steeds weer reclame op elke pagina

kan iemand me helpen.

ik draai op windows xp en krijg overal reclame,ook tijdens een zoekactie gisteren kwam ik vele onbekende bestanden tegen.

gisteren vond ik ook wangzhisong bij men users,dat heb ik,vraag me niet hoe kunnen verwijderen,maar de reclame blijft.

Media Player 1.1

Media Player. Rechten

Id: onodfkemopbglgilgmobfffbbfpigpje

(Deze extensie wordt beheerd en kan niet worden verwijderd of uitgeschakeld)

bij de reclame komt staan ads by media player en krijg deze extensie

niet verwijdered

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

Logfile of random's system information tool 1.09 (written by random/random)

Run by Kelly at 2014-01-30 18:21:19

Microsoft Windows XP Professional Service Pack 3

System drive C: has 442 GB (93%) free of 477 GB

Total RAM: 2013 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:21:22, on 30/01/2014

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\Kelly\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kelly\Mijn documenten\Downloads\RSIT (1).exe

C:\Program Files\trend micro\Kelly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [beidsccertprop] C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AnyProtect] C:\Program Files\AnyProtectEx\AnyProtect.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Kelly\Application Data\Dropbox\bin\Dropbox.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 7757 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1647877149-682003330-1003Core.job

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1647877149-682003330-1003UA.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-13 141336]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-13 173592]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-13 141848]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2516296]

"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

"beidsccertprop"=C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe [2012-02-21 31768]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"AnyProtect"=C:\Program Files\AnyProtectEx\AnyProtect.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"Facebook Update"=C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-02 138096]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-11-18 33697792]

C:\Documents and Settings\Kelly\Menu Start\Programma's\Opstarten

Dropbox.lnk - C:\Documents and Settings\Kelly\Application Data\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2009-02-03 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

"C:\Documents and Settings\Kelly\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Kelly\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"VIDC.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"VIDC.YVYU"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2014-01-30 18:08:10 ----A---- C:\WINDOWS\system32\wmpns.dll

2014-01-29 22:35:40 ----D---- C:\WINDOWS\Temp

2014-01-29 22:35:40 ----A---- C:\WINDOWS\zoek-delete.exe

2014-01-29 22:35:33 ----A---- C:\files.txt

2014-01-29 22:26:12 ----D---- C:\rsit

2014-01-29 22:26:12 ----D---- C:\Program Files\trend micro

2014-01-29 22:18:18 ----D---- C:\zoek_backup

2014-01-29 21:16:33 ----D---- C:\WINDOWS\ERUNT

2014-01-29 21:15:54 ----A---- C:\AdwCleaner[s3].txt

2014-01-29 21:15:27 ----A---- C:\AdwCleaner[R3].txt

2014-01-29 19:44:56 ----A---- C:\AdwCleaner[s2].txt

2014-01-29 19:44:40 ----A---- C:\AdwCleaner[R2].txt

2014-01-29 19:34:33 ----A---- C:\AdwCleaner[s1].txt

2014-01-29 19:33:58 ----A---- C:\AdwCleaner[R1].txt

2014-01-29 19:17:13 ----D---- C:\Program Files\Enigma Software Group

2014-01-29 19:16:17 ----D---- C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP

2014-01-29 19:16:07 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2014-01-29 19:13:08 ----D---- C:\Documents and Settings\Kelly\Application Data\Malwarebytes

2014-01-29 19:12:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-01-29 16:16:06 ----HD---- C:\WINDOWS\system32\GroupPolicy

2014-01-16 00:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$

======List of files/folders modified in the last 1 month======

2014-01-30 18:21:22 ----D---- C:\WINDOWS\Prefetch

2014-01-30 18:09:06 ----D---- C:\WINDOWS\system32

2014-01-30 18:09:01 ----D---- C:\Documents and Settings\Kelly\Application Data\Dropbox

2014-01-30 18:08:10 ----A---- C:\WINDOWS\win.ini

2014-01-30 18:07:10 ----D---- C:\WINDOWS

2014-01-30 18:07:10 ----D---- C:\Program Files\Windows Media Player

2014-01-30 18:06:48 ----A---- C:\WINDOWS\SchedLgU.Txt

2014-01-30 18:05:17 ----D---- C:\WINDOWS\system32\CatRoot2

2014-01-30 18:04:07 ----RSHDC---- C:\WINDOWS\system32\dllcache

2014-01-30 18:04:02 ----D---- C:\WINDOWS\system32\drivers

2014-01-30 18:04:01 ----HD---- C:\WINDOWS\inf

2014-01-30 18:03:23 ----D---- C:\WINDOWS\Help

2014-01-30 18:02:36 ----RD---- C:\Program Files

2014-01-30 11:53:08 ----D---- C:\Documents and Settings\Kelly\Application Data\Skype

2014-01-29 22:34:24 ----D---- C:\Users

2014-01-29 22:34:22 ----D---- C:\Program Files\Mozilla Firefox

2014-01-29 20:51:56 ----SD---- C:\Documents and Settings\Kelly\Application Data\Microsoft

2014-01-29 20:42:01 ----SHD---- C:\WINDOWS\Installer

2014-01-29 20:32:44 ----D---- C:\Program Files\Google

2014-01-29 20:32:25 ----SD---- C:\WINDOWS\Tasks

2014-01-29 20:17:03 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-29 20:02:48 ----D---- C:\WINDOWS\Minidump

2014-01-29 20:00:24 ----D---- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-01-29 19:49:38 ----RSD---- C:\WINDOWS\assembly

2014-01-29 19:16:07 ----D---- C:\Program Files\Common Files

2014-01-29 17:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2014-01-16 00:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-01-16 00:21:49 ----D---- C:\WINDOWS\system32\MRT

2014-01-16 00:20:14 ----A---- C:\WINDOWS\system32\MRT.exe

2014-01-16 00:20:09 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-03 6312608]

R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-04-08 12288]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-06 142336]

R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]

R3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-10-21 1425280]

S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 hxctlflt;hxctlflt; C:\WINDOWS\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 SNPSTD3;Hercules Classic Silver; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-12-13 45056]

S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]

S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2013-05-01 29184]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys []

S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624]

R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-08 182696]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 ca82e1a5;Optimizer Pro Crash Monitor; c:\progra~1\optimi~1\OptProCrashSvc.dll,ServiceMain []

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-29 116648]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-29 257928]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-29 116648]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {5C255C8A-E604-49b4-9D64-90988571CECB};c
 KernelFaultCheck;s
 {878AC5FC-BE78-4bae-896C-7F75B790A71E};c
 C:\Program Files\PokerStars.BE;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}];r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 "KernelFaultCheck"=-;r
 C:\WINDOWS\zoek-delete.exe;f
 C:\zoek_backup;fs
 C:\AdwCleaner[s3].txt;f
 C:\AdwCleaner[R3].txt;f
 C:\AdwCleaner[s2].txt;f
 C:\AdwCleaner[R2].txt;f
 C:\AdwCleaner[s1].txt;f
 C:\AdwCleaner[R1].txt;f
 C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP;f
 C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1;fs
 autoclean;
emptyfolderscheck;delete 
startupall; 
filesrcm;

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

tijdens de run kwam er een melding op waar ik enkel ok kon drukken,ik citeer:

Windows script host

script:C\DOCUME~1\Kelly\LOCALS~1\Temp\Folderchk.UBS

regel: 38

teken: 1

fout: path not found

code: 800A004C

bron: microsoft VBScript runtime error.

hierbij ook de log bijgevoegd:

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Kelly on vr 31/01/2014 at 16:19:01,23.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\Kelly\Mijn documenten\Downloads\zoek\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-29-212146.log 41862 bytes

C:\zoek-results2014-01-29-213808.log 8270 bytes

==== Empty Folders Check ======================

C:\Program Files\Fotoservice deleted successfully

C:\Program Files\PokerStars.BE deleted successfully

C:\Program Files\Windows Media Connect 2 deleted successfully

C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live deleted successfully

C:\Documents and Settings\All Users\Application Data\CanonEPP deleted successfully

C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2 deleted successfully

C:\Documents and Settings\Kelly\Application Data\Lite deleted successfully

C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully

C:\Documents and Settings\LocalService\Application Data\QuickScan deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{878AC5FC-BE78-4bae-896C-7F75B790A71E} deleted successfully

HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{878AC5FC-BE78-4bae-896C-7F75B790A71E} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{878AC5FC-BE78-4bae-896C-7F75B790A71E} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"KernelFaultCheck"=-

==== Deleting Files \ Folders ======================

C:\Program Files\PokerStars.BE not found

"C:\WINDOWS\zoek-delete.exe" not found

C:\zoek_backup deleted

C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCall.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla17.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla18.exe" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla19.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla2.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla20.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.exe" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseData.ini" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\Kelly\LOCALS~1\Temp ====

====== Java Cache =====

====== C:\WINDOWS\system32 =====

2014-01-30 17:08:50 A32B14BE5EDAE794FCE1A9E970827509 23392 ----a-w- C:\WINDOWS\System32\nscompat.tlb

2014-01-30 17:08:50 6D6F4B1886E91EB37ABCCAD19C561EE0 16832 ----a-w- C:\WINDOWS\System32\amcompat.tlb

2014-01-30 17:08:10 47787352A0260031998C4B6019686FC8 221184 ----a-w- C:\WINDOWS\System32\wmpns.dll

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

2014-01-29 19:32:25 47D7BFDB399741822370DAB42ABD7476 1042 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-29 19:32:24 EC24A370022F428271BC038347252DAB 1038 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-29 19:17:05 F68788C166F0018BB863B5B0FDCA5121 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-01-29 21:26:12 -------- d-----w- C:\Program Files\trend micro

2014-01-29 18:17:13 -------- d-----w- C:\Program Files\Enigma Software Group

2014-01-29 18:16:07 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

======= C: =====

2014-01-29 21:35:33 D3A3F12DBA95788BF313E45BA15394BA 448 ----a-w- C:\files.txt

2014-01-29 20:15:54 E4B088097C4B04FA831B2685F1F00382 302 ----a-w- C:\AdwCleaner[s3].txt

2014-01-29 20:15:27 EF6B6703472A1C67FCD70E3840D3D7E0 1275 ----a-w- C:\AdwCleaner[R3].txt

2014-01-29 18:44:56 985AA24BB0EFF4E8245709007D7A3C81 7888 ----a-w- C:\AdwCleaner[s2].txt

2014-01-29 18:44:40 626CC659C4327159C1FA32642BC60289 7660 ----a-w- C:\AdwCleaner[R2].txt

2014-01-29 18:34:33 E72E1D5C1A9426B4B2AD413E33975ED6 362 ----a-w- C:\AdwCleaner[s1].txt

2014-01-29 18:33:58 7D60FEBEBCED0AD3E6B02034B58E80C3 7531 ----a-w- C:\AdwCleaner[R1].txt

====== C:\Documents and Settings\Kelly\Application Data ======

2014-01-29 19:31:57 -------- d-----w- C:\Documents and Settings\Kelly\Local Settings\Application Data\Deployment

2014-01-10 07:15:09 -------- d-----w- C:\Documents and Settings\Kelly\Local Settings\Application Data\Identities

====== C:\Documents and Settings\Kelly ======

2014-01-29 20:15:20 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en(1).exe

2014-01-29 18:33:47 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en.exe

====== C: exe-files ==

2014-01-30 17:20:56 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\RSIT (1).exe

2014-01-29 21:26:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kelly.exe

2014-01-29 21:25:54 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\RSIT.exe

2014-01-29 20:37:23 B154A02352A402566847EBC384F375EB 5877648 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\ophcrack-win32-installer-3.6.0 (1).exe

2014-01-29 20:31:06 B154A02352A402566847EBC384F375EB 5877648 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\ophcrack-win32-installer-3.6.0.exe

2014-01-29 20:16:07 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\JRT.exe

2014-01-29 20:15:20 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en(1).exe

2014-01-29 19:37:34 CA0A340ABCF0C14A09691CBC90186AB4 51080 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateBroker.exe

2014-01-29 19:37:34 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateSetup.exe

2014-01-29 19:37:34 600B1A4BCC0823A96DC7B86F005ADBB8 51080 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe

2014-01-29 19:37:32 9CCBA5E2489E603BB1578D1D541252A8 273800 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

2014-01-29 19:37:31 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdate.exe

2014-01-29 19:37:31 465680BDE344CE4FF6646626AA3A9125 223112 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe

2014-01-29 19:37:28 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe

2014-01-29 19:32:40 75B0D4CC6E1BFD6344EEF198270A773D 36532904 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\32.0.1700.102\32.0.1700.102_chrome_installer.exe

2014-01-29 19:32:21 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe

2014-01-29 19:32:17 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Documents and Settings\Kelly\Local Settings\Apps\2.0\ZQOW2LLQ.Q9R\2CHD6OMV.227\inst...app_4fe91ede9f9bdca3_0001.0003_fc100576141c6894\GoogleUpdateSetup.exe

2014-01-29 19:32:17 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Documents and Settings\Kelly\Local Settings\Apps\2.0\ZQOW2LLQ.Q9R\2CHD6OMV.227\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\GoogleUpdateSetup.exe

2014-01-29 19:32:17 2D479A35439E0DFBDBF2FDB6DEE8D49B 10120 ------w- C:\Documents and Settings\Kelly\Local Settings\Apps\2.0\ZQOW2LLQ.Q9R\2CHD6OMV.227\inst...app_4fe91ede9f9bdca3_0001.0003_fc100576141c6894\clickonce_bootstrap.exe

2014-01-29 18:44:31 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\adwcleaner-1.606-en.exe

2014-01-29 18:41:05 41EE08315F64F72DA0EDE09F1061E7C4 254832 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\AdwCleaner (1).exe

2014-01-29 18:33:47 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en.exe

2014-01-29 18:32:29 41EE08315F64F72DA0EDE09F1061E7C4 254832 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\AdwCleaner.exe

2014-01-29 18:15:32 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\SpyHunter-Installer.exe

2014-01-29 18:12:32 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-01-29 18:12:29 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\mbam-setup-1.75.0.1300.exe

=== C: other files ==

2014-01-29 21:33:45 5AD67143374DA9B6D534680E4A0F23E5 735907 ----a-w- C:\Documents and Settings\All Users\Bureaublad\sample_20142901_2233.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"Facebook Update"="C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"beidsccertprop"="C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"AnyProtect"="C:\Program Files\AnyProtectEx\AnyProtect.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"Facebook Update"="C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HDeck"

"hkey"="HKLM"

"command"="C:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe 1"

==== Startup Folders ======================

2013-10-13 06:54:14 1024 ----a-w- C:\Documents and Settings\Kelly\Menu Start\Programma's\Opstarten\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/01/2014 20:17]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ [undetermined Task]

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1647877149-682003330-1003Core.job --a------ [undetermined Task]

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1647877149-682003330-1003UA.job --a------ C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [02/12/2012 11:13]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/01/2014 20:32]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/01/2014 20:32]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [19/10/2013 00:46]

==== Chrome Look ======================

Media Player - Kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onodfkemopbglgilgmobfffbbfpigpje

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{D1541A88-C9CC-4EFC-B29A-85C424B89FA7} Bing Url="http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\1ZAY1GG9 will be deleted at reboot

C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

tijdens de run kwam er een melding op waar ik enkel ok kon drukken,ik citeer:

Windows script host

script:C\DOCUME~1\Kelly\LOCALS~1\Temp\Folderchk.UBS

regel: 38

teken: 1

fout: path not found

code: 800A004C

bron: microsoft VBScript runtime error.

hierbij ook de log bijgevoegd:

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Kelly on vr 31/01/2014 at 16:19:01,23.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\Kelly\Mijn documenten\Downloads\zoek\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-29-212146.log 41862 bytes

C:\zoek-results2014-01-29-213808.log 8270 bytes

==== Empty Folders Check ======================

C:\Program Files\Fotoservice deleted successfully

C:\Program Files\PokerStars.BE deleted successfully

C:\Program Files\Windows Media Connect 2 deleted successfully

C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live deleted successfully

C:\Documents and Settings\All Users\Application Data\CanonEPP deleted successfully

C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2 deleted successfully

C:\Documents and Settings\Kelly\Application Data\Lite deleted successfully

C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully

C:\Documents and Settings\LocalService\Application Data\QuickScan deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{878AC5FC-BE78-4bae-896C-7F75B790A71E} deleted successfully

HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{878AC5FC-BE78-4bae-896C-7F75B790A71E} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{878AC5FC-BE78-4bae-896C-7F75B790A71E} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"KernelFaultCheck"=-

==== Deleting Files \ Folders ======================

C:\Program Files\PokerStars.BE not found

"C:\WINDOWS\zoek-delete.exe" not found

C:\zoek_backup deleted

C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCall.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla17.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla18.exe" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla19.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla2.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla20.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.dll" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.exe" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP\WiseData.ini" deleted

"C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\Kelly\LOCALS~1\Temp ====

====== Java Cache =====

====== C:\WINDOWS\system32 =====

2014-01-30 17:08:50 A32B14BE5EDAE794FCE1A9E970827509 23392 ----a-w- C:\WINDOWS\System32\nscompat.tlb

2014-01-30 17:08:50 6D6F4B1886E91EB37ABCCAD19C561EE0 16832 ----a-w- C:\WINDOWS\System32\amcompat.tlb

2014-01-30 17:08:10 47787352A0260031998C4B6019686FC8 221184 ----a-w- C:\WINDOWS\System32\wmpns.dll

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

2014-01-29 19:32:25 47D7BFDB399741822370DAB42ABD7476 1042 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-29 19:32:24 EC24A370022F428271BC038347252DAB 1038 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-29 19:17:05 F68788C166F0018BB863B5B0FDCA5121 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-01-29 21:26:12 -------- d-----w- C:\Program Files\trend micro

2014-01-29 18:17:13 -------- d-----w- C:\Program Files\Enigma Software Group

2014-01-29 18:16:07 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

======= C: =====

2014-01-29 21:35:33 D3A3F12DBA95788BF313E45BA15394BA 448 ----a-w- C:\files.txt

2014-01-29 20:15:54 E4B088097C4B04FA831B2685F1F00382 302 ----a-w- C:\AdwCleaner[s3].txt

2014-01-29 20:15:27 EF6B6703472A1C67FCD70E3840D3D7E0 1275 ----a-w- C:\AdwCleaner[R3].txt

2014-01-29 18:44:56 985AA24BB0EFF4E8245709007D7A3C81 7888 ----a-w- C:\AdwCleaner[s2].txt

2014-01-29 18:44:40 626CC659C4327159C1FA32642BC60289 7660 ----a-w- C:\AdwCleaner[R2].txt

2014-01-29 18:34:33 E72E1D5C1A9426B4B2AD413E33975ED6 362 ----a-w- C:\AdwCleaner[s1].txt

2014-01-29 18:33:58 7D60FEBEBCED0AD3E6B02034B58E80C3 7531 ----a-w- C:\AdwCleaner[R1].txt

====== C:\Documents and Settings\Kelly\Application Data ======

2014-01-29 19:31:57 -------- d-----w- C:\Documents and Settings\Kelly\Local Settings\Application Data\Deployment

2014-01-10 07:15:09 -------- d-----w- C:\Documents and Settings\Kelly\Local Settings\Application Data\Identities

====== C:\Documents and Settings\Kelly ======

2014-01-29 20:15:20 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en(1).exe

2014-01-29 18:33:47 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en.exe

====== C: exe-files ==

2014-01-30 17:20:56 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\RSIT (1).exe

2014-01-29 21:26:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kelly.exe

2014-01-29 21:25:54 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\RSIT.exe

2014-01-29 20:37:23 B154A02352A402566847EBC384F375EB 5877648 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\ophcrack-win32-installer-3.6.0 (1).exe

2014-01-29 20:31:06 B154A02352A402566847EBC384F375EB 5877648 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\ophcrack-win32-installer-3.6.0.exe

2014-01-29 20:16:07 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\JRT.exe

2014-01-29 20:15:20 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en(1).exe

2014-01-29 19:37:34 CA0A340ABCF0C14A09691CBC90186AB4 51080 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateBroker.exe

2014-01-29 19:37:34 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateSetup.exe

2014-01-29 19:37:34 600B1A4BCC0823A96DC7B86F005ADBB8 51080 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe

2014-01-29 19:37:32 9CCBA5E2489E603BB1578D1D541252A8 273800 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

2014-01-29 19:37:31 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleUpdate.exe

2014-01-29 19:37:31 465680BDE344CE4FF6646626AA3A9125 223112 ----atw- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe

2014-01-29 19:37:28 C98E0215F7B65F0DDEE0591BD57EDFA6 847128 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe

2014-01-29 19:32:40 75B0D4CC6E1BFD6344EEF198270A773D 36532904 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\32.0.1700.102\32.0.1700.102_chrome_installer.exe

2014-01-29 19:32:21 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe

2014-01-29 19:32:17 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Documents and Settings\Kelly\Local Settings\Apps\2.0\ZQOW2LLQ.Q9R\2CHD6OMV.227\inst...app_4fe91ede9f9bdca3_0001.0003_fc100576141c6894\GoogleUpdateSetup.exe

2014-01-29 19:32:17 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Documents and Settings\Kelly\Local Settings\Apps\2.0\ZQOW2LLQ.Q9R\2CHD6OMV.227\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\GoogleUpdateSetup.exe

2014-01-29 19:32:17 2D479A35439E0DFBDBF2FDB6DEE8D49B 10120 ------w- C:\Documents and Settings\Kelly\Local Settings\Apps\2.0\ZQOW2LLQ.Q9R\2CHD6OMV.227\inst...app_4fe91ede9f9bdca3_0001.0003_fc100576141c6894\clickonce_bootstrap.exe

2014-01-29 18:44:31 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\adwcleaner-1.606-en.exe

2014-01-29 18:41:05 41EE08315F64F72DA0EDE09F1061E7C4 254832 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\AdwCleaner (1).exe

2014-01-29 18:33:47 96030AE285C32ECCD1C599F1C5DD2BEF 581957 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\adwcleaner-1.606-en.exe

2014-01-29 18:32:29 41EE08315F64F72DA0EDE09F1061E7C4 254832 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\AdwCleaner.exe

2014-01-29 18:15:32 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\SpyHunter-Installer.exe

2014-01-29 18:12:32 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-01-29 18:12:29 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Kelly\Mijn documenten\Downloads\mbam-setup-1.75.0.1300.exe

=== C: other files ==

2014-01-29 21:33:45 5AD67143374DA9B6D534680E4A0F23E5 735907 ----a-w- C:\Documents and Settings\All Users\Bureaublad\sample_20142901_2233.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-507921405-1647877149-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"Facebook Update"="C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"beidsccertprop"="C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"AnyProtect"="C:\Program Files\AnyProtectEx\AnyProtect.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

"Facebook Update"="C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HDeck"

"hkey"="HKLM"

"command"="C:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe 1"

==== Startup Folders ======================

2013-10-13 06:54:14 1024 ----a-w- C:\Documents and Settings\Kelly\Menu Start\Programma's\Opstarten\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/01/2014 20:17]

C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ [undetermined Task]

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1647877149-682003330-1003Core.job --a------ [undetermined Task]

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1647877149-682003330-1003UA.job --a------ C:\Documents and Settings\Kelly\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [02/12/2012 11:13]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/01/2014 20:32]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [29/01/2014 20:32]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [19/10/2013 00:46]

==== Chrome Look ======================

Media Player - Kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onodfkemopbglgilgmobfffbbfpigpje

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{D1541A88-C9CC-4EFC-B29A-85C424B89FA7} Bing Url="http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\1ZAY1GG9 will be deleted at reboot

C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully

C:\Documents and Settings\Kelly\Local Settings\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\Kelly\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\1ZAY1GG9" not found

==== EOF on vr 31/01/2014 at 16:29:18,67 ======================

Krijg je nu nog ongewenste berichten of pop-ups ?

ja hoor,bij het openen van elke nieuwe internet pagina,alsook is de extensie media player 11.1 er nog en kan ik deze nog steeds niet verwijderen,ik heb media player en aanverwanten verwijderd,ma de extensie blijft onverwijderbaar.

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  ca82e1a5;s
 C:\files.txt;f
 C:\AdwCleaner[s3].txt;f
 C:\AdwCleaner[R3].txt;f
 C:\AdwCleaner[s2].txt;f
 C:\AdwCleaner[R2].txt;f
 C:\AdwCleaner[s1].txt;f
 C:\AdwCleaner[R1].txt;f
 C:\Documents and Settings\All Users\Bureaublad\sample_20142901_2233.zip;f
 Onodfkemopbglgilgmobfffbbfpigpje;chr
 Onodfkemopbglgilgmobfffbbfpigpje;ff

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Installed Programs
  
  
• Installer List
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.