Karl D

In bijlage het log bestand log.txt

Ik merk dat er automatisch een programma mee opstart. Maar het is in Chinese tekens, en ik kan er dus niets van maken. CCleaner en Malwarebytes al geprobeerd zonder resultaat. Het programma uitschakelen of verwijderen lukt ook niet. -> toegang geweigerd. Via taakbeheer en broncontrole zie ik volgende staan - BaiduSdSvc.exe - BaiduSdTray.exe - BaiduHips.exe - BaiduSdUProxy64.exe Met telkens in de beschrijving Chinese tekens.Zie bijlage. Graag tips om hier mee om te gaan. Verder blijkt dat standaard programma's niet meer aanwezig zijn via start / alle programma's. Office enz. Chinese tekens.docx

Beste, Een heel verschil. Geen reclame toestanden meer. Het toestel kan terug normaal gebruikt worden. Het grootste - zichtbare - verschil was er na de reset van Chrome. Bedankt voor de bijstand. Nog volgende vragen. Het toestel neemt ongeveer 5 minuten om op te starten. Is dit normaal? Kan dit verbeterd worden? Is dit de juiste plaats om dit te behandelen? Laat ik Malwarebytes draaien? Deze start automatisch mee op Zijn er verder nog vrij verkrijgbare systemen die aan te bevelen zijn. Karl.

[ATTACH]37388[/ATTACH] zoek-results-12.1.txt

Er zijn nog continu pagina's die openen. Zowel volledige pagina's als kleinere vensters die openvouwen. Met én zonder "X" knop. Zelf een webpagina die in gebruik is wordt soms vervangen door een reclamepagina. Ter info. Ik zie in de rand "qualitink" staan. En bij de zoek resultaten google staan eerst de "Buzzdock ads" Verder is het toestel traag in de opstart. Bij het (her)opstarten lijkt alles vlot te gaan. Maar dan komt er gedurende 30sec à 1min een zwart scherm alvorens verder op te starten.

BullGuard en 3 Java's zijn verwijderd CCleaner uitgevoerd Hierbij de E-Peek log E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014 Downloaded @ E Dev Run at di 11 nov 2014 14:33 . Windows 7 Home Premium SP 1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: Wout . Java x86: n/a Java x64: n/a . AV : Norton Internet Security [updated - Not Running] AS : Norton Internet Security [updated - Running] AS : Windows Defender [updated - Not Running] FW : FW : Norton Internet Security [updated - Not Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 09/11/2014 ##### r-h-s-d+a- C:\rsit 09/11/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes 09/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro 09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware 09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 09/11/2014 ##### r-h-s-d+a- C:\AdwCleaner Files Modified Last 7 days : 11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 11/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt 05/11/2014 01672576 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 05/11/2014 00746466 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 05/11/2014 00654932 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 05/11/2014 00154128 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 05/11/2014 00122546 r-h-s-d-a+ C:\Windows\system32\perfc009.dat Files Created Last 7 days : 09/11/2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== RUNNING PROCESSES ========================================= [AppleMobileDeviceService] -SYSTEM- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - (Apple Inc.) [CCleaner64] -Wout- C:\Program Files\CCleaner\CCleaner64.exe - (Piriform Ltd) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [CVHSVC] -SYSTEM- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE - (Microsoft Corporation) [daemonu] -UpdatusUser- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe - (NVIDIA Corporation) [Dropbox] -Wout- C:\Users\Wout\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) [dwm] -Wout- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [E-Peek 1.0.5] -Wout- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev) [explorer] -Wout- C:\Windows\Explorer.EXE - (Microsoft Corporation) [hkcmd] -Wout- C:\Windows\System32\hkcmd.exe - (Intel Corporation) [iAStorDataMgrSvc] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation) [igfxpers] -Wout- C:\Windows\System32\igfxpers.exe - (Intel Corporation) [igfxtray] -Wout- C:\Windows\System32\igfxtray.exe - (Intel Corporation) [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.) [iTunesHelper] -Wout- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.) [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe - (Intel Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [lxeacoms] -SYSTEM- C:\Windows\system32\lxeacoms.exe - ( ) [lxeaserv] -SYSTEM- C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe - (Lexmark International, Inc.) [mbam] -Wout- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation) [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation) [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation) [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [nis] -SYSTEM- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation) [nis] -Wout- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation) [nvSCPAPISvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation) [PsiService_2] -SYSTEM- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.) [RichVideo] -SYSTEM- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe - () [searchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [searchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [searchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [sftlist] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - (Microsoft Corporation) [sftvsa] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - (Microsoft Corporation) [sidebar] -Wout- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [taskeng] -SYSTEM- C:\Windows\system32\taskeng.exe - (Microsoft Corporation) [taskeng] -Wout- C:\Windows\system32\taskeng.exe - (Microsoft Corporation) [taskhost] -Wout- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [uNS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe - (Intel Corporation) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [WLIDSVC] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - (Microsoft Corp.) [WLIDSVCM] -SYSTEM- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - (Microsoft Corp.) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE04 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE10 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE12 - HKLM\..\Toolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE04 x64 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE04 x64 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE10 x64 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll ==================== Auto Load ================================================= AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe, AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe, AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: GC - Default Search Provider: = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= BHO - [MSS+ Identifier] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} @ Default = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll BHO - [Lexmark Werkbalk] - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll BHO - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll BHO - [Norton Vulnerability Protection] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL BHO - [Aanmeldhulp voor Windows Live ID] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO - [Windows Live Messenger Companion Helper] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} @ Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL BHO - [Lexmark ] - {D2C5E510-BE6D-42CC-9F61-E4F939078474} @ Default = C:\Program Files\Lexmark Printable Web\bho.dll BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll BHO x64 - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL ==================== Auto Start Programs ======================================= ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 x64 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ==================== Extra Items IE ============================================ EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI04 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110511131190} = EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {30F9B915-B755-4826-820B-08FBA6BD249D} = EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {A40DC6C5-79D0-4CA8-A185-8FF989AF1115} = ==================== Internet Default Prefix =================================== IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// ==================== Default Settings IE - DSIE ================================ DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId ==================== Protocol Hijackers - PH =================================== PH00 - Handler:osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b] PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc] ==================== ShellServiceObjectDelayLoad - SSODL ======================= SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = ==================== Extra items - EXT (Torpig/ConduitSearch) ================== EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Avg EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Avg EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe SERV - R2 - [bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe SERV - R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe SERV - R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe SERV - R2 - [lxeaCATSCustConnectService] - lxeaCATSCustConnectService - c:\windows\system32\spool\drivers\x64\3\\lxeaserv.exe SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe SERV - R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe SERV - R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe SERV - R2 - [uNS] - Intel® Management & Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe SERV - S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WisLMSvc] - WisLMSvc - c:\program files (x86)\launch manager\wislmsvc.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe *** Win32ShareProcess *** SERV - R2 - [samSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [lxea_device] - lxea_device - c:\windows\system32\lxeacoms.exe SERV - R2 - [spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [uI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R0 - [symEFA] - Symantec Extended File Attributes - C:\Windows\system32\Drivers\SymEFA.sys [x] DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [symDS] - Symantec Data Store - C:\Windows\system32\Drivers\SymDS.sys [x] DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== All Ok WOW - All Ok ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks ================================================= There are no .job files found. ==================== End scanning at di 11 nov 2014 14:33 (0 Min 30 Sec ) ======

Volgende poging.. Ik heb de 3 stappen opnieuw doorlopen (MBAM, ADW en E-Peek) Opnieuw geïnstalleerd enz.. Enkel bij E_peek was het niet mogelijk om via de Uninstall het vorige programma te verwijderen zoals in de beschrijving. Resultaat hieronder. Bestanden bijvoegen is niet meer mogelijk zoals voorheen Alvast bedankt voor de hulp Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Scandatum: 11/11/2014 Scantijd: 10:49:36 Logbestand: mbamlog_6.txt Beheerder: Ja Versie: 2.00.3.1025 Malwaredatabase: v2014.11.11.03 Rootkitdatabase: v2014.11.10.01 Licentie: Proef Malwarebescherming: Ingeschakeld Kwaadaardige Website Bescherming: Ingeschakeld Zelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1 Processor: x64 Bestandssysteem: NTFS Gebruiker: Wout Scantype: Bedreigingsscan Resultaat: Voltooid Objecten Gescand: 365832 Verstreken Tijd: 29 m, 25 s Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Ingeschakeld POA: Ingeschakeld Processen: 0 (Geen kwaadaardige items gedetecteerd) Modules: 0 (Geen kwaadaardige items gedetecteerd) Registersleutels: 1 PUP.Optional.Qualitink.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update qualitink, In Quarantaine, [c3bc49f199e384b2315ea3f69c680df3], Registerwaardes: 0 (Geen kwaadaardige items gedetecteerd) Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Mappen: 0 (Geen kwaadaardige items gedetecteerd) Bestanden: 0 (Geen kwaadaardige items gedetecteerd) Fysieke Sectoren: 0 (Geen kwaadaardige items gedetecteerd) (end) # AdwCleaner v4.101 - Rapport aangemaakt 11/11/2014 op 11:42:03 # Laatste Update 09/11/2014 door Xplode # Database : 2014-11-10.9 [Live] # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruikersnaam : Wout - WOUT-PC # Gestart vanuit : C:\Users\Wout\Downloads\adwcleaner_4.101.exe # Optie : Verwijderen ***** [ Services ] ***** ***** [ Bestanden / Mappen ] ***** Bestand Verwijderd : C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Bestand Verwijderd : C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Taken ] ***** ***** [ Snelkoppelingen ] ***** ***** [ Register ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [38434 octets] - [09/11/2014 11:29:03] AdwCleaner[R1].txt - [3118 octets] - [09/11/2014 16:11:03] AdwCleaner[R2].txt - [1289 octets] - [11/11/2014 11:40:10] AdwCleaner[s0].txt - [35669 octets] - [09/11/2014 11:32:23] AdwCleaner[s1].txt - [3203 octets] - [09/11/2014 16:12:51] AdwCleaner[s2].txt - [1217 octets] - [11/11/2014 11:42:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1277 octets] ########## E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014 Downloaded @ E Dev Run at di 11 nov 2014 11:58 . Windows 7 Home Premium SP 1 (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Google Chrome Boot mode: Normal boot User logged in: Wout . Java x86: 1.6.0_26 Java x64: 1.6.0_22 . AV : Norton Internet Security [updated - Not Running] AV : BullGuard Antivirus [updated - Not Running] AS : Norton Internet Security [updated - Running] AS : BullGuard Antispyware [updated - Not Running] AS : Windows Defender [updated - Not Running] FW : FW : Norton Internet Security [updated - Not Running] . ==================== Files and Folders history ================================= Folders Created Last 7 days : 09/11/2014 ##### r-h-s-d+a- C:\rsit 09/11/2014 ##### r-h-s-d+a- C:\ProgramData\Malwarebytes 09/11/2014 ##### r-h-s-d+a- C:\Program Files\trend micro 09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\Malwarebytes Anti-Malware 09/11/2014 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 09/11/2014 ##### r-h-s-d+a- C:\AdwCleaner Files Modified Last 7 days : 11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 11/11/2014 00018928 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 11/11/2014 00000018 r-h-s-d-a+ C:\Windows\SysWOW64\log.txt 05/11/2014 01672576 r-h-s-d-a+ C:\Windows\system32\PerfStringBackup.INI 05/11/2014 00746466 r-h-s-d-a+ C:\Windows\system32\perfh013.dat 05/11/2014 00654932 r-h-s-d-a+ C:\Windows\system32\perfh009.dat 05/11/2014 00154128 r-h-s-d-a+ C:\Windows\system32\perfc013.dat 05/11/2014 00122546 r-h-s-d-a+ C:\Windows\system32\perfc009.dat Files Created Last 7 days : 09/11/2014 00000109 r-h-s-d-a+ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== RUNNING PROCESSES ========================================= [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Wout- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - (Google Inc.) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [CVHSVC] -SYSTEM- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE - (Microsoft Corporation) [Dropbox] -Wout- C:\Users\Wout\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) [dwm] -Wout- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [E-Peek 1.0.5] -Wout- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.0.5.exe - (E Dev) [explorer] -Wout- C:\Windows\Explorer.EXE - (Microsoft Corporation) [iAStorDataMgrSvc] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe - (Intel Corporation) [igfxpers] -Wout- C:\Windows\System32\igfxpers.exe - (Intel Corporation) [igfxtray] -Wout- C:\Windows\System32\igfxtray.exe - (Intel Corporation) [iPodService] -SYSTEM- C:\Program Files\iPod\bin\iPodService.exe - (Apple Inc.) [iTunesHelper] -Wout- C:\Program Files (x86)\iTunes\iTunesHelper.exe - (Apple Inc.) [LMS] -SYSTEM- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe - (Intel Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [lxeacoms] -SYSTEM- C:\Windows\system32\lxeacoms.exe - ( ) [lxeaserv] -SYSTEM- C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe - (Lexmark International, Inc.) [mbam] -Wout- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe - (Malwarebytes Corporation) [mbamscheduler] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe - (Malwarebytes Corporation) [mbamservice] -SYSTEM- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe - (Malwarebytes Corporation) [mDNSResponder] -SYSTEM- C:\Program Files\Bonjour\mDNSResponder.exe - (Apple Inc.) [nis] -SYSTEM- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation) [nis] -Wout- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe - (Symantec Corporation) [nvSCPAPISvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [officeclicktorun] -SYSTEM- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe - (Microsoft Corporation) [PsiService_2] -SYSTEM- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe - (Protexis Inc.) [searchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [searchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [searchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [sftvsa] -SYSTEM- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - (Microsoft Corporation) [sidebar] -Wout- C:\Program Files\Windows Sidebar\sidebar.exe - (Microsoft Corporation) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [taskhost] -Wout- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [WmiPrvSE] -NETWORK SERVICE- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -NETWORK SERVICE- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com IE04 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE04 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\SysWOW64\blank.htm IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE10 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE12 - HKLM\..\Toolbar{1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.google.com IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\system32\blank.htm IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.aldi.com IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE04 x64 - HKCU\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE04 x64 - HKCU\..\SearchScopes {902821CA-6D75-4626-92F4-EFF8276E55FA} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_nl___BE444 IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE10 x64 - HKLM\..\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ DisplayName: [Google] @ URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE12 - HKLM\..\Toolbar{2318C2B1-4965-11d4-9B18-009027A5CD4F} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll IE12 - HKLM\..\Toolbar{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll ==================== Auto Load ================================================= AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe, AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\Windows\system32\userinit.exe, AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe ==================== Google Chrome ============================================= GC - Prefpath: C:\Users\Wout\AppData\Local\Google\Chrome\User Data\Default\Preferences GC - Profile Name: Eerste gebruiker GC - Homepage: GC - Default Search Provider: = Known Disabled Extensions = ==================== Windows Host File ========================================= ==================== BHO ======================================================= BHO - [MSS+ Identifier] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} @ Default = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll BHO - [Lexmark Werkbalk] - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} @ Default = C:\Program Files\Lexmark Toolbar\toolband.dll BHO - [Adobe PDF Link Helper] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} @ Default = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll BHO - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll BHO - [Norton Vulnerability Protection] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL BHO - [Aanmeldhulp voor Windows Live ID] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO - [Windows Live Messenger Companion Helper] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} @ Default = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL BHO - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL BHO - [Lexmark ] - {D2C5E510-BE6D-42CC-9F61-E4F939078474} @ Default = C:\Program Files\Lexmark Printable Web\bho.dll BHO - [Java Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO - [bGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll BHO x64 - [Lync Browser Helper] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll BHO x64 - [Norton Identity Protection] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} @ Default = C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll BHO x64 - [Windows Live ID Sign-in Helper] - {9030D464-4C02-4ABF-8ECC-5164760863C6} @ Default = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO x64 - [Google Toolbar Helper] - {AA58ED58-01DD-4d91-8333-CF10577473F7} @ Default = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO x64 - [Office Document Cache Handler] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL BHO x64 - [Microsoft SkyDrive Pro Browser Helper] - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} @ Default = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL BHO x64 - [Java Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files\Java\jre6\bin\jp2ssv.dll BHO x64 - [bGAntiphishingBHO Class] - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} @ Default = C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll ==================== Auto Start Programs ======================================= ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP04 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO ASP04 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ASP04 x64 - HKCU\..\Run @ ccleaner = "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO ASP04 x64 - HKCU\..\Run @ CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ASP04 x64 - HKCU\..\Run @ Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ASP - Startup - C:\Users\Wout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ==================== Extra Items IE ============================================ EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI04 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110511131190} = EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {30F9B915-B755-4826-820B-08FBA6BD249D} = EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {A40DC6C5-79D0-4CA8-A185-8FF989AF1115} = ==================== Internet Default Prefix =================================== IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http:// IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http:// ==================== Default Settings IE - DSIE ================================ DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId ==================== Downloaded Program Files - DPF ============================ DPF - HKLM - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF - HKLM - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF - HKLM - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF x64 - {8AD9C840-044E-11D1-B3E9-00805F499D93} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF x64 - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF x64 - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} @ CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab ==================== Protocol Hijackers - PH =================================== PH00 - Handler:osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} @ = Unknown # C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL # MD5 [405251ed82d69e5893f1e7e923b7f38b] PH00 - Handler:wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} @ = Unknown # C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll # MD5 [31d70e22e0e929e2a1279f51245624cc] ==================== ShellServiceObjectDelayLoad - SSODL ======================= SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @ = ==================== Extra items - EXT (Torpig/ConduitSearch) ================== EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Avg EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3} EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Avg EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\BackupCopyHook @ {9458E603-FF43-4134-9036-04B4C71791E3}= C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\Windows\system32\shell32.dll EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe SERV - R2 - [bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe SERV - R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe SERV - R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe SERV - R2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe SERV - R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe SERV - R2 - [lxeaCATSCustConnectService] - lxeaCATSCustConnectService - c:\windows\system32\spool\drivers\x64\3\\lxeaserv.exe SERV - R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe SERV - R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe SERV - R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe SERV - R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe SERV - R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe SERV - R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe SERV - R2 - [uNS] - Intel® Management & Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe SERV - R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe SERV - R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe SERV - R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe SERV - R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [gupdate] - Google Updateservice (gupdate) - c:\program files (x86)\google\update\googleupdate.exe SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe SERV - S3 - [bgRaSvc] - BgRaSvc - c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe SERV - S3 - [bsBhvScan] - BullGuard behavioural detection service - c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe SERV - S3 - [bsScanner] - BullGuard scanning service - c:\program files\bullguard ltd\bullguard\bullguardscanner.exe SERV - S3 - [bsUpdate] - BullGuard update service - c:\program files\bullguard ltd\bullguard\bullguardupdate.exe SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe SERV - S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe SERV - S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe SERV - S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe SERV - S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe SERV - S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe SERV - S3 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe SERV - S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe SERV - S3 - [WisLMSvc] - WisLMSvc - c:\program files (x86)\launch manager\wislmsvc.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe SERV - S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe *** Win32ShareProcess *** SERV - R2 - [samSs] - Security Accounts Manager - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe SERV - S3 - [bsBrowser] - BullGuard antiphishing service - c:\windows\system32\svchost.exe SERV - S3 - [bsFileScan] - BullGuard on-access service - c:\windows\system32\svchost.exe SERV - S3 - [bsMailProxy] - BullGuard e-mail monitoring service - c:\windows\system32\svchost.exe SERV - S3 - [bsMain] - BullGuard main service - c:\windows\system32\svchost.exe SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Protected Storage - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Net.Msmq Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetPipeActivator] - Net.Pipe Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpActivator] - Net.Tcp Listener Adapter - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [lxea_device] - lxea_device - c:\windows\system32\lxeacoms.exe SERV - R2 - [spooler] - Print Spooler - c:\windows\system32\spoolsv.exe SERV - S3 - [uI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R0 - [symEFA] - Symantec Extended File Attributes - C:\Windows\system32\Drivers\SymEFA.sys [x] DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys DRV - R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [nvpciflt] - nvpciflt - C:\Windows\system32\Drivers\nvpciflt.sys DRV - R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [symDS] - Symantec Data Store - C:\Windows\system32\Drivers\SymDS.sys [x] DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys DRV - S3 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys ==================== SvcHost - White Listed ==================================== All Ok WOW - All Ok ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks ================================================= There are no .job files found. ==================== End scanning at di 11 nov 2014 11:59 (0 Min 40 Sec ) ======

De instellingen stonden zoals in uw voorbeeld. Bij de eerste MBAM scan werden er wel geen bestanden in quarantaine geplaatst. Bij deze scan zijn er een paar honderd in quarantaine gezet. De computer is zowel bij MBAM als Epeek opnieuw opgestart. Ik hoop dat de logs in bijlage de correcte zijn. mbamlog_5.txt - - - Updated - - - Ter info Ondertussen openen volgende vensters Ik neem aan dat ik hierop niet mag ingaan hxxp://betweensoftware.net/YAC/BE/ZP/CC/Warningos/inde.php?s=2451403677 hxxp://offers.bycontext.com/topbar/ctxjs/index.php?tracker=http%3A%2F%2Fcn.tatami-solutions.com%2Feas%3Fcu%3D29607%26ptrack%3DJMC1152%26cat2%3Dcjs%26kw2%3D70632d68656c70666f72756d2e6265&numberBounceDone=1&ussegmnt=100&distribution=new&affid=1152&subaffid=3239544&intformat=roll&nextpage=http%3A%2F%2Fwww.pc-helpforum.be%2Fforum%2F&ch=6801&sbrand=qualitink&folder=v2.14 EPeek_2.txt

Sorry maar ik krijg telkens hetzelfde resultaat. Er is maar 1 logboek beschikbaar. Zie bijlage

In bijlage de 3 logbestanden. Verder is geregeld een melding te van Malwarebytes (bestand - knipsel in bijlage) Karl mbamlog_1.txt AdwCleaner[S0] _1.txt EPeek_1.txt

Beste, De laptop van de kinderen loopt niet best meer. Graag bijstand om de boel opnieuw vlot te laten lopen. In bijlage wat logjes log _1.txt Alvast bedankt AdwCleaner[S0] _1.txt

Mako, Beide stappen zijn doorlopen. In bijlage de log bestanden. Via zoek.exe [ATTACH]37022[/ATTACH] Via AdwCleaner (tweede poging. Eerste log per vergissing gewist) AdwCleaner[S1] 02_11.txt zoek-results 02_11.txt

Mako, In bijlage het logbestand van de zoek-results. [ATTACH]36958[/ATTACH] Bij het opstarten van Chrome was sweet-page niet meer te zien. Moet ik verder nog iets ondernemen? Alvast bedankt voor de hulp. Karl zoek-results.txt

Graag hulp voor het verwijderen van sweet-page op Chrome. En eventueel ander vervuilers In bijlage logbestanden van scan Alvast bedankt log 1.txt info 1.txt

Windows installer blijft dienst wijgeren. Ook na het instaleren van de nieuwe versie. In bijlage de foutboodschap [ATTACH]24631[/ATTACH] Via CCleaner.doc