# AdwCleaner v6.000 - Logbestand aangemaakt 13/08/2016 op 14:39:05 # *Updated on 12/08/2016 by ToolsLib # Gebruik lokale database : 2016-08-12.4 [*Server] # Besturingssysteem : Windows 10 Home (X64) # Gebruikersnaam : Mandy - MANDY # Gestart vanuit : C:\Users\mandyyy\Downloads\adwcleaner_6.000.exe # *Mode: Scan # Ondersteuning : https://toolslib.net/forum ***** [ *Services ] ***** Service swdumon Service WdMan Service WinSvces Service BugreportW Service winsaber ***** [ Mappen ] ***** gevonden C:\ProgramData\GwinpG gevonden C:\ProgramData\RwinpR gevonden C:\ProgramData\twinpt gevonden C:\Users\Mandyyy\AppData\Local\Hola gevonden C:\Users\Mandyyy\AppData\Local\SweetLabs App Platform gevonden C:\Users\Mandyyy\AppData\Roaming\eCyber gevonden C:\Users\Mandyyy\AppData\Roaming\OpenCandy gevonden C:\Users\Mandyyy\AppData\Roaming\RPEng gevonden C:\Users\Mandyyy\AppData\Roaming\WinZiper gevonden C:\Users\Mandyyy\AppData\Roaming\Uncheckit gevonden C:\Program Files\Hola gevonden C:\Users\Mandyyy\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time gevonden C:\ProgramData\desktopfind gevonden C:\ProgramData\ChelfNotify gevonden C:\ProgramData\Application Data\desktopfind gevonden C:\ProgramData\Application Data\ChelfNotify gevonden C:\Users\Public\Documents\Downloaded Installers gevonden C:\Program Files (x86)\WinSaber gevonden C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit gevonden C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F gevonden C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 gevonden C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\extensions\arthurj8283@gmail.com ***** [ Bestanden ] ***** gevonden C:\Users\Mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk gevonden C:\WINDOWS\SysNative\log\iSafeKrnlCall.log gevonden C:\WINDOWS\SysNative\drivers\swdumon.sys gevonden C:\WINDOWS\apppatch\apppatch64\vcldr64.dll ***** [ DLL ] ***** *No malicious DLLs found. ***** [ WMI ] ***** *No malicious keys found. ***** [ Snelkoppelingen ] ***** Zoeken naar bestanden ... ***** [ Geplande taken ] ***** gevonden SystemHealer Monitor gevonden SystemHealer Run Delay gevonden SweetLabs App Platform gevonden Browser Updater Task(Core) gevonden WinTsks gevonden ChelfNotify Task gevonden bvyvbvhx ***** [ Register ] ***** gevonden HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1 gevonden HKLM\SOFTWARE\Classes\WinZippers.001 gevonden HKLM\SOFTWARE\Classes\WinZippers.7z gevonden HKLM\SOFTWARE\Classes\WinZippers.arj gevonden HKLM\SOFTWARE\Classes\WinZippers.bz2 gevonden HKLM\SOFTWARE\Classes\WinZippers.bzip2 gevonden HKLM\SOFTWARE\Classes\WinZippers.cab gevonden HKLM\SOFTWARE\Classes\WinZippers.cpio gevonden HKLM\SOFTWARE\Classes\WinZippers.deb gevonden HKLM\SOFTWARE\Classes\WinZippers.dmg gevonden HKLM\SOFTWARE\Classes\WinZippers.fat gevonden HKLM\SOFTWARE\Classes\WinZippers.gz gevonden HKLM\SOFTWARE\Classes\WinZippers.gzip gevonden HKLM\SOFTWARE\Classes\WinZippers.hfs gevonden HKLM\SOFTWARE\Classes\WinZippers.iso gevonden HKLM\SOFTWARE\Classes\WinZippers.lha gevonden HKLM\SOFTWARE\Classes\WinZippers.lzh gevonden HKLM\SOFTWARE\Classes\WinZippers.lzma gevonden HKLM\SOFTWARE\Classes\WinZippers.ntfs gevonden HKLM\SOFTWARE\Classes\WinZippers.rar gevonden HKLM\SOFTWARE\Classes\WinZippers.rpm gevonden HKLM\SOFTWARE\Classes\WinZippers.squashfs gevonden HKLM\SOFTWARE\Classes\WinZippers.swm gevonden HKLM\SOFTWARE\Classes\WinZippers.tar gevonden HKLM\SOFTWARE\Classes\WinZippers.taz gevonden HKLM\SOFTWARE\Classes\WinZippers.tbz gevonden HKLM\SOFTWARE\Classes\WinZippers.tbz2 gevonden HKLM\SOFTWARE\Classes\WinZippers.tgz gevonden HKLM\SOFTWARE\Classes\WinZippers.tpz gevonden HKLM\SOFTWARE\Classes\WinZippers.txz gevonden HKLM\SOFTWARE\Classes\WinZippers.vhd gevonden HKLM\SOFTWARE\Classes\WinZippers.wim gevonden HKLM\SOFTWARE\Classes\WinZippers.xar gevonden HKLM\SOFTWARE\Classes\WinZippers.xz gevonden HKLM\SOFTWARE\Classes\WinZippers.z gevonden HKLM\SOFTWARE\Classes\WinZippers.zip gevonden HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan gevonden HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\Classes\pokki gevonden HKCU\Software\Classes\pokki gevonden HKLM\SOFTWARE\Classes\OCComSDK.ComSDK gevonden HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 gevonden [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} gevonden [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} gevonden HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} gevonden HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} gevonden HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} gevonden HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} gevonden HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} gevonden [x64] HKLM\SOFTWARE\FlashBeat gevonden [x64] HKLM\SOFTWARE\Hola gevonden [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} gevonden [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} gevonden [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 gevonden HKU\.DEFAULT\Software\Hola gevonden HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} gevonden HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\Hola gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\PRODUCTSETUP gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\SearchProtect gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\SlimWare Utilities Inc gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\csastats gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\SEARCHPROTECT gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu gevonden HKU\S-1-5-18\Software\Hola gevonden HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} gevonden HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} gevonden HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} gevonden HKCU\Software\Hola gevonden HKCU\Software\PRODUCTSETUP gevonden HKCU\Software\SearchProtect gevonden HKCU\Software\SlimWare Utilities Inc gevonden HKCU\Software\csastats gevonden HKCU\Software\SEARCHPROTECT gevonden HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} gevonden HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. gevonden HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} gevonden HKLM\SOFTWARE\hdcode gevonden HKLM\SOFTWARE\SearchProtect gevonden HKLM\SOFTWARE\SlimWare Utilities Inc gevonden HKLM\SOFTWARE\SPPDCOM gevonden HKLM\SOFTWARE\yessearchesSoftware gevonden HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678} gevonden HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D} gevonden HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D} gevonden HKLM\SOFTWARE\SEARCHPROTECT gevonden HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} gevonden HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu gevonden HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 gevonden HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\Microsoft\Internet Explorer\Main [Start Page Redirect Cache] - hxxps://startpage-home.com/?s=lenovo&m=start gevonden HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Redirect Cache] - hxxps://startpage-home.com/?s=lenovo&m=start gevonden HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{06e93ff9-5cb8-4640-8c36-e97bf9762b30} [NameServer] - gevonden HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{433dd68e-d382-4218-aeba-b123b83540c1} [NameServer] - gevonden HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5bc62d4d-2bb1-4a8e-bb1a-7e0a3d095fc0} [NameServer] - gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chrome.nl.softonic.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chrome.nl.softonic.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com gevonden HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it Waarde [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola] Waarde HKU\S-1-5-21-3125367378-2140037814-2600998391-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola] gevonden HKCU\Software\Classes\AllFileSystemObjects\shell\pokki gevonden HKCU\Software\Classes\Directory\shell\pokki gevonden HKCU\Software\Classes\Drive\shell\pokki gevonden HKCU\Software\Classes\lnkfile\shell\pokki gevonden HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer gevonden HKCU\Software\MozillaPlugins\@hola.org/vlc gevonden HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper gevonden HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper gevonden HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper Waarde HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [HealerCheckout.exe] gevonden HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe gevonden HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} gevonden HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF} ***** [ Internetbrowsers ] ***** gevonden [C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\prefs.js] - "browser.search.defaultenginename" - "nuesearch" gevonden [C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\prefs.js] - "browser.search.selectedEngine" - "nuesearch" Zoeken naar register-items ... ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [12236 bytes] - [13/08/2016 14:39:05] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12310 bytes] ##########