Volledige versie bekijken : Sharkmancoupon
Sofiekebieke 17 October 2014, 13:57 Hallo,
ik zit met Sharkmancoupon op mijn computer, weet niet hoe ik eraan geraakt ben , maar wordt regelmatig naar andere websites doorgeleid. Kunnen jullie me helpen om deze te verwijderen?
Heb al geprobeerd met malwarebytes.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:26, on 17/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox .exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.e xe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\GrabIt\GrabIt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
E:\1TB schijf 2014\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://services.freshy.com/general/newhometab.php?hometab=home&partner=10985&guid={31287CE2-04B4-4530-A902-9E1AE8F40FE4}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - Startup: Dropbox.lnk = Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\citrix\icacli~1\rshook.dll
O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: devolo Network Service (DevoloNetworkService) - devolo AG - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: NETGEAR A6200 Service (WNDA6200) - Unknown owner - C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
--
End of file - 16530 bytes
Rosty 17 October 2014, 22:52 Download http://filepony.de/icon/tiny/adwcleaner.png AdwCleaner (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode naar het bureaublad.
Sluit alle openstaande vensters. Dubbelklik op AdwCleaner om hem te starten. Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren, Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren. Klik vervolgens op Scan. Klik vervolgens op Clean als er items zijn gevonden. Klik bij Herstarten Noodzakelijk op OK
Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt
Sofiekebieke 18 October 2014, 19:18 # AdwCleaner v4.000 - Rapport aangemaakt 18/10/2014 op 19:15:36
# DB v2014-10-17.9
# Laatste Update 12/10/2014 door Xplode
# Besturingssysteem : Windows 7 Professional Service Pack 1 (64 bits)
# Gebruikersnaam : Admin - PC_I7
# Gestart vanuit : E:\1TB schijf 2014\Downloads\adwcleaner_4.000.exe
# Optie : Verwijderen
***** [ Services ] *****
***** [ Bestanden / Mappen ] *****
[x] Geen Verwijderd : C:\Users\Admin\AppData\LocalLow\HPAppData
Map Verwijderd : D:\Mijn documenten\Optimizer Pro
Map Verwijderd : C:\ProgramData\SharkManCoupon
Map Verwijderd : C:\ProgramData\surfkueepit
Map Verwijderd : C:\Program Files (x86)\surfkueepit
Bestand Verwijderd : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\extensions\user.js
Bestand Verwijderd : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Bestand Verwijderd : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Taken ] *****
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\surefkueepit.surefkueepit
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\surefkueepit.surefkueepit.8. 1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\realdeeal.realdeeal
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\realdeeal.realdeeal.1.9
Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{0DE5CE23-1424-485D-A2A2-C856E8908C9B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3075212B-20BD-70CB-AF5D-2A3E0B2AB72A}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{0DE5CE23-1424-485D-A2A2-C856E8908C9B}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{3075212B-20BD-70CB-AF5D-2A3E0B2AB72A}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{0DE5CE23-1424-485D-A2A2-C856E8908C9B}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{3075212B-20BD-70CB-AF5D-2A3E0B2AB72A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{0DE5CE23-1424-485D-A2A2-C856E8908C9B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{3075212B-20BD-70CB-AF5D-2A3E0B2AB72A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{0DE5CE23-1424-485D-A2A2-C856E8908C9B}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{3075212B-20BD-70CB-AF5D-2A3E0B2AB72A}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\Optimizer Pro
Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Verwijderd : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Sleutel Verwijderd : HKLM\SOFTWARE\Conduit
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Conduit
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [5865 octets] - [14/08/2014 22:35:48]
AdwCleaner[R1].txt - [5824 octets] - [18/10/2014 19:12:20]
AdwCleaner[S0].txt - [5850 octets] - [14/08/2014 22:36:39]
AdwCleaner[S1].txt - [5638 octets] - [18/10/2014 19:15:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5698 octets] ##########
Rosty 19 October 2014, 09:55 Download http://www.imgdumper.nl/uploads6/51a46ae43005e/51a46ae42d560-malwarebytes_anti_malware.png MalwareBytes Anti-Malware (http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.0.1000.exe) bij voorkeur naar het bureaublad.
Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten. Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren (http://www.pcwebplus.nl/phpbb/viewtopic.php?p=97064#p97064).
Klik vervolgens bovenin het scherm op Scan. Kies vervolgens de Aangepaste scan en klik op Scan nu.
Plaats vervolgens een vinkje bij de optie Scan naar rootkits. Selecteer in het rechter venster alle aanwezige harde schijven en partities. Klik vervolgens op de knop Start scan om de aangepaste uit te voeren. Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn. De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van. Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee. Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt). Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan. Dit bestand zal standaard op uw bureaublad worden opgeslagen.
http://www.imgdumper.nl/uploads7/532aab1576c64/532aab157609a-MBAM-Scan.png
Plaats de log van MBAM in je volgende post.
Sofiekebieke 20 October 2014, 16:37 Malwarebytes Anti-Malware
www.malwarebytes.org (http://www.malwarebytes.org)
Scandatum: 20/10/2014
Scantijd: 15:07:55
Logbestand: scan 20102014.txt
Beheerder: Ja
Versie: 2.00.3.1025
Malwaredatabase: v2014.10.19.07
Rootkitdatabase: v2014.10.17.01
Licentie: Premium
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Admin
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 385854
Verstreken Tijd: 7 m, 44 s
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
Registerwaardes: 0
(Geen kwaadaardige items gedetecteerd)
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
(end)
Sofiekebieke 20 October 2014, 16:42 Lijkt me vrij maar toch krijg ik op invulvelden een link zoals deze als ik erop klik. Opgepast, vraagt om te installeren of op te slaan.
Sofiekebieke 25 October 2014, 13:11 Ik zit nog steeds met iets, overal staan "links" bij. Als ik op een link klik op een website gaat er eerst een reclame pagina open.
Rosty 26 October 2014, 11:50 Post eens een nieuw HijackThis logje aub.
Sofiekebieke 31 October 2014, 22:20 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:54, on 31/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox .exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.e xe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
E:\1TB schijf 2014\Downloads\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [WSHelperSetup.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_15_ 0_0_167_ActiveX.exe -update activex
O4 - Startup: Dropbox.lnk = Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\citrix\icacli~1\rshook.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: devolo Network Service (DevoloNetworkService) - devolo AG - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Seagate MobileBackup Service - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: NETGEAR A6200 Service (WNDA6200) - Unknown owner - C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
--
End of file - 15188 bytes
Rosty 2 November 2014, 17:57 Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk
Download zoek.exe (http://hijackthis.nl/smeenk/) naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5401) of hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5402)) kan je lezen hoe je dat doet.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
startupall;
filesrcm;
Vink nu de onderstaande opties aan.
Standaard Search
Auto Clean
Running processes
Empty All Temp
Recently Created
Firefox Look
Chrome Look
Reset Chrome
Reset Hosts
emptyclsid
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.[/code]
Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk
Download zoek.exe (http://hijackthis.nl/smeenk/) naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5401) of hier (http://www.pcwebplus.nl/phpbb/viewtopic.php?f=231&t=5402)) kan je lezen hoe je dat doet.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
startupall;
filesrcm;
Vink nu de onderstaande opties aan.
[list]
Standaard Search
Auto Clean
Running processes
Empty All Temp
Recently Created
Firefox Look
Chrome Look
Reset Chrome
Reset Hosts
emptyclsid
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.[/list
Sofiekebieke 3 November 2014, 21:08 Zoek.exe v5.0.0.0 Updated 03-November-2014
Tool run by Admin on ma 03/11/2014 at 19:47:37,96.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\1TB schijf 2014\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]
==== Older Logs ======================
C:\zoek-results2014-11-03-175731.log 16314 bytes
C:\zoek-results2014-11-03-180918.log 21759 bytes
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\afasrv64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe
C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox .exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.e xe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_ 0_0_189_ActiveX.exe
E:\1TB schijf 2014\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Admin\AppData\Local\Temp ====
2014-11-03 18:12:00 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_e xt.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjpku1t.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-25 19:43:52 11996C1FD2D437347654E660DE9144A7 609240 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe
2014-10-25 19:41:31 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-26 10:17:50 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-10-26 10:17:49 2147C5330F983D76A36B73F4A804F778 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2014-10-25 19:43:19 B55FA6AD6C4A74AFC85433490E97C0DE 3826628 ----a-w- C:\Windows\Sysnative\nvcoproc.bin
2014-10-25 19:41:31 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2014-10-25 19:41:31 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-25 19:41:32 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-10-17 09:15:55 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-16 10:22:06 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 10:22:02 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Admin\AppData\Roaming ======
2014-10-25 19:58:21 4352D88A78AA39750BF70CD6F27BCAA5 4 ----a-w- C:\Users\Admin\AppData\Roaming\appdataFr2.bin
2014-10-15 14:20:24 3F784960D883E07B7BB34814FFDED261 110688 ----a-w- C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\GDIPFONTCACHEV1.DAT
2014-10-07 18:23:28 -------- d-----w- C:\Users\Admin\AppData\Local\sabnzbd
====== C:\Users\Admin ======
2014-10-25 20:12:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
====== C: exe-files ==
=== C: other files ==
2014-11-03 18:02:17 EAEEA223DD0C5672DDDF88D14506E098 456886 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\CLSDWK9E\silverlightmediaele ment[1].zip
2014-11-03 18:01:47 81092F7AF3400291C02CAB6E54D61B71 172220 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\CGI4AW91\RegisterDevice[1].zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-4162061662-3345863227-1776897274-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"
"WSHelperSetup.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WSHelperSetup.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"
"WSHelperSetup.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\citrix\\icacli~1\\rshook.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"GENIE"="C:\Program Files (x86)\NETGEAR\A6200\A6200.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\Ki esPDLR.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="ApnTBMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AskPartnerNetwork\\Toolbar\\Updater\\TBNoti fier.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleIEDAV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AppleIEDAV"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\AppleIEDAV.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApplePhotoStreams"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="beid"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe\" /startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserPlugInHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="BrowserPlugInHelper"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Wondershare\\Video Converter Ultimate\\BrowserPlugInHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\com.apple.dav.bookmarks. daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="com.apple.dav.bookmarks.daemon"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\BookmarkDAV_client.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="DBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\DBAgent.exe\" /WinStart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="hpqSRMon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesAirMessage"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanuchApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LanuchApp"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\NETGEAR\\A6200\\LanuchApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolba rNotifier.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uploader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Uploader"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\Seagate.Dashboard.Uploader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USBestCR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USBestCR"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sitecom MD-020 SIM Editor\\iconcs11004138.exe RunFromReg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\Current Version\\Run"
"item"="Wondershare Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Sitecom Wireless Utility.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Sitecom Wireless Utility.lnk"
"backup"="C:\\Windows\\pss\\Sitecom Wireless Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Sitecom\\Common\\RaUI.exe -s"
"item"="Sitecom Wireless Utility"
==== Startup Folders ======================
2014-09-14 16:01:15 1046 ----a-w- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [01/11/2014 11:48]
C:\Windows\tasks\AutoKMSCustom.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [20/02/2013 14:51]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Admin DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe]
"C:\Windows\SysNative\tasks\AutoKMSCustom" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe]
"C:\Windows\SysNative\tasks\{52D18B42-EB86-4EFC-90BE-3F444C9BB6A4}" [C:\Users\Admin\Documents\nec_usb3_1.020.1\nec_usb3 _1.020.1\nec_usb3_1.020.1\nec_usb3_1.020.1.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpda te" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectio nPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Fi refox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensi ons]
"{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}"="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt" []
==== Firefox Extensions ======================
ExtDir: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pro files\extensions
- MP3 Rocket Downloader - %ExtDir%\mp3rocketdownloader@mp3rocket.me.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensio ns
chgdeabpmphfhkoemjjglmilajldekbp - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4162061662-3345863227-1776897274-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\dcc4ee87-6a34-4339-9241-34e0eee5fca0 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\G oogle deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chr ome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserPlugInHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks. daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\acrord32_sbx\Tem porary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1104 folders=91 244721434 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ma 03/11/2014 at 20:05:41,88 ======================
Rosty 4 November 2014, 20:18 En, nog problemen nu?
Sofiekebieke 4 November 2014, 20:21 Beste Rosty,
nee lijkt me volledig opgelost.
Mijn dochter heeft hetzelfde probleem. Volg ik dezelfde stappen, zonder logfiles te sturen naar jou?
Bedankt nog eens,
Rosty 5 November 2014, 18:33 Je mag dezelfde stappen volgen hoor voor je dochter. Maar post de logjes toch even ter controle.
Sofiekebieke 11 November 2014, 19:34 Beste Rosty, pc van mijn dochter
# AdwCleaner v4.101 - Rapport aangemaakt 11/11/2014 op 18:28:35
# Laatste Update 09/11/2014 door Xplode
# Database : 2014-11-10.9 [Live]
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Gebruikersnaam : Sofie - WINDOWS-OJS04FH
# Gestart vanuit : C:\Users\Sofie\Downloads\adwcleaner_4.101.exe
# Optie : Verwijderen
***** [ Services ] *****
Service Verwijderd : f1f78e38
[#] Service Verwijderd : globalUpdate
[#] Service Verwijderd : globalUpdatem
Service Verwijderd : {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw
***** [ Bestanden / Mappen ] *****
Map Verwijderd : C:\ProgramData\2308189059
Map Verwijderd : C:\ProgramData\WinSpeed
Map Verwijderd : C:\ProgramData\CoolSaleCoupon
Map Verwijderd : C:\ProgramData\SaveItCoupons
Map Verwijderd : C:\ProgramData\saVeitkeeeep
Map Verwijderd : C:\ProgramData\saviengitoyou
Map Verwijderd : C:\ProgramData\SavveerAddioen
Map Verwijderd : C:\ProgramData\soaFerwueba
Map Verwijderd : C:\ProgramData\1ca8fb9203e59f37
Map Verwijderd : C:\Program Files\globalUpdate
Map Verwijderd : C:\Program Files\predm
Map Verwijderd : C:\Program Files\ToggleMark
Map Verwijderd : C:\Program Files\HDPlus-V1.9
Map Verwijderd : C:\Program Files\di1BlockAndSurf
Map Verwijderd : C:\Users\Sofie\AppData\Local\globalUpdate
Map Verwijderd : C:\Users\Sofie\AppData\Roaming\OpenCandy
Map Verwijderd : C:\Users\Sofie\Documents\Optimizer Pro
Map Verwijderd : C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpapojfaigcamaeiljpgckpbeb cdhfkd
Bestand Verwijderd : C:\Windows\system32\\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw.sys
Bestand Verwijderd : C:\Users\Sofie\AppData\Roaming\aps.uninstall.scan. results
Bestand Verwijderd : C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
Bestand Verwijderd : C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
Bestand Verwijderd : C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Bestand Verwijderd : C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Taken ] *****
Taak Verwijderd : APSnotifierPP1
Taak Verwijderd : APSnotifierPP2
Taak Verwijderd : APSnotifierPP3
Taak Verwijderd : globalUpdateUpdateTaskMachineCore
Taak Verwijderd : globalUpdateUpdateTaskMachineUA
Taak Verwijderd : Optimizer Pro Schedule
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-1
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-11
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-2
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-3
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-4
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-5
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-5_user
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-6
Taak Verwijderd : c9d77c59-0ff5-4036-8806-71115fd01f45-7
***** [ Snelkoppelingen ] *****
***** [ Register ] *****
Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhk dhoafpjfnlhfpfgnpldfl
Sleutel Verwijderd : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcess LauncherMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcess LauncherMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebContr ol.4
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateA sync
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateA sync.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass .1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachi neClass
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachi neClass.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Credentia lDialogMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Credentia lDialogMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandC OMClassMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandC OMClassMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandC OMClassMachineFallback
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandC OMClassMachineFallback.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandC OMClassSvc
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandC OMClassSvc.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLa uncher
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLa uncher.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3CO MClassService
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3CO MClassService.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3We bMachine
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3We bMachine.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3We bMachineFallback
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3We bMachineFallback.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3We bSvc
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3We bSvc.1.0
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SaverAdadON.SaverAdadON
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SaverAdadON.SaverAdadON.4.7
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Safeurweb.Safeurweb
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Safeurweb.Safeurweb.1.8
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CoolSaleCoupon.CoolSaleCoupo n
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CoolSaleCoupon.CoolSaleCoupo n.9
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\.
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\..9
Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CrossriderApp0059570.BHO
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CrossriderApp0059570.BHO.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CrossriderApp0059570.Sandbox
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CrossriderApp0059570.Sandbox .1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8876C7E5-9B27-B1E9-4879-F674BE7A265A}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{94D6804E-24C4-CD71-FC27-9F871AB6DD79}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ae6297d9-0247-42c2-964d-ec015a8a6e84}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ba341327-0134-4191-b06b-9aee5ab1153e}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{be7bbe76-07d8-426e-928b-073417d6fc09}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951170}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952270}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955570}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956670}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954470}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8876C7E5-9B27-B1E9-4879-F674BE7A265A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{94D6804E-24C4-CD71-FC27-9F871AB6DD79}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{ae6297d9-0247-42c2-964d-ec015a8a6e84}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{ba341327-0134-4191-b06b-9aee5ab1153e}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{be7bbe76-07d8-426e-928b-073417d6fc09}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951170}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{8876C7E5-9B27-B1E9-4879-F674BE7A265A}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{94D6804E-24C4-CD71-FC27-9F871AB6DD79}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{ae6297d9-0247-42c2-964d-ec015a8a6e84}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{ba341327-0134-4191-b06b-9aee5ab1153e}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{be7bbe76-07d8-426e-928b-073417d6fc09}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{11111111-1111-1111-1111-110511951170}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{8876C7E5-9B27-B1E9-4879-F674BE7A265A}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{94D6804E-24C4-CD71-FC27-9F871AB6DD79}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{ae6297d9-0247-42c2-964d-ec015a8a6e84}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{ba341327-0134-4191-b06b-9aee5ab1153e}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{be7bbe76-07d8-426e-928b-073417d6fc09}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{11111111-1111-1111-1111-110511951170}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{8876C7E5-9B27-B1E9-4879-F674BE7A265A}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{94D6804E-24C4-CD71-FC27-9F871AB6DD79}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{ae6297d9-0247-42c2-964d-ec015a8a6e84}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{ba341327-0134-4191-b06b-9aee5ab1153e}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{be7bbe76-07d8-426e-928b-073417d6fc09}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Sleutel Verwijderd : HKCU\Software\AnyProtect
Sleutel Verwijderd : HKCU\Software\FreeSoftToday
Sleutel Verwijderd : HKCU\Software\GlobalUpdate
Sleutel Verwijderd : HKCU\Software\InstalledBrowserExtensions
Sleutel Verwijderd : HKCU\Software\Optimizer Pro
Sleutel Verwijderd : HKCU\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\TutoTag
Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\BlockAndSurf
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\HDPlus-V1.9
Sleutel Verwijderd : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Verwijderd : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Sleutel Verwijderd : HKLM\SOFTWARE\FreeSoftToday
Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate
Sleutel Verwijderd : HKLM\SOFTWARE\InstalledBrowserExtensions
Sleutel Verwijderd : HKLM\SOFTWARE\SearchProtect
Sleutel Verwijderd : HKLM\SOFTWARE\ToggleMark
Sleutel Verwijderd : HKLM\SOFTWARE\Tutorials
Sleutel Verwijderd : HKLM\SOFTWARE\HDPlus-V1.9
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{5F488658-35A7-2AB8-A756-560BA8F103C3}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{614925F9-841A-53FE-A28F-DC30FA07239B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{10A0E600-D246-BD63-F465-4C849C688998}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{A2616871-3463-BCEE-5AFA-73773317A381}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\HDPlus-V1.9
Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\spvc32 loader.dll
Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\winspeed\winspeed.dll
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Google Chrome v
[C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}
[C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Verwijderd [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Verwijderd [Extension] : kpapojfaigcamaeiljpgckpbebcdhfkd
[C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\preferences] - Verwijderd [Homepage] : hxxp://search.gboxapp.com/
*************************
AdwCleaner[R0].txt - [20509 octets] - [11/11/2014 18:27:06]
AdwCleaner[S0].txt - [18864 octets] - [11/11/2014 18:28:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18925 octets] ##########
Sofiekebieke 11 November 2014, 21:28 Malwarebytes Anti-Malware
www.malwarebytes.org (http://www.malwarebytes.org)
Scan Date: 11-11-2014
Scan Time: 18:38:53
Logfile: Malwarebytes log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.11.06
Rootkit Database: v2014.11.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Sofie
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 463284
Time Elapsed: 1 hr, 19 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 1
PUP.Optional.MultiPlug, C:\ProgramData\savernet\YagPNbosnzHFyf.dll, Delete-on-Reboot, [a97687b3bcc09b9bcb9cab13f30e8b75],
Registry Keys: 10
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{acd4925d-ca35-411a-a902-59da687db2e0}, Quarantined, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXP LORER\BROWSER HELPER OBJECTS\{ACD4925D-CA35-411A-A902-59DA687DB2E0}, Quarantined, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.MultiPlug, HKU\S-1-5-21-3656978789-4053311993-1158336851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SE TTINGS\{ACD4925D-CA35-411A-A902-59DA687DB2E0}, Quarantined, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.MultiPlug, HKU\S-1-5-21-3656978789-4053311993-1158336851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\ST ATS\{ACD4925D-CA35-411A-A902-59DA687DB2E0}, Quarantined, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT \PREAPPROVED\{ACD4925D-CA35-411A-A902-59DA687DB2E0}, Quarantined, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{ACD4925D-CA35-411A-A902-59DA687DB2E0}\INPROCSERVER32, Quarantined, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [db442614f8847bbb5c7c668a1ce6ec14],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [3ee1f644f6862d09657f7fc983808e72],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.DealsFactor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [3ce3bf7bc5b770c6ebb7ef3655ae4cb4],
Registry Values: 2
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN |fst_be_54, Quarantined, [899681b9b2cacf67f53cd089679cd22e],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [9f8016245e1e60d64bd1e75e1ae950b0]
Registry Data: 6
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}, Good: (www.google.com (http://www.google.com)), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}),Replaced,[e837d862fe7e67cf209896a2996c629e]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNHh5PAVYf6XvpLKOjCbJ r57jwfnFY5Ubq4_YpA5nvwgdIFCR269QT2UKn08ihoTntQTywd jgYnN3cwxZQ10wU,, Good: (www.google.com (http://www.google.com)), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNHh5PAVYf6XvpLKOjCbJ r57jwfnFY5Ubq4_YpA5nvwgdIFCR269QT2UKn08ihoTntQTywd jgYnN3cwxZQ10wU,),Replaced,[1c0388b2790369cdd6df7dbbc83dda26]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}, Good: (www.google.com (http://www.google.com)), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}),Replaced,[e03f12286f0def47b2082c0cde275ca4]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}, Good: (www.google.com (http://www.google.com)), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}),Replaced,[8a959b9f95e7ae882d900b2dde2754ac]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}, Good: (www.google.com (http://www.google.com)), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}),Replaced,[140b69d1c5b7300604ba4cec16ef8878]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3656978789-4053311993-1158336851-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}, Good: (www.google.com (http://www.google.com)), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkpOeShKAuPl uFW8aKoyk0zToSi7W1nLkLG69zNM3OUeBo-m-iP3K3m7ntJ_cgE1nmmB45FqJtTdI0SNLDienhyucZ9UXJreVFo ACZPiE8qn1Oz9kdLsYlsGC4wDri4HR1tkk3BiLxkZnF5_yLG_b bPVODrLe2vM2etc,&q={searchTerms}),Replaced,[66b9a49615675ed8c7f9300863a2df21]
Folders: 4
PUP.Optional.Extutil.A, C:\Users\Sofie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [e63952e83b41330333b5a3750bf8e020],
PUP.Optional.Managera.A, C:\Users\Sofie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [4dd23406e993ef477f6a6dab758e26da],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.DealsFactor.A, C:\ProgramData\DealsFactor, Quarantined, [3ce3bf7bc5b770c6ebb7ef3655ae4cb4],
Files: 54
PUP.Optional.MultiPlug, C:\ProgramData\savernet\YagPNbosnzHFyf.dll, Delete-on-Reboot, [a97687b3bcc09b9bcb9cab13f30e8b75],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files\HDPlus-V1.9\c9d77c59-0ff5-4036-8806-71115fd01f45-3.exe.vir, Quarantined, [54cb01394b31bd79e67f71e417e9fb05],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files\HDPlus-V1.9\c9d77c59-0ff5-4036-8806-71115fd01f45-11.exe.vir, Quarantined, [3be4d367710b91a5e4815005b84812ee],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files\HDPlus-V1.9\utils.exe.vir, Quarantined, [e33ca595314b30060905043c1ee2c040],
PUP.Optional.ToggleMark.A, C:\AdwCleaner\Quarantine\C\Program Files\ToggleMark\bin\utilToggleMark.exe.vir, Quarantined, [24fb48f29edeab8b80fa6a1a907144bc],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\ToggleMark\bin\plugins\ToggleMark.BroStats.d ll.vir, Quarantined, [39e6db5f97e5053178d6aa1a1ce507f9],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\ToggleMark\bin\plugins\ToggleMark.BrowserAda pterS.dll.vir, Quarantined, [20ff48f2df9d45f10da7ebb33ec316ea],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\ToggleMark\bin\plugins\ToggleMark.IEUpdate.d ll.vir, Quarantined, [1708a1997408280eb298a71d5da413ed],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\CoolSaleCou pon\ollqSTWl9rlKrg.dll.vir, Quarantined, [9f801228c0bcc6705413c8f647baa060],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\saVeitkeeee p\WR7wyE9XXBAVYL.dll.vir, Quarantined, [de41bd7d1963a096a4c34e70ba47629e],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\saviengitoy ou\5CP9KFf01ka6pi.dll.vir, Quarantined, [24fb46f4a5d763d3580ff4ca11f0cc34],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\SavveerAddi oen\VHr4gYGx.dll.vir, Quarantined, [c9562e0c82fa3cfa45224c72f60b05fb],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\SavveerAddi oen\VHr4gYGx.exe.vir, Quarantined, [36e958e265171521115788369e639070],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\soaFerwueba \qpa.dll.vir, Quarantined, [2ef1281280fcaf872c3bb40adf226a96],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\soaFerwueba \qpa.exe.vir, Quarantined, [6fb081b923596dc91652447aa55cc937],
Trojan.SProtector, C:\AdwCleaner\Quarantine\C\ProgramData\WinSpeed\Wi nSpeed.dll.vir, Quarantined, [32ed1624b7c5d0661da0e3ddf809f709],
PUP.Optional.Revizer, C:\Users\Sofie\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\AKK4GE1N\BlockAndSurf_2222-5510[1].exe, Quarantined, [938c3bffd4a8cc6ab84cb79ade229868],
PUP.Optional.InstallMonetizer.NS, C:\Users\Sofie\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\E3YKP7LU\VuuPC_VO2_8907[1].exe, Quarantined, [0619df5b7b0173c39a788e241ce523dd],
PUP.Optional.InstallCore, C:\Users\Sofie\AppData\Local\Temp\nsb2943.tmp, Quarantined, [55ca4af0d8a462d436c7ffb668995ea2],
PUP.Optional.InstallCore, C:\Users\Sofie\AppData\Local\Temp\nsb7D1D.tmp, Quarantined, [eb34ed4d3d3fa690728b2590946d33cd],
PUP.Optional.InstallCore, C:\Users\Sofie\AppData\Local\Temp\nsdC70B.tmp, Quarantined, [e03ff644473549ed2fce14a12cd56a96],
PUP.Optional.SearchProtect.A, C:\Users\Sofie\AppData\Local\Temp\nshC04.tmp, Quarantined, [170833072d4fbe78f0887e27936ee41c],
PUP.Optional.Conduit.A, C:\Users\Sofie\AppData\Local\Temp\nsmB8E7.exe, Quarantined, [e83753e782fad26499c1287326db0000],
PUP.Optional.Conduit.A, C:\Users\Sofie\AppData\Local\Temp\nsrB1B5.exe, Quarantined, [39e62b0f720a67cfd585009bca3733cd],
PUP.Optional.Conduit.A, C:\Users\Sofie\AppData\Local\Temp\nssA17.exe, Quarantined, [c15e58e2c1bb54e2352567345aa7659b],
PUP.Optional.Conduit.A, C:\Users\Sofie\AppData\Local\Temp\nsx249.exe, Quarantined, [fe21b189403c0432b0aa0b9014ed14ec],
PUP.Optional.InstallCore, C:\Users\Sofie\AppData\Local\Temp\nsx5F8F.tmp, Quarantined, [8699e05aadcf94a26e8fcfe638c9b14f],
PUP.Optional.CrossRider, C:\Users\Sofie\AppData\Local\Temp\setup.exe, Quarantined, [df4087b3bac259dde32eb3020ef332ce],
PUP.Optional.Softonic.A, C:\Users\Sofie\Documents\downloads\SoftonicDownloa der_voor_windows-live-messenger-2009.exe, Quarantined, [2bf4aa90a7d5d0661ac910285fa2f20e],
PUP.Optional.Bandoo, C:\Users\Sofie\Documents\downloads\iLvSetup-r267-n-bc.exe, Quarantined, [ba6590aaaad2c0764244061c12ef8779],
PUP.Optional.Softonic.A, C:\Users\Sofie\Downloads\SoftonicDownloader_voor_b ittorrent.exe, Quarantined, [021d60daf18b39fd8c575fd9bf42ac54],
PUP.Optional.OpenCandy, C:\Users\Sofie\Downloads\bullshit\mp3rocket (1).exe, Quarantined, [8c930832aecee452585f5d0c62a3a858],
PUP.Optional.OpenCandy, C:\Users\Sofie\Downloads\bullshit\Niet bevestigd 77195.crdownload, Quarantined, [43dc1e1c601cb4825562472257aef40c],
PUP.Optional.Softonic.A, C:\Users\Sofie\Downloads\bullshit\SoftonicDownload er_voor_windows-live-messenger-2009.exe, Quarantined, [958af941611bf73f6a790c2c5ea39b65],
PUP.Optional.InstallCore.A, C:\Users\Sofie\Downloads\bullshit\windows-live-messenger-2009.exe, Quarantined, [35ea9e9c295371c5656a857d9e6736ca],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI2C67.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [d847d961aeceea4c7ed0230be11f5da3],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI8F4E.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [c15e2e0cfe7e85b1e965a18ddf21f10f],
PUP.Optional.SmartBar, C:\Windows\Installer\MSID476.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [011e6dcd5725fc3a27272e00ab5547b9],
PUP.Optional.Extutil.A, C:\Users\Sofie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [e63952e83b41330333b5a3750bf8e020],
PUP.Optional.Extutil.A, C:\Users\Sofie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [e63952e83b41330333b5a3750bf8e020],
PUP.Optional.Extutil.A, C:\Users\Sofie\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [e63952e83b41330333b5a3750bf8e020],
PUP.Optional.Managera.A, C:\Users\Sofie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [4dd23406e993ef477f6a6dab758e26da],
PUP.Optional.Managera.A, C:\Users\Sofie\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [4dd23406e993ef477f6a6dab758e26da],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\Goog leCrashHandler.exe, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\Goog leUpdate.exe, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\Goog leUpdateBroker.exe, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\Goog leUpdateHelper.msi, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\Goog leUpdateOnDemand.exe, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\goop date.dll, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\goop dateres_en.dll, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\npGo ogleUpdate4.dll, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\psma chine.dll, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.GlobalUpdate.A, C:\Users\Sofie\AppData\Local\Temp\comh.175788\psus er.dll, Quarantined, [3ce357e35f1da49286604ecc4bb88080],
PUP.Optional.DealsFactor.A, C:\ProgramData\DealsFactor\DealsFactor.exe, Quarantined, [3ce3bf7bc5b770c6ebb7ef3655ae4cb4],
Sofiekebieke 11 November 2014, 21:46 Zoek.exe v5.0.0.0 Updated 10-November-2014
Tool run by Sofie on di 11-11-2014 at 20:29:30,10.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sofie\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sofie\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
==== System Restore Info ======================
11-11-2014 20:31:26 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\savernet deleted
C:\Users\Sofie\AppData\Local\nsl1087.tmp deleted
C:\Windows\system32\drivers\Msft_Kernel_webinstr_0 1009.Wdf deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Sofie\AppData\Local\Temp ====
2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Sofie\AppData\Local\Temp\sqlite3.dll
2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Sofie\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2014-11-11 19:22:06 C97E0F487690FB0C7221168465982810 52440 ----a-w- C:\Windows\System32\drivers\bywv.sys
2014-11-11 17:36:13 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 17:35:43 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 17:35:43 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 17:35:43 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-26 15:11:58 E1E18E2987072861707681A0E6D16F21 186368 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-26 15:11:57 E10601CF12F9E619BC16A40E962954E9 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Sofie\AppData\Roaming ======
2014-11-11 12:48:39 4305F2DD796111E7CF5A18DFE8E157B0 4299700 ----a-w- C:\Users\Sofie\AppData\Local\package.nw.new
2014-11-11 12:40:08 -------- d-----w- C:\Users\Sofie\AppData\Local\app
2014-10-26 14:41:32 -------- d-----w- C:\Users\Sofie\AppData\Local\Popcorn-Time
2014-10-26 14:41:19 -------- d-----w- C:\Users\Sofie\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Popcorn Time
2014-10-26 14:40:45 -------- d-----w- C:\Users\Sofie\AppData\Local\Popcorn Time
====== C:\Users\Sofie ======
2014-11-11 17:34:59 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Sofie\Downloads\mbam-setup-2.0.0.1000.exe
2014-11-11 17:26:21 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Sofie\Downloads\adwcleaner_4.101.exe
====== C: exe-files ==
2014-11-11 17:34:59 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Sofie\Downloads\mbam-setup-2.0.0.1000.exe
2014-11-11 17:26:21 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Sofie\Downloads\adwcleaner_4.101.exe
2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Sofie\AppData\Local\Temp\Quarantine.exe
=== C: other files ==
2014-11-11 19:22:06 C97E0F487690FB0C7221168465982810 52440 ----a-w- C:\Windows\System32\drivers\bywv.sys
2014-11-11 17:36:13 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 17:35:43 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 17:35:43 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 17:35:43 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-11 12:40:13 E6C389783022E8026DABC176433B5201 5878 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\store.zip
2014-11-11 12:40:13 D51845CD18A0425F0888F1D0F96D2F20 415 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\linux_arc.zip
2014-11-11 12:40:13 C38BDFCF2143FAC75C9E0491AE0993B2 4189 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\attributes_test.zip
2014-11-11 12:40:13 AD05551C2A7B1A9DEAB42640C408CA13 4194 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\fastest.zip
2014-11-11 12:40:13 AD05551C2A7B1A9DEAB42640C408CA13 4194 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\fast.zip
2014-11-11 12:40:13 84570EA57C894FF970904388EBF6C0CA 4170 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\normal.zip
2014-11-11 12:40:13 202063BBB23B1C09B0C1A91820C82D26 4086 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\ultra.zip
2014-11-11 12:40:13 202063BBB23B1C09B0C1A91820C82D26 4086 ----a-w- C:\Users\Sofie\AppData\Local\app\Popcorn Time\node_modules\adm-zip\test\assets\maximum.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3656978789-4053311993-1158336851-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-3656978789-4053311993-1158336851-1001\Software\Microsoft\Windows\CurrentVersion\Run Once]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AnyProtect Scanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyProtect Scanner"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AnyProtectEx\\AnyProtect.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlockAndSurf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlockAndSurf"
"hkey"="HKCU"
"command"="C:\\Program Files\\di1BlockAndSurf\\BlockAndSurf.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ChicaPasswordManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ChicaPasswordManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\ChicaLogic\\Chica Password Manager\\stpass.exe\" /autorunned"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fst_be_54]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fst_be_54"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\fst_be_54\\fst_be_54.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [26-10-2014 16:03]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe]
"C:\Windows\system32\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdat e" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtection Platform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chromium Look ======================
SEOquake - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdn dkjdjc
HDPlus-V1.9 - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgg lakjdd
Effective Measure Community Plugin - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgdmfemjeohjmeeabffnombnp kkogjm
Google Wallet - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda
Phone To Desktop - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmk dlbgag
Tab Bundler - Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkco cfdahd
==== Chromium Fix ======================
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrent.nl.softonic.com_0.localsto rage deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrent.nl.softonic.com_0.localsto rage-journal deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgdmfemjeohjmeeabffnombnp kkogjm deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdn dkjdjc deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgg lakjdd deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnomihfieiccainjcjblhegjgglakjdd_0.local storage deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnomihfieiccainjcjblhegjgglakjdd_0.local storage-journal deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bnomihfieiccainjcjblhegjgglakjdd_0 deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnomihfieiccainjcjblhegjgglakjdd deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmk dlbgag deleted successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkco cfdahd deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{758B870D-DF78-4A6A-9955-DEDDCACF94DC}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{19D444C7-332D-4FA4-9481-7C417B220D10} Google NL Url="http://www.google.nl/search?hl=nl&q={searchTerms}&meta="
{758B870D-DF78-4A6A-9955-DEDDCACF94DC} Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyProtect Scanner deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAndSurf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChicaPasswordManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fst_be_54 deleted successfully
==== Empty IE Cache ======================
C:\Users\Sofie\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5 emptied successfully
C:\Users\Sofie\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Sofie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=133 folders=24 5100466 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sofie\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser.WINDOWS-OJS04FH\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Sofie\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp\Low" not deleted
==== EOF on di 11-11-2014 at 20:44:42,36 ======================
Sofiekebieke 12 November 2014, 22:02 Lijkt ook weer opgelost te zijn. is er nog iets te zien?
Alvast bedankt hoor
Rosty 13 November 2014, 21:31 Ziet er goed uit hoor!
Sofiekebieke 21 November 2014, 14:43 Beste Rosty, super bedankt hoor.
|
|