Irritante reclame (pop-up)

[memke39]

Hallo,

Zou iemand mij kunnen helpen als ik IE opdoe dan verschijnt er steeds irritante reclame links aan de zijkant, onderaan en rechtsonder.

Links komt er een breed scherm van boven naar beneden met Related Searches, onder in een reclame van Trust en rechtsonder steeds een melding dat mijn harde schijf bijna vol is en ik iets kan downloaden om mijn pc sneller te maken en op te ruimen.

ik stop hierbij gelijk de rsit files.

[ATTACH]28779[/ATTACH]

[ATTACH]28780[/ATTACH]

Bij voorbaat dank

Marijke

log.txt

info.txt

[Jion]

Dag Marijke,

welkom op PCH!

Ik zal je logje eens bekijken.

[Jion]

Download Zoek.zip naar het bureaublad.

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

{73ad5d47-66e5-4127-80ca-c0eedabafbcc};c
C:\Program Files (x86)\qualitink;fs
{EEE6C35C-6118-11DC-9C72-001320C79847};c
C:\Program Files (x86)\SweetIM;fs
Update qualitink;s
Util qualitink;s
C:\Windows\tasks\Torntv 2-codedownloader.job;f
C:\Program Files (x86)\Torntv 2;fs
C:\Program Files (x86)\TornTV.com;fs
iedefaults;
autoclean;
startupall; 
filesrcm;

• 
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[memke39]

Hallo, hierbij voeg ik mijn logje in.

Zoek.exe Version 4.0.0.5 Updated 26-October-2013

Tool run by maryke on ma 04-11-2013 at 15:53:50,13.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\maryke\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

4-11-2013 15:54:53 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73ad5d47-66e5-4127-80ca-c0eedabafbcc} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util qualitink deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util qualitink deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\SweetIM deleted

C:\Program Files (x86)\Torntv 2 deleted

C:\Program Files (x86)\TornTV.com deleted

C:\PROGRA~2\BonanzaDeals deleted

C:\PROGRA~2\BonanzaDealsLive deleted

C:\PROGRA~2\RegClean Pro deleted

C:\PROGRA~2\hosts deleted

C:\PROGRA~2\WebConnect deleted

C:\PROGRA~2\WinZip Malware Protector deleted

C:\Users\maryke\AppData\Roaming\Registry Mechanic deleted

C:\ProgramData\APN deleted

C:\ProgramData\BonanzaDealsLive deleted

C:\Users\maryke\AppData\Local\BonanzaDealsLive deleted

C:\Users\maryke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted

C:\Windows\SysNative\wsusnative64.exe deleted

C:\Users\maryke\AppData\LocalLow\SweetIM deleted

C:\Windows\tasks\Torntv 2-codedownloader.job deleted

C:\windows\SysNative\tasks\Torntv 2-codedownloader deleted

"C:\Program Files (x86)\qualitink\updatequalitink.exe" deleted

"C:\PROGRA~2\qualitink\updatequalitink.exe" deleted

"C:\Program Files (x86)\qualitink\bin\utilqualitink.exe" deleted

"C:\PROGRA~2\qualitink\bin\utilqualitink.exe" deleted

"C:\Program Files (x86)\qualitink" not deleted

"C:\PROGRA~2\qualitink" not deleted

"C:\Program Files (x86)\qualitink\bin" not deleted

"C:\PROGRA~2\qualitink\bin" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\maryke\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-11-04 10:59:46 !HASH: COULD NOT OPEN FILE !!!!! 104867914 ----a-w- C:\Windows\SysWOW64\???µ

2013-11-01 05:25:05 221494C29E9F4B6D02514CA29F2A3A4E 14119 ----a-w- C:\Windows\SysWOW64\RaCoInst.dat

2013-11-01 05:24:42 B75546BCB1205B2DB68A3DAD400BE323 127488 ----a-w- C:\Windows\SysWOW64\RAEXTUI.dll

2013-11-01 05:24:42 325470B2C9C3E4B6144BAA026B6BE842 1115136 ----a-w- C:\Windows\SysWOW64\RAIHV.dll

2013-11-01 05:24:42 2B6AD8152E878FD7133B4E5061F6C275 451 ----a-w- C:\Windows\SysWOW64\DiagFunc.ini

2013-11-01 05:24:41 7E9CF7E47C835759F3F38C42A53D7EC8 792416 ----a-w- C:\Windows\SysWOW64\DiagFunc.dll

2013-11-01 05:24:41 2D20E70AAF29452AB081301E16993B30 1608768 ----a-w- C:\Windows\SysWOW64\RaCertMgr.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-11-01 05:25:05 9EF10F91F7FE1537521FAB2225D0172C 327008 ----a-w- C:\Windows\Sysnative\RaCoInstx.dll

2013-11-01 05:25:05 221494C29E9F4B6D02514CA29F2A3A4E 14119 ----a-w- C:\Windows\Sysnative\RaCoInst.dat

2013-11-01 05:24:42 EAB23AC006BF96114D82A634CAD5015E 2403392 ----a-w- C:\Windows\Sysnative\RaCertMgr.dll

2013-11-01 05:24:42 B75546BCB1205B2DB68A3DAD400BE323 127488 ----a-w- C:\Windows\Sysnative\RAEXTUI.dll

2013-11-01 05:24:42 325470B2C9C3E4B6144BAA026B6BE842 1115136 ----a-w- C:\Windows\Sysnative\RAIHV.dll

2013-11-01 05:24:42 2B6AD8152E878FD7133B4E5061F6C275 451 ----a-w- C:\Windows\Sysnative\DiagFunc.ini

2013-11-01 05:24:41 7E9CF7E47C835759F3F38C42A53D7EC8 792416 ----a-w- C:\Windows\Sysnative\DiagFunc.dll

====== C:\Windows\Sysnative\drivers =====

2013-11-01 05:25:05 B72079F1ACA97F72DB1B1C5D1EFBC874 1733216 ----a-w- C:\Windows\Sysnative\drivers\netr28ux.sys

2013-10-10 05:57:16 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys

2013-10-10 05:57:16 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\Sysnative\drivers\usbcir.sys

2013-10-10 05:57:15 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\Sysnative\drivers\usbscan.sys

2013-10-10 05:57:15 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\Sysnative\drivers\hidparse.sys

2013-10-10 05:57:15 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys

2013-10-10 05:57:13 1A4F75E63C9FB84B85DFFC6B63FD5404 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys

2013-10-10 05:57:11 40AF23633D197905F03AB5628C558C51 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-10-10 05:57:11 314C17917AC8523EC77A710215012A65 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys

2013-10-10 05:56:59 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

====== C:\Windows\Tasks ======

2013-10-29 21:34:52 1397E40B97F7549879F15DF28888AB88 3116 ----a-w- C:\Windows\Sysnative\Tasks\WinZip Malware Protector_startup

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-11-04 13:52:44 -------- d-----w- C:\Program Files\trend micro

2013-10-22 19:56:52 -------- d-----w- C:\Program Files\Common Files\Protexis

2013-10-22 19:56:19 -------- d-----w- C:\Program Files\Corel

======= C:\PROGRA~2 =====

2013-11-01 05:24:49 -------- d-----w- C:\PROGRA~2\Cisco

2013-11-01 05:24:41 -------- d-----w- C:\PROGRA~2\Sitecom

2013-10-22 19:55:56 -------- d-----w- C:\PROGRA~2\COMMON~1\Protexis

2013-10-22 19:54:46 -------- d-----w- C:\PROGRA~2\Corel

2013-10-22 19:48:56 -------- d-----w- C:\PROGRA~2\qualitink

======= C: =====

====== C:\Users\maryke\AppData\Roaming ======

2013-11-01 05:23:54 -------- d-----w- C:\Users\maryke\AppData\Roaming\InstallShield

2013-10-29 21:34:41 -------- d-----w- C:\Users\maryke\AppData\Roaming\Nico Mak Computing

2013-10-22 19:57:56 -------- d-----w- C:\Users\maryke\AppData\Roaming\Ulead Systems

2013-10-22 19:57:56 -------- d-----w- C:\Users\maryke\AppData\Local\Corel PaintShop Pro

2013-10-22 19:49:22 E8F99CDD55A6114AB934C8B49BF0C9FC 7436 ----a-w- C:\Users\maryke\AppData\Locallow\SkwConfig.bin

====== C:\Users\maryke ======

2013-11-04 13:50:42 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\maryke\Desktop\RSITx64.exe

2013-11-01 05:28:34 -------- d-----w- C:\ProgramData\Ralink

2013-11-01 05:25:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sitecom Wireless

2013-11-01 05:25:05 -------- d-----w- C:\ProgramData\Sitecom Driver

2013-10-29 21:34:38 -------- d-----w- C:\ProgramData\Nico Mak Computing

2013-10-29 21:34:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector

2013-10-22 19:55:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6

====== C: exe-files ==

2013-11-04 13:52:45 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\maryke.exe

2013-11-04 13:50:42 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\maryke\Desktop\RSITx64.exe

2013-11-01 05:25:24 ACCFA0846D9C7BD6A9F506982B812A5C 625728 ----a-w- C:\Program Files (x86)\Sitecom\WiFi USB adapter N600\RaMediaServer\RaMediaServer.exe

2013-11-01 05:25:24 ACCFA0846D9C7BD6A9F506982B812A5C 625728 ----a-w- C:\Program Files (x86)\Sitecom\WiFi USB adapter N600\RaMediaServer\64\RaMediaServer.exe

2013-11-01 05:25:24 ACCFA0846D9C7BD6A9F506982B812A5C 625728 ----a-w- C:\Program Files (x86)\Sitecom\Common\RaMediaServer.exe

2013-11-01 05:25:24 ACCFA0846D9C7BD6A9F506982B812A5C 625728 ----a-w- C:\Program Files (x86)\Sitecom\Common\64\RaMediaServer.exe

2013-11-01 05:25:23 F4C083E290BCBC8DA05C6E2C7F8053B9 372736 ----a-w- C:\Program Files (x86)\Sitecom\WiFi USB adapter N600\Service\RaRegistry.exe

2013-11-01 05:25:23 F4C083E290BCBC8DA05C6E2C7F8053B9 372736 ----a-w- C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

2013-11-01 05:25:23 C3B515559046A89BB0E0F2CEEF73CABC 447488 ----a-w- C:\Program Files (x86)\Sitecom\WiFi USB adapter N600\Service\RaRegistry64.exe

2013-11-01 05:25:23 C3B515559046A89BB0E0F2CEEF73CABC 447488 ----a-w- C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

2013-11-01 05:25:21 D8B54F8CA3DF644F6F96E416ABD3EB1C 12441088 ----a-w- C:\Program Files (x86)\Sitecom\Common\RaUI.exe

2013-11-01 05:25:19 D8B54F8CA3DF644F6F96E416ABD3EB1C 12441088 ----a-w- C:\Program Files (x86)\Sitecom\WiFi USB adapter N600\Utility\RaUI.exe

2013-11-01 05:25:05 81CC2BF1F5AC4A7BAF0AD1EEC89C752F 907552 ----a-w- C:\ProgramData\Sitecom Driver\WiFi USB adapter N600\Driver\RaInst64.exe

2013-11-01 05:24:41 F6E913A95E6357B7A14A90A1FBE3F3BC 53088 ----a-w- C:\ProgramData\Sitecom Driver\WiFi USB adapter N600\Driver\RaIOx64.exe

2013-11-01 05:24:41 F6E913A95E6357B7A14A90A1FBE3F3BC 53088 ----a-w- C:\Program Files (x86)\Sitecom\WiFi USB adapter N600\VistaSupplicant\X64\RaIOx64.exe

2013-11-01 05:24:41 A205551E7BA8580D2C0FF896A4D79FA9 460248 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe

2013-10-30 06:20:16 AE88282D08916C00A324F6A269924EA9 1291696 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe

=== C: other files ==

2013-11-01 05:25:05 B72079F1ACA97F72DB1B1C5D1EFBC874 1733216 ----a-w- C:\Windows\System32\drivers\netr28ux.sys

2013-11-01 05:25:05 B72079F1ACA97F72DB1B1C5D1EFBC874 1733216 ----a-w- C:\ProgramData\Sitecom Driver\WiFi USB adapter N600\Driver\netr28ux.sys

2013-10-29 21:35:05 5B87FE21740695FA95A5FFE44F1B1E49 307752 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1557update.zip

2013-10-29 21:35:05 42C4843AFDC801EE2C0698768E948399 1486 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1556update.zip

2013-10-29 21:35:05 0C2FF8D52F6C4FBC7A2B33C608FEA528 207853 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1555update.zip

2013-10-29 21:35:04 E7C8D807749E9A371F27891A2308CD77 1483 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1553update.zip

2013-10-29 21:35:04 72F9783C4A5A23DF665DCF68B631FEA3 1483 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1554update.zip

2013-10-29 21:35:03 3D0ED91A23E7E51C72B263B2EB97B3C9 1383775 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1552mupdate.zip

2013-10-29 21:34:54 BBE9229D5C64DB6A669C0B0618725E40 12472047 ----a-w- C:\ProgramData\Nico Mak Computing\WinZip Malware Protector\updates\1545completedatabase.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

"Google Update"="C:\Users\maryke\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"

"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"

"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

"Google Update"="C:\Users\maryke\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wuauserv]

==== Startup Folders ======================

2013-11-01 05:25:23 1999 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk

2013-09-24 08:56:46 1366 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08-10-2013 21:02]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1323948606-1254354113-2269261338-1000Core.job --a------ C:\Users\maryke\AppData\Local\Google\Update\GoogleUpdate.exe [26-08-2012 10:13]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1323948606-1254354113-2269261338-1000UA.job --a------ C:\Users\maryke\AppData\Local\Google\Update\GoogleUpdate.exe [26-08-2012 10:13]

C:\Windows\tasks\RMAutoUpdate.job --a------ C:JC:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe []

C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [21-08-2012 13:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\Go to RoboForm Install page" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "RoboForm Tutorials"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1323948606-1254354113-2269261338-1000Core" [C:\Users\maryke\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1323948606-1254354113-2269261338-1000UA" [C:\Users\maryke\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\RMAutoUpdate" [C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe]

"C:\Windows\SysNative\tasks\RMSchedule" [C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe]

"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]

"C:\Windows\SysNative\tasks\WinZip Malware Protector_startup" [C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe]

==== Firefox Extensions ======================

ExtDir: C:\Users\maryke\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\maryke\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bicnnkjibmphdeigoodpjlcklcnaobdj - C:\Program Files (x86)\TornTV.com\torntv10.crx[]

ljkcijnbckdflhifmbnfnkjacokloacf - No path found[]

hosts - maryke - Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa

Torntv 3 - maryke - Profile 2\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj

==== Chrome Fix ======================

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj deleted successfully

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljkcijnbckdflhifmbnfnkjacokloacf_0.localstorage deleted successfully

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa deleted successfully

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0 deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Startpagina.nl | Jouw startpagina voor weer, verkeer en meer"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10068&did=10703&barid=8508129373711480166948421966123931240"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10068&did=10703&barid=8508129373711480166948421966123931240"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Startpagina.nl | Jouw startpagina voor weer, verkeer en meer"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182} deleted successfully

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531182} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1323948606-1254354113-2269261338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ljkcijnbckdflhifmbnfnkjacokloacf deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\maryke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\maryke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

C:\Users\maryke\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\maryke\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\qualitink" not found

"C:\PROGRA~2\qualitink" not found

==== EOF on ma 04-11-2013 at 16:19:59,74 ======================

[Jion]

Start Zoek.exe nogmaals met het onderstaande script.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

   
  C:\Windows\Sysnative\Tasks\WinZip Malware Protector_startup;fs
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector;fs
  C:\ProgramData\Nico Mak Computing\WinZip Malware Protector;fs
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

[memke39]

hierbij stuur ik je het gevraagde logbestandje.

Zoek.exe Version 4.0.0.5 Updated 26-October-2013

Tool run by maryke on ma 04-11-2013 at 16:52:10,64.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\maryke\Desktop\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-11-04-151959.log 24834 bytes

==== Deleting Files \ Folders ======================

C:\Windows\Sysnative\Tasks\WinZip Malware Protector_startup deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector deleted

C:\ProgramData\Nico Mak Computing\WinZip Malware Protector deleted

==== EOF on ma 04-11-2013 at 16:52:52,81 ======================

[Jion]

1.

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand als bijlage in het volgende bericht.

AdwCleaner logbestand plaatsen

• 
  
• Voeg het logbestand met de naam "AdwCleaner[s0].txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map "C:\AdwCleaner")
  
• Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

2.

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• 
  
• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• 
  
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.
  

[memke39]

Hallo

Hierbij het logbestand van adwcleaner

[ATTACH]28786[/ATTACH]

AdwCleaner[S0].txt

[memke39]

En zoals gevraagd ook het anti malware logje

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.11.04.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

maryke :: MARYKE-PC [administrator]

5-11-2013 0:15:10

mbam-log-2013-11-05 (00-15-10).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 221248

Verstreken tijd: 3 minuut/minuten, 3 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1

HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 1

HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 8508129373711480166948421966123931240 -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1

C:\Windows\Installer\3233a14.msi (PUP.Optional.SweetIM) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

[Jion]

Hoe gaat het nu met de problemen?