Ga naar inhoud

hijack logje


Aanbevolen berichten

Hallo,

een vriendin van mij heeft sinds ze een gratis software heeft geinstalleerd, steeds virus meldingen.

Software:

wavepad sound editor

wavepad video editor

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:14:23, on 23-5-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Laura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Laura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4A482ADE7BA14BD80C73B5D8EC859C6B] "C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [spotify] "C:\Users\Laura\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18030 bytes

Link naar reactie
Delen op andere sites


Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

- - - Updated - - -

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
     
    emptyclsid;
    firefoxlook; 
    Chromelook; 
    autoclean; 
    iedefaults; 
    {D4027C7F-154A-4066-A1AD-4243D8127440};c
    {30F9B915-B755-4826-820B-08FBA6BD249D};c
    {11111111-1111-1111-1111-110011341191};c
    C:\ProgramData\Ask;fs
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "ApnUpdater"=-;r
    
    
    
    
    
    
    


  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

- - - Updated - - -

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht.

Link naar reactie
Delen op andere sites

  • 3 weken later...

AVG geeft dit steeds aan bij het opstarten:

post-35728-1417705452,3582_thumb.jpg

Ook gaf hij aan dat er in zoek.exe een virus zit.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:43:42, on 10-6-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Laura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Laura\AppData\Roaming\Spotify\spotify.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Laura\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4A482ADE7BA14BD80C73B5D8EC859C6B] "C:\Users\Laura\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [spotify] "C:\Users\Laura\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15404 bytes

==============================================================================================

Zoek.exe Version 4.0.0.2 Updated 03-June-2013

Tool run by Laura on ma 10-06-2013 at 21:11:19,18.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Suspicious Entries Found ======================

SYMLINKS found in C:\Program Files\Windows Defender

==== Possible Rootkit Infection ======================

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\L

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\@

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\00000004.@

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\00000008.@

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\000000cb.@

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\80000000.@

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\80000032.@

C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\80000064.@

C:\Windows\assembly\GAC_32\Desktop.ini

C:\Windows\assembly\GAC_64\Desktop.ini

==== Symlinks Removed ======================

Reparse point C:\Program Files\Windows Defender\MpAsDesc.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpClient.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpCmdRun.exe succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpCommu.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpEvMsg.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpOAV.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpRTP.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpSvc.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MSASCui.exe succesfully deleted

Reparse point C:\Program Files\Windows Defender\MsMpCom.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MsMpLics.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MsMpRes.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\nl-NL succesfully deleted

==== Checking Systemdrive for Symlinks ======================

De volumenaam van station C is Packard Bell

Het volumenummer is E0D0-16F8

Map van C:\

14-07-2009 07:08 <KOPPELING> Documents and Settings [C:\Users]

0 bestand(en) 0 bytes

Map van C:\Program Files\Windows NT

27-08-2010 18:22 <KOPPELING> Bureau-accessoires [C:\Program Files\Windows NT\Accessories]

0 bestand(en) 0 bytes

Map van C:\ProgramData

14-07-2009 07:08 <KOPPELING> Application Data [C:\ProgramData]

27-08-2010 18:22 <KOPPELING> Bureaublad [C:\Users\Public\Desktop]

14-07-2009 07:08 <KOPPELING> Desktop [C:\Users\Public\Desktop]

27-08-2010 18:22 <KOPPELING> Documenten [C:\Users\Public\Documents]

14-07-2009 07:08 <KOPPELING> Documents [C:\Users\Public\Documents]

27-08-2010 18:22 <KOPPELING> Favorieten [C:\Users\Public\Favorites]

14-07-2009 07:08 <KOPPELING> Favorites [C:\Users\Public\Favorites]

27-08-2010 18:22 <KOPPELING> Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu]

27-08-2010 18:22 <KOPPELING> Sjablonen [C:\ProgramData\Microsoft\Windows\Templates]

14-07-2009 07:08 <KOPPELING> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14-07-2009 07:08 <KOPPELING> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 bestand(en) 0 bytes

Map van C:\ProgramData\Microsoft\Windows\Start Menu

27-08-2010 18:22 <KOPPELING> Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

0 bestand(en) 0 bytes

Map van C:\Users

14-07-2009 07:08 <SYMLINKD> All Users [C:\ProgramData]

14-07-2009 07:08 <KOPPELING> Default User [C:\Users\Default]

0 bestand(en) 0 bytes

Map van C:\Users\All Users

14-07-2009 07:08 <KOPPELING> Application Data [C:\ProgramData]

27-08-2010 18:22 <KOPPELING> Bureaublad [C:\Users\Public\Desktop]

14-07-2009 07:08 <KOPPELING> Desktop [C:\Users\Public\Desktop]

27-08-2010 18:22 <KOPPELING> Documenten [C:\Users\Public\Documents]

14-07-2009 07:08 <KOPPELING> Documents [C:\Users\Public\Documents]

27-08-2010 18:22 <KOPPELING> Favorieten [C:\Users\Public\Favorites]

14-07-2009 07:08 <KOPPELING> Favorites [C:\Users\Public\Favorites]

27-08-2010 18:22 <KOPPELING> Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu]

27-08-2010 18:22 <KOPPELING> Sjablonen [C:\ProgramData\Microsoft\Windows\Templates]

14-07-2009 07:08 <KOPPELING> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14-07-2009 07:08 <KOPPELING> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 bestand(en) 0 bytes

Map van C:\Users\All Users\Microsoft\Windows\Start Menu

27-08-2010 18:22 <KOPPELING> Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]

0 bestand(en) 0 bytes

Map van C:\Users\Default

14-07-2009 07:08 <KOPPELING> Application Data [C:\Users\Default\AppData\Roaming]

14-07-2009 07:08 <KOPPELING> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

14-07-2009 07:08 <KOPPELING> Local Settings [C:\Users\Default\AppData\Local]

27-08-2010 18:22 <KOPPELING> Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

27-08-2010 18:22 <KOPPELING> Mijn documenten [C:\Users\Default\Documents]

14-07-2009 07:08 <KOPPELING> My Documents [C:\Users\Default\Documents]

14-07-2009 07:08 <KOPPELING> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

27-08-2010 18:22 <KOPPELING> Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

14-07-2009 07:08 <KOPPELING> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

14-07-2009 07:08 <KOPPELING> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

14-07-2009 07:08 <KOPPELING> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

27-08-2010 18:22 <KOPPELING> Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

14-07-2009 07:08 <KOPPELING> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

14-07-2009 07:08 <KOPPELING> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

0 bestand(en) 0 bytes

Map van C:\Users\Default\AppData\Local

14-07-2009 07:08 <KOPPELING> Application Data [C:\Users\Default\AppData\Local]

27-08-2010 18:22 <KOPPELING> Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

14-07-2009 07:08 <KOPPELING> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

14-07-2009 07:08 <KOPPELING> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 bestand(en) 0 bytes

Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

27-08-2010 18:22 <KOPPELING> Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]

0 bestand(en) 0 bytes

Map van C:\Users\Default\Documents

27-08-2010 18:22 <KOPPELING> Mijn afbeeldingen [C:\Users\Default\Pictures]

27-08-2010 18:22 <KOPPELING> Mijn muziek [C:\Users\Default\Music]

27-08-2010 18:22 <KOPPELING> Mijn video's [C:\Users\Default\Videos]

14-07-2009 07:08 <KOPPELING> My Music [C:\Users\Default\Music]

14-07-2009 07:08 <KOPPELING> My Pictures [C:\Users\Default\Pictures]

14-07-2009 07:08 <KOPPELING> My Videos [C:\Users\Default\Videos]

0 bestand(en) 0 bytes

Map van C:\Users\Laura

27-08-2010 18:24 <KOPPELING> Application Data [C:\Users\Laura\AppData\Roaming]

27-08-2010 18:24 <KOPPELING> Cookies [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies]

27-08-2010 18:24 <KOPPELING> Local Settings [C:\Users\Laura\AppData\Local]

27-08-2010 18:24 <KOPPELING> Menu Start [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu]

27-08-2010 18:24 <KOPPELING> Mijn documenten [C:\Users\Laura\Documents]

27-08-2010 18:24 <KOPPELING> NetHood [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

27-08-2010 18:24 <KOPPELING> Netwerkprinteromgeving [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

27-08-2010 18:24 <KOPPELING> Recent [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Recent]

27-08-2010 18:24 <KOPPELING> SendTo [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\SendTo]

27-08-2010 18:24 <KOPPELING> Sjablonen [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Templates]

0 bestand(en) 0 bytes

Map van C:\Users\Laura\AppData\Local

27-08-2010 18:24 <KOPPELING> Application Data [C:\Users\Laura\AppData\Local]

27-08-2010 18:24 <KOPPELING> Geschiedenis [C:\Users\Laura\AppData\Local\Microsoft\Windows\History]

27-08-2010 18:24 <KOPPELING> Temporary Internet Files [C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 bestand(en) 0 bytes

Map van C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu

27-08-2010 18:24 <KOPPELING> Programma's [C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]

0 bestand(en) 0 bytes

Map van C:\Users\Laura\Documents

27-08-2010 18:24 <KOPPELING> Mijn afbeeldingen [C:\Users\Laura\Pictures]

27-08-2010 18:24 <KOPPELING> Mijn muziek [C:\Users\Laura\Music]

27-08-2010 18:24 <KOPPELING> Mijn video's [C:\Users\Laura\Videos]

0 bestand(en) 0 bytes

Map van C:\Users\Public\Documents

27-08-2010 18:22 <KOPPELING> Mijn afbeeldingen [C:\Users\Public\Pictures]

27-08-2010 18:22 <KOPPELING> Mijn muziek [C:\Users\Public\Music]

27-08-2010 18:22 <KOPPELING> Mijn video's [C:\Users\Public\Videos]

14-07-2009 07:08 <KOPPELING> My Music [C:\Users\Public\Music]

14-07-2009 07:08 <KOPPELING> My Pictures [C:\Users\Public\Pictures]

14-07-2009 07:08 <KOPPELING> My Videos [C:\Users\Public\Videos]

0 bestand(en) 0 bytes

Totaal aantal weergegeven bestanden:

0 bestand(en) 0 bytes

76 map(pen) 104.457.580.544 bytes beschikbaar

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{863D0572-C28A-4A91-A51E-A0FBB0B739B7} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C563B738-209F-42A9-A946-29272950AAC0} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ApnUpdater"=-

==== Deleting Files \ Folders ======================

"C:\Windows\assembly\GAC_32\Desktop.ini" deleted

"C:\Windows\assembly\GAC_64\Desktop.ini" deleted

"C:\Users\Laura\Downloads\SoftonicDownloader_voor_pinnacle-studio.exe" deleted

"C:\Users\Laura\Downloads\SoftonicDownloader_voor_videopad-video-editor.exe" deleted

"C:\Windows\SysNative\roboot64.exe" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\00000004.@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\00000008.@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\000000cb.@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\80000000.@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\80000032.@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U\80000064.@" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}" not deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\L" deleted

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}\U" not deleted

"C:\ProgramData\Ask" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Program Files (x86)\ClickPotatoLite" deleted

"C:\Program Files (x86)\Vid-Saver" deleted

"C:\Program Files (x86)\BitTorrentBar" deleted

"C:\Program Files (x86)\Ask.com" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\Program Files (x86)\ConduitEngine" deleted

"C:\Users\Laura\AppData\Roaming\Systweak" deleted

"C:\Users\Laura\AppData\Roaming\PerformerSoft" deleted

"C:\Users\Laura\AppData\Roaming\OpenCandy" deleted

"C:\ProgramData\Ask" deleted

"C:\ProgramData\Partner" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\IBUpdaterService" deleted

"C:\ProgramData\ClickPotatoLiteSA" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato" deleted

"C:\Users\Laura\AppData\Local\Vid-Saver" deleted

"C:\Users\Laura\AppData\LocalLow\AskToolbar" deleted

"C:\Users\Laura\AppData\LocalLow\BitTorrentBar" deleted

"C:\Users\Laura\AppData\LocalLow\PriceGong" deleted

"C:\Users\Laura\AppData\LocalLow\Conduit" deleted

"C:\Users\Laura\AppData\LocalLow\ConduitEngine" deleted

"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[13-08-2012 13:34]

pgmfkblbflahhponhjmkcnpjinenhlnc - C:\Users\Laura\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[28-01-2013 13:01]

Skype Click to Call - Laura - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

DVDVideoSoft Browser Extension - Laura - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Vid-Saver - Laura - Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

==== Chrome Fix ======================

C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tm86&r=27360810t235l04h4z115f4412y218"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tm86&r=27360810t235l04h4z115f4412y218"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tm86&r=27360810t235l04h4z115f4412y218"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.msn.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_nlNL394"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_USERS\S-1-5-21-904484468-2022900187-2474260313-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Laura\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Laura\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\installer\{39172fb4-db05-a113-f1b4-bc0a0f9d62b0}" not found

==== EOF on ma 10-06-2013 at 21:24:10,32 ======================

==============================================================================================

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.06.10.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Laura :: LAURA-PC [administrator]

10-6-2013 21:32:11

mbam-log-2013-06-10 (21-32-11).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 209086

Verstreken tijd: 4 minuut/minuten, 57 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 17

HKCR\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 2

HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 2

C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Laura\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 1

C:\Users\Laura\Downloads\bundleSetup.exe (PUP.BundleInstaller.IB) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

- - - Updated - - -

Het lijkt net of AVG bij alles wat ik doe op deze pc een virus melding aangeeft.

Link naar reactie
Delen op andere sites


AVG moet zijn mond houd verdikke, hij moet zijn werk goed doen.!

Download TDSSKiller en plaats het op je bureaublad.

  • Voordat je TDSSKiller uitvoert is het raadzaam om de onderstaande handleiding van TDSSKiller te raadplegen.

    [*] Dubbelklik op TDSSKiller.exe om de tool te starten. (Indien je TDSSKiller als ZIP bestand hebt gedownload dien je deze eerst uit te pakken).

    [*] Als er door TDSSkiller een update wordt gevonden klikt u op de knop "Load update"

    [*] Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op.

    [*] Start nu TDSSkiller opnieuw.

    [*] Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.

    506423005368c-TDSSkiller%28opties%29.jpg

    [*] Klik op de knop "Start Scan" en volg de instructies.

    • Gebruik nooit de "Delete" of "Quarantaine" optie bij een "Fail signature" melding.
    • Wanneer er een herstart nodig was, vind je de logfile in C:\\TDSSKiller.[Version]_[Date]_[Time]_log.txt
    • Voeg dit log-bestand als bijlage toe aan het volgende bericht.

Link naar reactie
Delen op andere sites

 Delen

×
×
  • Nieuwe aanmaken...