\Windows\system32\dxtmsft.dll

    2014-09-10 15:41:00 —-A—- C:\Windows\SYSWOW64\dxtrans.dll

    2014-09-10 15:41:00 —-A—- C:\Windows\system32\vbscript.dll

    2014-09-10 15:41:00 —-A—- C:\Windows\system32\dxtrans.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\vbscript.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\msrating.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\mshtmled.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\iesetup.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\iernonce.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\SYSWOW64\iedkcs32.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\msrating.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\mshtmled.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\msfeeds.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\jsproxy.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\iesetup.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\iedkcs32.dll

    2014-09-10 15:40:59 —-A—- C:\Windows\system32\ie4uinit.exe

    2014-09-10 15:40:58 —-A—- C:\Windows\SYSWOW64\jscript9diag.dll

    2014-09-10 15:40:58 —-A—- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

    2014-09-10 15:40:58 —-A—- C:\Windows\system32\mshtml.dll

    2014-09-10 15:40:57 —-A—- C:\Windows\SYSWOW64\mshtmlmedia.dll

    2014-09-10 15:40:57 —-A—- C:\Windows\SYSWOW64\ieetwproxystub.dll

    2014-09-10 15:40:57 —-A—- C:\Windows\SYSWOW64\ieapfltr.dll

    2014-09-10 15:40:57 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe

    2014-09-10 15:40:57 —-A—- C:\Windows\system32\mshtmlmedia.dll

    2014-09-10 15:40:57 —-A—- C:\Windows\system32\ieetwproxystub.dll

    2014-09-10 15:40:57 —-A—- C:\Windows\system32\ieetwcollector.exe

    2014-09-10 15:40:57 —-A—- C:\Windows\system32\ieapfltr.dll

    2014-09-10 15:40:55 —-A—- C:\Windows\SYSWOW64\wininet.dll

    2014-09-10 15:40:55 —-A—- C:\Windows\SYSWOW64\iertutil.dll

    2014-09-10 15:40:55 —-A—- C:\Windows\system32\wininet.dll

    2014-09-10 15:40:55 —-A—- C:\Windows\system32\jscript9.dll

    2014-09-10 15:40:55 —-A—- C:\Windows\system32\iertutil.dll

    2014-09-10 15:40:54 —-A—- C:\Windows\SYSWOW64\urlmon.dll

    2014-09-10 15:40:54 —-A—- C:\Windows\SYSWOW64\jscript9.dll

    2014-09-10 15:40:54 —-A—- C:\Windows\system32\urlmon.dll

    2014-09-10 15:40:53 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2014-09-10 15:40:53 —-A—- C:\Windows\SYSWOW64\ieframe.dll

    2014-09-10 15:40:53 —-A—- C:\Windows\system32\ieframe.dll

    2014-09-10 15:35:54 —-SHD—- C:\Config.Msi

    2014-09-10 15:28:29 —-A—- C:\Windows\SYSWOW64\msmpeg2vdec.dll

    2014-09-10 15:28:29 —-A—- C:\Windows\system32\msmpeg2vdec.dll

    2014-09-10 14:47:47 —-D—- C:\Users\Gebruiker\AppData\Roaming\337Games

    2014-09-10 14:47:38 —-D—- C:\ProgramData\Systweak

    2014-09-10 14:47:10 —-D—- C:\Users\Gebruiker\AppData\Roaming\Systweak

    2014-09-10 14:47:08 —-A—- C:\Windows\system32\roboot64.exe

    2014-09-10 14:46:57 —-D—- C:\ProgramData\b794e956457e94f6

    2014-09-10 14:11:12 —-A—- C:\Windows\SYSWOW64\TSWorkspace.dll

    2014-09-10 14:11:12 —-A—- C:\Windows\system32\TSWorkspace.dll

    2014-09-10 14:10:22 —-A—- C:\Windows\system32\d3d10warp.dll

    2014-09-10 14:10:21 —-A—- C:\Windows\SYSWOW64\d3d10warp.dll

    2014-09-10 14:10:10 —-A—- C:\Windows\SYSWOW64\kerberos.dll

    2014-09-10 14:10:10 —-A—- C:\Windows\system32\kerberos.dll

    2014-09-10 14:10:09 —-A—- C:\Windows\SYSWOW64\sspicli.dll

    2014-09-10 14:10:09 —-A—- C:\Windows\SYSWOW64\secur32.dll

    2014-09-10 14:10:09 —-A—- C:\Windows\system32\lsasrv.dll

    2014-09-10 14:10:07 —-A—- C:\Windows\system32\aepdu.dll

    2014-09-10 14:10:06 —-A—- C:\Windows\system32\aeinv.dll

    2014-08-28 04:58:23 —-A—- C:\Windows\SYSWOW64\gdi32.dll

    2014-08-28 04:58:23 —-A—- C:\Windows\system32\win32k.sys

    2014-08-28 04:58:23 —-A—- C:\Windows\system32\gdi32.dll

    2014-08-17 15:11:16 —-D—- C:\Program Files\CCleaner

    2014-08-15 00:10:30 —-A—- C:\Windows\SYSWOW64\infocardapi.dll

    2014-08-15 00:10:30 —-A—- C:\Windows\SYSWOW64\icardagt.exe

    2014-08-15 00:10:30 —-A—- C:\Windows\system32\infocardapi.dll

    2014-08-15 00:10:30 —-A—- C:\Windows\system32\icardagt.exe

    2014-08-15 00:10:29 —-A—- C:\Windows\SYSWOW64\icardres.dll

    2014-08-15 00:10:29 —-A—- C:\Windows\system32\icardres.dll

    2014-08-15 00:10:19 —-A—- C:\Windows\SYSWOW64\TsWpfWrp.exe

    2014-08-15 00:10:19 —-A—- C:\Windows\system32\TsWpfWrp.exe

    2014-08-14 16:07:17 —-D—- C:\Windows\Minidump

    2014-08-14 05:55:19 —-A—- C:\Windows\SYSWOW64\KBDYAK.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\SYSWOW64\KBDTAT.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\SYSWOW64\KBDRU1.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\SYSWOW64\KBDRU.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\SYSWOW64\KBDBASH.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\system32\KBDYAK.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\system32\KBDTAT.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\system32\KBDRU1.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\system32\KBDRU.DLL

    2014-08-14 05:55:19 —-A—- C:\Windows\system32\KBDBASH.DLL

    2014-08-14 05:55:17 —-A—- C:\Windows\SYSWOW64\tzres.dll

    2014-08-14 05:55:17 —-A—- C:\Windows\system32\tzres.dll

    2014-08-14 05:55:13 —-A—- C:\Windows\SYSWOW64\msi.dll

    2014-08-14 05:55:13 —-A—- C:\Windows\SYSWOW64\authui.dll

    2014-08-14 05:55:13 —-A—- C:\Windows\system32\msi.dll

    2014-08-14 05:55:13 —-A—- C:\Windows\system32\consent.exe

    2014-08-14 05:55:13 —-A—- C:\Windows\system32\authui.dll

    2014-08-14 05:55:12 —-A—- C:\Windows\SYSWOW64\msihnd.dll

    2014-08-14 05:55:12 —-A—- C:\Windows\system32\msihnd.dll

    2014-08-14 05:55:10 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys

    2014-08-14 05:55:09 —-A—- C:\Windows\SYSWOW64\shell32.dll

    2014-08-14 05:55:09 —-A—- C:\Windows\system32\shell32.dll

    2014-08-14 05:54:05 —-A—- C:\Windows\SYSWOW64\rpcrt4.dll

    2014-08-14 05:54:05 —-A—- C:\Windows\system32\rpcrt4.dll

    2014-08-13 16:03:21 —-A—- C:\Windows\SYSWOW64\vp6vfw.dll

    2014-08-13 16:03:08 —-D—- C:\ProgramData\Package Cache

    2014-08-13 15:18:05 —-D—- C:\Program Files (x86)\Origin Games

    2014-08-13 15:17:15 —-D—- C:\Users\Gebruiker\AppData\Roaming\Origin

    2014-08-13 15:11:21 —-D—- C:\ProgramData\Origin

    2014-08-13 15:11:21 —-D—- C:\ProgramData\Electronic Arts

    2014-08-13 15:11:19 —-D—- C:\Program Files (x86)\Origin

    2014-08-12 06:34:35 —-A—- C:\Windows\SYSWOW64\javaws.exe

    2014-08-12 06:34:31 —-A—- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

    2014-08-12 06:34:31 —-A—- C:\Windows\SYSWOW64\javaw.exe

    2014-08-12 06:34:31 —-A—- C:\Windows\SYSWOW64\java.exe

    ======List of files/folders modified in the last 1 month======

    2014-09-11 08:52:36 —-D—- C:\Windows\Prefetch

    2014-09-11 08:52:34 —-D—- C:\Users\Gebruiker\AppData\Roaming\BitTorrent

    2014-09-11 08:52:24 —-RD—- C:\Program Files

    2014-09-11 08:52:03 —-D—- C:\Windows\Temp

    2014-09-11 08:49:53 —-D—- C:\Windows\System32

    2014-09-11 08:49:53 —-D—- C:\Windows\inf

    2014-09-11 08:49:53 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-09-11 08:48:50 —-D—- C:\Windows\system32\config

    2014-09-11 08:47:10 —-D—- C:\Users\Gebruiker\AppData\Roaming\Skype

    2014-09-11 08:45:29 —-D—- C:\Windows

    2014-09-11 08:45:23 —-RSD—- C:\Windows\Fonts

    2014-09-11 08:45:23 —-RD—- C:\Program Files (x86)

    2014-09-11 08:45:22 —-HD—- C:\ProgramData

    2014-09-11 08:45:21 —-D—- C:\Windows\system32\drivers

    2014-09-11 08:44:19 —-A—- C:\Windows\win.ini

    2014-09-11 08:44:00 —-D—- C:\Windows\Tasks

    2014-09-11 08:44:00 —-D—- C:\Windows\system32\Tasks

    2014-09-10 21:46:46 —-D—- C:\Windows\rescache

    2014-09-10 18:36:59 —-D—- C:\Windows\Microsoft.NET

    2014-09-10 18:36:36 —-RSD—- C:\Windows\assembly

    2014-09-10 18:15:51 —-D—- C:\Windows\debug

    2014-09-10 16:11:35 —-D—- C:\Windows\winsxs

    2014-09-10 16:09:30 —-D—- C:\Windows\system32\catroot

    2014-09-10 16:09:11 —-D—- C:\Windows\SYSWOW64\nl-NL

    2014-09-10 16:09:11 —-D—- C:\Windows\SYSWOW64\en-US

    2014-09-10 16:09:11 —-D—- C:\Windows\SysWOW64

    2014-09-10 16:09:11 —-D—- C:\Windows\system32\nl-NL

    2014-09-10 16:09:11 —-D—- C:\Windows\system32\en-US

    2014-09-10 16:09:11 —-D—- C:\Program Files\Internet Explorer

    2014-09-10 16:09:11 —-D—- C:\Program Files (x86)\Internet Explorer

    2014-09-10 15:44:56 —-SHD—- C:\Windows\Installer

    2014-09-10 15:41:39 —-D—- C:\Windows\system32\catroot2

    2014-09-10 15:38:34 —-A—- C:\Windows\SYSWOW64\PerfStringBackup.INI

    2014-09-10 15:36:12 —-D—- C:\Program Files\Microsoft Security Client

    2014-09-10 15:36:06 —-D—- C:\Program Files (x86)\Microsoft Security Client

    2014-09-10 15:35:29 —-D—- C:\Windows\system32\MRT

    2014-09-10 15:29:35 —-A—- C:\Windows\system32\MRT.exe

    2014-09-10 15:28:15 —-SHD—- C:\System Volume Information

    2014-09-10 15:28:13 —-SD—- C:\Windows\system32\CompatTel

    2014-09-10 14:46:52 —-RD—- C:\Users

    2014-09-10 14:46:52 —-D—- C:\Program Files (x86)\Google

    2014-09-10 14:46:42 —-HD—- C:\Windows\system32\GroupPolicy

    2014-09-10 14:46:42 —-D—- C:\Windows\SYSWOW64\GroupPolicy

    2014-09-05 21:55:33 —-D—- C:\Program Files (x86)\World of Warcraft

    2014-09-02 08:49:07 —-D—- C:\Users\Gebruiker\AppData\Roaming\Identities

    2014-08-27 18:02:45 —-D—- C:\Program Files (x86)\Diablo III

    2014-08-27 12:26:28 —-D—- C:\ProgramData\Skype

    2014-08-27 12:26:26 —-D—- C:\Program Files (x86)\Common Files

    2014-08-26 14:21:45 —-D—- C:\Windows\system32\drivers\UMDF

    2014-08-26 14:16:30 —-D—- C:\Windows\system32\DriverStore

    2014-08-22 08:58:54 —-D—- C:\Program Files (x86)\Battle.net

    2014-08-19 08:46:07 —-D—- C:\Windows\LiveKernelReports

    2014-08-19 07:59:34 —-D—- C:\Program Files (x86)\Hearthstone

    2014-08-17 15:14:36 —-D—- C:\Users\Gebruiker\AppData\Roaming\TS3Client

    2014-08-17 15:14:25 —-D—- C:\Windows\Panther

    2014-08-17 15:14:25 —-D—- C:\Windows\Logs

    2014-08-15 00:20:52 —-D—- C:\Windows\ehome

    2014-08-15 00:20:43 —-D—- C:\Windows\PolicyDefinitions

    2014-08-12 06:34:44 —-D—- C:\ProgramData\Oracle

    2014-08-12 06:34:31 —-D—- C:\Program Files (x86)\Java

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys

    R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys

    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

    R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys

    R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys

    R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys

    R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys

    R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys

    R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

    R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys

    R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys

    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys

    S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys

    S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys

    S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe

    R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe

    R2 ogmservice;Online Games Manager; C:\Program Files (x86)\Online Games Manager\ogmservice.exe

    R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe

    R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc

    S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe

    S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

    —————–EOF—————–

  • fazantje

    Hoi San,

    Heb je jou computer al opnieuw opgestart?

    Zo niet, doe dit eerst.

    Vervolgens doe je het volgende:

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    torpigcheck;

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop “Run script”.

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

    Succes,

    Huib;)

  • San70

    Zoek.exe v5.0.0.0 Updated 10-September-2014

    Tool run by Gebruiker on do 11-09-2014 at 13:30:01,37.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Gebruiker\Downloads\zoek.exe

    ==== System Restore Info ======================

    11-9-2014 13:35:57 Zoek.exe System Restore Point Created Succesfully.

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

    ==== Empty Folders Check ======================

    C:\PROGRA~3\Oracle deleted successfully

    C:\PROGRA~3\Systweak deleted successfully

    C:\Users\Gebruiker\AppData\Roaming\Systweak deleted successfully

    C:\Users\Gebruiker\AppData\Roaming\WinRAR deleted successfully

    C:\Users\Gebruiker\AppData\Local\Soldiers deleted successfully

    C:\Users\Gebruiker\AppData\Local\Sparta deleted successfully

  • San70

    Ik krijg nu ook constant pop up waarschuwingen van malewarebytes, is dit mogelijk om uit te zetten?

  • San70

    Als ik google chrome opstart krijg ik dit weer in beeld http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

  • San70

    In mijn virusscanner Microsoft sec .Ess. zie ik dat TrojanDropper:win32/vatsics.A in quarantaine staat.

  • Ben

    Hallo,

    Dan heb je bij Mbam het vinkje niet weggehaald:

    Wanneer het installeren van Malwarebytes Anti-Malware gereed is krijgt je twee opties te zien die aangevinkt staan.

    Haal het vinkje weg bij de probeerversie, want de “gewone” is volledig gratis en kan op jou computer blijven.

    Verwijder Mbam straks kan je hem weer installeren.

    Je heb zoek.exe niet uitlaten scannen, dit is de voortgang van de scan.

    Als je zoek.exe heb afgesloten voer het dan nogmaals uit, er verschijnt dan van zelf een logje of je krijgt een melding dat je de pc moet her starten.

    Daarna is zoek.exe pas klaar. (voor meer informatie kunt je deze handleiding raadplegen)

  • San70

    Ik heb malwarebytes op nieuw gedownload en de oude verwijderd, geen last meer van die waarschuwingen.

    logje van zoek.exe

    Zoek.exe v5.0.0.0 Updated 10-September-2014

    Tool run by Gebruiker on do 11-09-2014 at 18:43:07,02.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Gebruiker\Downloads\zoek (1).exe

    ==== Older Logs ======================

    C:\zoek-results2014-09-11-113700.log 1141 bytes

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-2301901764-57174921-1766168985-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    ==== Running Processes ======================

    C:\Program Files (x86)\Online Games Manager\ogmservice.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe

    C:\Program Files (x86)\Origin\Origin.exe

    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Users\Gebruiker\Downloads\zoek (1).exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware\mbam.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe

    C:\Program Files (x86)\Battle.net\Battle.net.4944\Battle.net.exe

    C:\Program Files (x86)\Hearthstone\Hearthstone.exe

    ==== Deleting Services ======================

    ==== Deleting Files \ Folders ======================

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\337 GAMES.lnk deleted

    C:\Users\Gebruiker\AppData\Roaming\337Games deleted

    C:\PROGRA~3\Package Cache deleted

    C:\PROGRA~3\Trymedia deleted

    C:\Windows\SysNative\roboot64.exe deleted

    C:\windows\SysNative\Tasks\LaunchSignup deleted

    C:\windows\SysNative\tasks\YourFileDownloader Installer Starter deleted

    C:\END deleted

    C:\Windows\SysNative\config\systemprofile\Searches deleted

    C:\Windows\Syswow64\tmpD2C8.tmp deleted

    “C:\PROGRA~3\b794e956457e94f6\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140910144657” deleted

    “C:\PROGRA~3\b794e956457e94f6\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140910152501” deleted

    “C:\PROGRA~3\b794e956457e94f6” deleted

    ==== System Specs ======================

    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

    Memory (RAM): 8175 MB

    CPU Info: AMD FX™-6300 Six-Core Processor

    CPU Speed: 3514,3 MHz

    Sound Card: Luidsprekers (VIA High Definiti |

    HD Audio HDMI out (VIA High Def |

    SPDIF Interface (TX1) (VIA High |

    Display Adapters: AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | AMD Radeon HD 7800 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 1x; Algemeen PnP-beeldscherm |

    Screen Resolution: 1920 X 1080 - 32 bit

    Network: Network Present

    Network Adapters: Realtek PCIe GBE Family Controller #2

    CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH24NSB0

    Ports: COM1 LPT1

    Mouse: 5 Button Wheel Mouse Present

    Hard Disks: C: 931,4GB

    Hard Disks - Free: C: 738,2GB

    Manufacturer *: American Megatrends Inc.

    BIOS Info: AT/AT COMPATIBLE | 11/14/12 | 111412 - 20121114

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: ASUSTeK Computer INC. M5A78L-M/USB3

    Country: Nederland

    Language: NLD

    ==== System Specs (Software) ======================

    Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

    Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Default Browser: Google Chrome 37.0.2062.103

    Internet Explorer Version: 11.0.9600.17280

    Google Chrome version: 37.0.2062.103

    Sun Java version: 1.7.0_67 (32-bit)

    Shockwave Player version: 12.0.7r148

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    ====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

    2014-09-10 12:47:24 40395C175553CB14D2050888EFCCDF00 4961800 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\vcredist_x64.exe

    2014-09-10 12:47:08 CD5E46297DE66DFF69EDC00499068EA8 5601864 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\BackupSetup.exe

    2014-09-10 12:46:40 A18619F83A740496491E6F631E9CF30B 2827776 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\294823_.exe

    2014-09-10 12:46:38 E0B4EE4D795034D6FDE6800949D41265 409088 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\post1.exe

    2014-09-10 12:46:38 6E2E0C1D936C4BCACE2C858647BA4A07 86528 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\post2.dll

    2014-09-10 12:46:38 43C21DC5BE55B27A8859C287FD800654 98304 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\post2.exe

    ====== Java Cache =====

    ====== C:\Windows\SysWOW64 =====

    2014-09-10 13:41:03 297EF1AB73B8FCE76BCA1365C2E49AFC 440320 —-a-w- C:\Windows\SysWOW64\ieui.dll

    2014-09-10 13:41:02 E3D7B3F64C30994409BDF8E48048A854 2724864 —-a-w- C:\Windows\SysWOW64\mshtml.tlb

    2014-09-10 13:41:02 6DD476318F524D2DCB73AFEB2EE27B4A 61952 —-a-w- C:\Windows\SysWOW64\MshtmlDac.dll

    2014-09-10 13:41:01 84E96F4AF8A7748A3DE7C3EBBC6768E5 365056 —-a-w- C:\Windows\SysWOW64\dxtmsft.dll

    2014-09-10 13:41:01 42F6F28D4885505F687CAF0459FF9F90 112128 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe

    2014-09-10 13:41:00 010DFAF3EF93994B805BAA1493D47973 243200 —-a-w- C:\Windows\SysWOW64\dxtrans.dll

    2014-09-10 13:40:59 D603AC77E17E5B9583E382F2EE0381A7 43008 —-a-w- C:\Windows\SysWOW64\jsproxy.dll

    2014-09-10 13:40:59 CC8F34B345DA638D77BB48C035DA628D 164864 —-a-w- C:\Windows\SysWOW64\msrating.dll

    2014-09-10 13:40:59 AA595171932ACC79DA9851067DCBDABF 32768 —-a-w- C:\Windows\SysWOW64\iernonce.dll

    2014-09-10 13:40:59 8D4FCAB2643DFEF68040B70F1EDCCBC5 327872 —-a-w- C:\Windows\SysWOW64\iedkcs32.dll

    2014-09-10 13:40:59 7C3D593AB1E2F5E5687D97772EF99AC7 61952 —-a-w- C:\Windows\SysWOW64\iesetup.dll

    2014-09-10 13:40:59 4F2EDC301EC63F803C0FDB6CC87EDA24 454656 —-a-w- C:\Windows\SysWOW64\vbscript.dll

    2014-09-10 13:40:59 13C2C87C35E52AAB1B439FB2E26DF2DE 69632 —-a-w- C:\Windows\SysWOW64\mshtmled.dll

    2014-09-10 13:40:59 074646C5A979DE79133DE4A8530A9C5D 603136 —-a-w- C:\Windows\SysWOW64\msfeeds.dll

    2014-09-10 13:40:58 77F79126444896B5867E6761490735B8 60416 —-a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

    2014-09-10 13:40:58 2E2E40E5D92EEA979548E307C5781038 597504 —-a-w- C:\Windows\SysWOW64\jscript9diag.dll

    2014-09-10 13:40:57 88EBB8526981D03C5777AB0A4AEBA8B4 1068032 —-a-w- C:\Windows\SysWOW64\mshtmlmedia.dll

    2014-09-10 13:40:57 5074835337862817DB3726558D0908DE 51200 —-a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

    2014-09-10 13:40:57 1D8C086A39B9794D7131384586811B25 678400 —-a-w- C:\Windows\SysWOW64\ieapfltr.dll

    2014-09-10 13:40:55 FD96C05DE700F5FD26273D6DDB6495A7 2185728 —-a-w- C:\Windows\SysWOW64\iertutil.dll

    2014-09-10 13:40:55 D58988722C72D265B51A54103DFC2C6F 1812992 —-a-w- C:\Windows\SysWOW64\wininet.dll

    2014-09-10 13:40:54 77B7DDF91F3ED2CDB6CF60224EE13433 4232704 —-a-w- C:\Windows\SysWOW64\jscript9.dll

    2014-09-10 13:40:54 6A3A809CA7A8F40C89E6F1D301898A66 2014208 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl

    2014-09-10 13:40:54 41010A88B70A2168F801DC19EBD4CB4F 1190400 —-a-w- C:\Windows\SysWOW64\urlmon.dll

    2014-09-10 13:40:53 A3560FAFC1686D5EE9830B33B5C74B66 11769856 —-a-w- C:\Windows\SysWOW64\ieframe.dll

    2014-09-10 13:40:53 7BF1CE9240CB9DD27C3E30733176EB8E 17455104 —-a-w- C:\Windows\SysWOW64\mshtml.dll

    2014-09-10 13:28:29 2413D2216D08FAF7D7178D9E0B481AEB 2285056 —-a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll

    2014-09-10 12:11:12 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 —-a-w- C:\Windows\SysWOW64\TSWorkspace.dll

    2014-09-10 12:10:21 79896A78039C9A63C56197843CFBAD0B 1987584 —-a-w- C:\Windows\SysWOW64\d3d10warp.dll

    2014-09-10 12:10:10 1B85FA0D0A93C011B76678733F39DB6C 550912 —-a-w- C:\Windows\SysWOW64\kerberos.dll

    2014-09-10 12:10:09 B094390B6B2D0456821384771020870B 22016 —-a-w- C:\Windows\SysWOW64\secur32.dll

    2014-09-10 12:10:09 10826DA2FC073702AEAB93AF3D73B066 96768 —-a-w- C:\Windows\SysWOW64\sspicli.dll

    ====== C:\Windows\SysWOW64\drivers =====

    ====== C:\Windows\Sysnative =====

    2014-09-10 13:41:03 9EFF09364ABDC86770FA0B1BCC9CA3C3 596480 —-a-w- C:\Windows\Sysnative\ieui.dll

    2014-09-10 13:41:02 1BE1D1942825BE2146941DA274D2B92F 2724864 —-a-w- C:\Windows\Sysnative\mshtml.tlb

    2014-09-10 13:41:01 EF79F0B9E0F277F5797C475DF4248B97 83968 —-a-w- C:\Windows\Sysnative\MshtmlDac.dll

    2014-09-10 13:41:01 EE6B22396FA99639A163B1B7E9736669 4096 —-a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

    2014-09-10 13:41:01 A0600300428AB73664050659E738F11F 33792 —-a-w- C:\Windows\Sysnative\iernonce.dll

    2014-09-10 13:41:01 4CF33E458BAEDA917CAE9F2E8338479C 446464 —-a-w- C:\Windows\Sysnative\dxtmsft.dll

    2014-09-10 13:41:01 305D5395A65D00C74A94AEA40E9909E9 758272 —-a-w- C:\Windows\Sysnative\jscript9diag.dll

    2014-09-10 13:41:01 2D95BDB699FA1D531B642EA18464FE05 139264 —-a-w- C:\Windows\Sysnative\ieUnatt.exe

    2014-09-10 13:41:01 0113777A28BEC88A50C2566F346E4B58 72704 —-a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll

    2014-09-10 13:41:00 786ECD92C9D77F571134283E0FABAF1A 289280 —-a-w- C:\Windows\Sysnative\dxtrans.dll

    2014-09-10 13:41:00 641068C626DE3AD348871D0D7931A3FA 547328 —-a-w- C:\Windows\Sysnative\vbscript.dll

    2014-09-10 13:40:59 E76C23C71345ACBC65ED8F6E87AD01D1 195584 —-a-w- C:\Windows\Sysnative\msrating.dll

    2014-09-10 13:40:59 C07D636B0237172345E68AE8B70A2984 51200 —-a-w- C:\Windows\Sysnative\jsproxy.dll

    2014-09-10 13:40:59 C067D863FCD53B91A5BF78AE1CE88E54 85504 —-a-w- C:\Windows\Sysnative\mshtmled.dll

    2014-09-10 13:40:59 A1BB4CFB25F7CE1D4F67DD71111823AA 374968 —-a-w- C:\Windows\Sysnative\iedkcs32.dll

    2014-09-10 13:40:59 68B0077C0D09D1B669A260F2921FD6B9 66048 —-a-w- C:\Windows\Sysnative\iesetup.dll

    2014-09-10 13:40:59 33BAC6F66DB5FE5F7E20D41B025F490E 707072 —-a-w- C:\Windows\Sysnative\ie4uinit.exe

    2014-09-10 13:40:59 2AEFBA4339A34C8EF021B49D23D1F1DF 727040 —-a-w- C:\Windows\Sysnative\msfeeds.dll

    2014-09-10 13:40:58 920BD93A0B64657A20CA66C2EBB167EA 23591424 —-a-w- C:\Windows\Sysnative\mshtml.dll

    2014-09-10 13:40:57 698C19E198F832E071778A1427E942C8 111616 —-a-w- C:\Windows\Sysnative\ieetwcollector.exe

    2014-09-10 13:40:57 5A0C72B9D3CCA42D8AB74890C19443B2 940032 —-a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

    2014-09-10 13:40:57 4C8838D7C13E9080AF4B548CA791896B 1249280 —-a-w- C:\Windows\Sysnative\mshtmlmedia.dll

    2014-09-10 13:40:57 227303FC6E95547EA274F4337BBC7278 48640 —-a-w- C:\Windows\Sysnative\ieetwproxystub.dll

    2014-09-10 13:40:57 1439630B47D717960D59423958754394 775168 —-a-w- C:\Windows\Sysnative\ieapfltr.dll

    2014-09-10 13:40:55 F6304AACC5744016770C8C797CAA2AF7 5833728 —-a-w- C:\Windows\Sysnative\jscript9.dll

    2014-09-10 13:40:55 75498A52C2AE248DEE5BDF5209768963 2793984 —-a-w- C:\Windows\Sysnative\iertutil.dll

    2014-09-10 13:40:55 39EBB9708453036A74C30C9A294023FF 2310656 —-a-w- C:\Windows\Sysnative\wininet.dll

    2014-09-10 13:40:54 FECA80905D551074E1A9298BD98103B7 1447424 —-a-w- C:\Windows\Sysnative\urlmon.dll

    2014-09-10 13:40:54 97752927B6E2401011A96E0D6082E403 2104832 —-a-w- C:\Windows\Sysnative\inetcpl.cpl

    2014-09-10 13:40:53 BA56C68CCB912C4C08C97DD32C47AD31 13588480 —-a-w- C:\Windows\Sysnative\ieframe.dll

    2014-09-10 13:28:29 3469B9FAE899139FEE7356E91693376A 2777088 —-a-w- C:\Windows\Sysnative\msmpeg2vdec.dll

    2014-09-10 12:11:12 EFF3FF9D9E5BFD2A05390D959A1C3AD0 1031168 —-a-w- C:\Windows\Sysnative\TSWorkspace.dll

    2014-09-10 12:10:22 224C2EEBAAF39CD93DE5332DBE5E5A95 2565120 —-a-w- C:\Windows\Sysnative\d3d10warp.dll

    2014-09-10 12:10:10 33EF550DCCC58C93F5B65FD75BAD9832 728064 —-a-w- C:\Windows\Sysnative\kerberos.dll

    2014-09-10 12:10:09 EE4B105F1DBE1E864AFC72E7F0315432 1460736 —-a-w- C:\Windows\Sysnative\lsasrv.dll

    2014-09-10 12:10:07 E2BCB58869598B392D6A78953F61A2D9 578048 —-a-w- C:\Windows\Sysnative\aepdu.dll

    2014-09-10 12:10:06 88BC88D0BDFB6BBE5765D5ABB233C110 424448 —-a-w- C:\Windows\Sysnative\aeinv.dll

    ====== C:\Windows\Sysnative\drivers =====

    2014-09-11 16:45:49 8A50D5304E6AE48664CF5838EC32F647 122584 —-a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

    2014-09-11 16:45:32 F92B0E478C0FAA6D6661E6E977247E60 25816 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys

    2014-09-11 16:45:32 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 —-a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

    2014-09-11 16:45:32 15E8ABC06843672955CE26A009533BAD 63704 —-a-w- C:\Windows\Sysnative\drivers\mwac.sys

    2014-09-10 12:46:45 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_webinstr_01009.Wdf

    2014-08-26 12:21:59 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    2014-08-14 03:55:10 87CE5C8965E101CCCED1F4675557E868 985536 —-a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

    ====== C:\Windows\Tasks ======

    2014-09-10 12:54:36 56FE221438BCEA62AB7814CA6DE52F67 3160 —-a-w- C:\Windows\Sysnative\Tasks\{AB697402-CC41-4180-9CB9-A8CA315FF413}

    2014-09-10 12:46:35 587FCE85A4FC36D3B31D68CA48EDBDF8 3142 —-a-w- C:\Windows\Sysnative\Tasks\Update Service YourFileDownloader

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    2014-09-11 06:52:24 ——– d—–w- C:\Program Files\trend micro

    ======= C:\PROGRA~2 =====

    2014-08-27 10:26:26 ——– d—–w- C:\PROGRA~2\COMMON~1\Skype

    2014-08-13 14:03:21 ——– d–h–w- C:\PROGRA~2\COMMON~1\EAInstaller

    2014-08-13 13:18:05 ——– d—–w- C:\PROGRA~2\Origin Games

    2014-08-13 13:11:19 ——– d—–w- C:\PROGRA~2\Origin

    ======= C: =====

    2014-09-11 06:44:17 33C257DE4062FE6DD2462E4D6B3CB2C5 1059 —-a-w- C:\malware.txt

    ====== C:\Users\Gebruiker\AppData\Roaming ======

    2014-09-10 12:47:48 ——– d—–w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gebruiker\AppData\Local\Torch

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gebruiker\AppData\Local\Programs

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gebruiker\AppData\Local\Comodo

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gebruiker\AppData\Local\Chromatic Browser

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gast\AppData\Local\Torch

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gast\AppData\Local\Google

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gast\AppData\Local\Comodo

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gast\AppData\Local\Chromatic Browser

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Administrator\AppData\Local\Torch

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Administrator\AppData\Local\Google

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Administrator\AppData\Local\Comodo

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Administrator\AppData\Local\Chromatic Browser

    2014-08-13 13:17:15 ——– d—–w- C:\Users\Gebruiker\AppData\Roaming\Origin

    2014-08-13 13:17:14 ——– d—–w- C:\Users\Gebruiker\AppData\Local\Origin

    ====== C:\Users\Gebruiker ======

    2014-09-11 16:37:48 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Gebruiker\Downloads\mbam-setup-2.0.2.1012 (1).exe

    2014-09-11 06:52:00 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 —-a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe

    2014-09-11 06:26:04 E90BF9E1562F40140161573B79CD5720 17292760 —-a-w- C:\Users\Gebruiker\Downloads\mbam-setup-2.0.2.1012.exe

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Gast\AppData

    2014-09-10 12:46:52 ——– d—–w- C:\Users\Administrator\AppData

    2014-09-10 12:46:42 02C1EE40968BAA67C3A785CDA9807125 262 –sha-r- C:\ProgramData\ntuser.pol

    2014-09-02 06:49:05 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X

    2014-09-02 06:48:20 26BA4F42F5898878ED34E78735DAB6EF 11156176 —-a-w- C:\Users\Gebruiker\Downloads\photofiltre-10.8 .exe

    2014-09-02 06:46:58 7735822FB986D8CB5B4386A6701E307A 739928 —-a-w- C:\Users\Gebruiker\Downloads\photofiltre-10.8.exe

    2014-08-13 14:03:24 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4 Creëer-een-Sim Demo

    2014-08-13 13:11:21 ——– d—–w- C:\ProgramData\Origin

    2014-08-13 13:11:21 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

    2014-08-13 13:11:21 ——– d—–w- C:\ProgramData\Electronic Arts

    ====== C: exe-files ==

    2014-09-11 06:52:25 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Gebruiker.exe

    2014-09-10 13:41:03 4DABFE3A9D3C67E9D9AD83C7F8FAD855 222720 —-a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe

    2014-09-10 13:41:02 ED689CF5DA7A0374D2A8E3A8550522F7 483328 —-a-w- C:\Program Files\Internet Explorer\ieinstal.exe

    2014-09-10 13:41:02 665256B575BF83E4B188BE73450C5C29 470016 —-a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

    2014-09-10 13:41:02 0D75A74E925F00D9F256F6A53733DAF8 222720 —-a-w- C:\Program Files\Internet Explorer\ielowutil.exe

    2014-09-10 13:40:54 EEA63B8CF19E59C4A51AD2D9A59DDA25 812216 —-a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

    2014-09-10 13:40:54 9540F3F5489747E71101E8AC9850CC79 810168 —-a-w- C:\Program Files\Internet Explorer\iexplore.exe

    2014-09-10 12:47:24 40395C175553CB14D2050888EFCCDF00 4961800 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\vcredist_x64.exe

    2014-09-10 12:47:08 CD5E46297DE66DFF69EDC00499068EA8 5601864 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\BackupSetup.exe

    2014-09-10 12:46:40 A18619F83A740496491E6F631E9CF30B 2827776 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\294823_.exe

    2014-09-10 12:46:38 E0B4EE4D795034D6FDE6800949D41265 409088 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\post1.exe

    2014-09-10 12:46:38 43C21DC5BE55B27A8859C287FD800654 98304 —-a-w- C:\Users\Gebruiker\AppData\Local\Temp\post2.exe

    2014-09-05 22:53:34 868B37009E604AD7737B9428D708DACD 10549296 —-a-w- C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe

    2014-09-05 18:12:02 25BE9728FBC6BE4F3AE2E674DA9E92EE 10656304 —-a-w- C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe

    2014-09-04 17:43:20 2FB742C226D0474202D28A5724E6CA4B 7235664 —-a-w- C:\Program Files (x86)\Google\Update \Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.103\37.0.2062.103_36.0.1985.143_chrome_updater.exe

    === C: other files ==

    ==== Startup Registry Enabled ======================

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”

    “BitTorrent”=“C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED”

    “RESTART_STICKY_NOTES”=“C:\Windows\System32\StikyNot.exe”

    “EADM”=“C:\Program Files (x86)\Origin\Origin.exe -AutoStart”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “HDAudDeck”=“C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r”

    “StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”

    “DivXMediaServer”=“C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe”

    “DivXUpdate”=“C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW”

    “SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\Direct3DVideoOutput.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\Direct3DVideoOutput.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectShowAudioDecode.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectShowAudioDecode.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectSoundAudioOutput.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectSoundAudioOutput.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DivXDeinterlaceFilter.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DivXDeinterlaceFilter.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DFXAudioTransform.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DFXAudioTransform.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll,DllRegisterServer”

    “B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll”=“C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll,DllRegisterServer”

    “Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”

    “BitTorrent”=“C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED”

    “RESTART_STICKY_NOTES”=“C:\Windows\System32\StikyNot.exe”

    “EADM”=“C:\Program Files (x86)\Origin\Origin.exe -AutoStart”

    ==== Startup Registry Enabled x64 ======================

    “MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf2ab477afdd26.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\SysNative\tasks\CCleanerSkipUAC”

    “C:\Windows\SysNative\tasks\CreateChoiceProcessTask”

    “C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore”

    “C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf2ab477afdd26”

    “C:\Windows\SysNative\tasks\Update Service YourFileDownloader”

    ==== Folders in C:\PROGRA~3 0-6 Months Old ======================

    2014-06-02 15:04:02 ——– d—–w- C:\PROGRA~3\FileCure

    2014-08-13 13:11:21 ——– d—–w- C:\PROGRA~3\Electronic Arts

    2014-08-13 13:11:21 ——– d—–w- C:\PROGRA~3\Origin

    2014-09-11 06:29:19 ——– d—–w- C:\PROGRA~3\Malwarebytes

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    bakijjialdiiboeaknfpmflphhmljfkd - No path found

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

    bakijjialdiiboeaknfpmflphhmljfkd - No path found

    cosstminn - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Administrator\AppData\Local\Torch\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gast\AppData\Local\Torch\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gebruiker\AppData\Local\Chromatic Browser\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    Google Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

    Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

    YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    Warrior Girl - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbngkgeakdhomabndkmfcjijooohmpff

    Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    cosstminn - Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    cosstminn - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm

    ==== Chromium Startpages ======================

    C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences

    “homepage”: “http://istart.webssearches.com/?type=hp&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB”,

    “startup_urls”: ,

    ==== Chromium Fix ======================

    C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

    C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

    C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gebruiker\AppData\Local\Chromatic Browser\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gebruiker\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gebruiker\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    C:\Users\Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\agdhbodlfhplalekojkmpdbgddfpbjbm deleted successfully

    ==== Set IE to Default ======================

    Old Values:

    “Search Page”=“http://istart.webssearches.com/web/?type=ds&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB&q={searchTerms}”

    “Search Page”=“http://istart.webssearches.com/web/?type=ds&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB&q={searchTerms}”

    “DefaultScope”=“{31090377-0740-419E-BEFC-A56E50500D5B}”

    not found

    New Values:

    “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

    “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

    “DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {012E1000-F331-11DB-8314-0800200C9A66} Google Url=“http://www.google.com/search?q={searchTerms}”

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”

    ==== shortcuts on Users Desktops ======================

    C:\Users\Gebruiker\Desktop\BitTorrent.lnk - C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe

    C:\Users\Gebruiker\Desktop\Bookworm Deluxe - kopie.lnk - C:\Zylom Games\Bookworm Deluxe\Bookworm.exe

    C:\Users\Gebruiker\Desktop\Bookworm Deluxe.lnk - C:\Zylom Games\Bookworm Deluxe\Bookworm.exe

    C:\Users\Gebruiker\Desktop\DivX Movies.lnk - C:\Users\Gebruiker\Videos\DivX Movies

    C:\Users\Gebruiker\Desktop\zoek (1) - Snelkoppeling.lnk - C:\Users\Gebruiker\Downloads\zoek (1).exe

    ==== shortcuts on All Users Desktop ======================

    C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

    C:\Users\Public\Desktop\De Sims 4 Creëer-een-Sim Demo.lnk -

    C:\Users\Public\Desktop\Diablo III.lnk - C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe

    C:\Users\Public\Desktop\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe

    C:\Users\Public\Desktop\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe

    C:\Users\Public\Desktop\FlvPlayer.lnk - C:\Users\Gebruiker\AppData\Roaming\FlvPlayer\FlvPlayerApp.exe

    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    C:\Users\Public\Desktop\HD VDeck.lnk - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

    C:\Users\Public\Desktop\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe

    C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch

    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware\mbam.exe

    C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe

    C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

    C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

    C:\Users\Public\Desktop\World of Warcraft.lnk - C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe

    ==== shortcuts in Users Start Menu ======================

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games\337 GAMES.lnk - C:\Users\Gebruiker\AppData\Roaming\337Games\337Games.exe -url=“http://goo.mx/aEBnEf”

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\337Games\uninstall.lnk - C:\Users\Gebruiker\AppData\Roaming\337Games\uninstall.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    ==== shortcuts in All Users Start Menu ======================

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4 Creëer-een-Sim Demo\De Sims 4 Creëer-een-Sim Demo.lnk -

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4 Creëer-een-Sim Demo\Leesmij.lnk -

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4 Creëer-een-Sim Demo\Licentieovereenkomst voor eindgebruikers van De Sims 4 Creëer-een-Sim Demo.lnk -

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4 Creëer-een-Sim Demo\Technische ondersteuning.lnk -

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\De Sims™ 4 Creëer-een-Sim Demo.lnk -

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware\mbam.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware\unins000.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Users\Gebruiker\Desktop\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin verwijderen.lnk - C:\Program Files (x86)\Origin\OriginUninstall.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin-foutrapportage.lnk - C:\Program Files (x86)\Origin\OriginER.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X\PhotoFiltre Studio information.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\PhotoFiltre Studio.htm

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X\PhotoFiltre Studio X.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X\PhotoMasque information.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\PhotoMasque.htm

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X\Uninstall PhotoFiltre Studio X.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\Uninst.exe

    ==== shortcuts in Quick Launch ======================

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Search Tool v5.lnk - C:\Users\Gebruiker\Downloads\zoek.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1410353210&from=exp&uid=ST1000DM003-1CH162_S1DEE6YBXXXXS1DEE6YB

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search Tool v5.lnk - C:\Users\Gebruiker\Downloads\zoek (1).exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

    ==== shortcuts After Repair ======================

    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully

    ==== HijackThis Entries ======================

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\Direct3DVideoOutput.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectShowAudioDecode.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DirectSoundAudioOutput.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DivXDeinterlaceFilter.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DSEPlugins\DFXAudioTransform.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll”,DllRegisterServer

    O4 - HKLM\..\RunOnce: “C:\Windows\system32\rundll32.exe” “C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll”,DllRegisterServer

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun

    O4 - HKCU\..\Run: “C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe” /MINIMIZED

    O4 - HKCU\..\Run: C:\Windows\System32\StikyNot.exe

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Origin\Origin.exe” -AutoStart

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O11 - Options group: Accelerated graphics

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBFCF5BU will be deleted at reboot

    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKVLQOCX will be deleted at reboot

    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMA33RF will be deleted at reboot

    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLBKVNSZ will be deleted at reboot

    ==== Empty FireFox Cache ======================

    No FireFox Profiles found

    ==== Empty Chrome Cache ======================

    C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    No Flash Cache Found

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=95 folders=44 9161202 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\Gebruiker\AppData\Local\Temp will be emptied at reboot

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    “C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBFCF5BU” not found

    “C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKVLQOCX” not found

    “C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQMA33RF” not found

    “C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLBKVNSZ” not found

    ==== EOF on do 11-09-2014 at 19:51:37,05 ======================

  • Ben

    Hallo,

    Voer zoek.exe nogmaals uit met de volgende code;

    C:\Users\Gebruiker\AppData\Local\Torch;fs

    C:\Users\Gebruiker\AppData\Local\Programs;fs

    C:\Users\Gebruiker\AppData\Local\Comodo;fs

    C:\Users\Gebruiker\AppData\Local\Chromatic Browser;fs

    C:\Users\Gast\AppData\Local\Torch;fs

    C:\Users\Gast\AppData\Local\Google;fs

    C:\Users\Gast\AppData\Local\Comodo;fs

    C:\Users\Gast\AppData\Local\Chromatic Browser;fs

    C:\Users\Administrator\AppData\Local\Torch;fs

    C:\Users\Administrator\AppData\Local\Google;fs

    C:\Users\Administrator\AppData\Local\Comodo;fs

    C:\Users\Administrator\AppData\Local\Chromatic Browser;fs

    C:\Users\Gebruiker\AppData\Roaming\Origin;fs

    C:\Users\Gebruiker\AppData\Local\Origin;fs

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.