Mededeling

Collapse
No announcement yet.

steeds terugkerend virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • steeds terugkerend virus

    Sinds enige tijd heb ik steeds last van een virus trojan genaamt spellwhateever.exe en 2. exe ik heb het al menige malen proberen te verwijderen maar het komt steeds terug, hierbij mijn logfiles.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 24-10-2015
    Scantijd: 11:53
    Logboekbestand: mbam.txt
    Beheerder: Ja

    Versie: 2.2.0.1024
    Malware-database: v2015.10.24.02
    Rootkit-database: v2015.10.23.01
    Licentie: Proef
    Malware-bescherming: Ingeschakeld
    Bescherming tegen kwaadaardige websites: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x86
    Bestandssysteem: NTFS
    Gebruiker: Sara

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten gescand: 351236
    Verstreken tijd: 1 u., 0 min, 17 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 0
    (Geen kwaadaardige items gedetecteerd)

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)



    # AdwCleaner v5.014 - Logbestand aangemaakt 24/10/2015 op 14:21:46
    # Laatste update 18/10/2015 door Xplode
    # Database : 2015-10-18.5 [Server]
    # Besturingssysteem : Windows 7 Starter Service Pack 1 (x86)
    # Gebruikersnaam : Sara - SARA-PC
    # Gestart vanuit : C:\Users\Sara\Downloads\adwcleaner_5.014(1).exe
    # Optie : Verwijderen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Mappen ] *****


    ***** [ Bestanden ] *****


    ***** [ DLLs ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ geplande taken ] *****


    ***** [ Register ] *****

    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SensePlus-bg.exe]
    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
    [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
    [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
    [-] Sleutel Verwijderd : HKU\.DEFAULT\Software\Goobzo

    ***** [ Internetbrowsers ] *****


    *************************

    :: Winsock instellingen gereset

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3280 bytes] ##########


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.18057 BrowserJavaVersion: 11.60.2
    Run by Sara at 11:10:54 on 2015-10-24
    Microsoft Windows 7 Starter 6.1.7601.1.1252.31.1043.18.1984.918 [GMT 2:00]
    .
    AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
    AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
    SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
    C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
    C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
    C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\TeamViewer\TeamViewer_Service.exe
    C:\Program Files\VoodooShield\VoodooShieldService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\Sara\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_60\bin\ssv.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_60\bin\jp2ssv.dll
    uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
    uRun: [Spotify Web Helper] "c:\users\sara\appdata\roaming\spotify\SpotifyWebHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [PSUAMain] "c:\program files\panda security\panda security protection\PSUAMain.exe" /LaunchSysTray
    mRun: [VoodooShield] c:\program files\voodooshield\VoodooShield.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\sara\appdata\roaming\microsoft\windows\start menu\programs\startup\2.com.url
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{967BC1C7-59C1-4E85-BD2A-979A8B39B411} : DHCPNameServer = 192.168.1.1
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.80\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sara\appdata\roaming\mozilla\firefox\profiles\as6hys20.default\
    FF - plugin: c:\program files\google\update\1.3.28.15\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_60\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrlui.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_226.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
    R1 MpKsl1d0871d1;MpKsl1d0871d1;c:\programdata\microsoft\microsoft antimalware\definition updates\{9c47dfbb-1280-4221-b94d-1c395181588b}\MpKsl1d0871d1.sys [2015-10-23 39168]
    R1 NNSALPC;NNSALPC;c:\windows\system32\drivers\NNSAlpc.sys [2015-2-9 86800]
    R1 NNSHTTP;NNSHTTP;c:\windows\system32\drivers\NNSHttp.sys [2015-2-9 202128]
    R1 NNSHTTPS;NNSHTTPS;c:\windows\system32\drivers\NNSHttps.sys [2015-2-9 109584]
    R1 NNSIDS;NNSIDS;c:\windows\system32\drivers\NNSIds.sys [2015-2-9 126480]
    R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2014-12-31 41744]
    R1 NNSPICC;NNSPICC;c:\windows\system32\drivers\NNSpicc.sys [2015-2-9 99856]
    R1 NNSPIHSW;NNSPIHSW;c:\windows\system32\drivers\NNSPihsw.sys [2015-2-9 61712]
    R1 NNSPOP3;NNSPOP3;c:\windows\system32\drivers\NNSPop3.sys [2015-2-9 120592]
    R1 NNSPROT;NNSPROT;c:\windows\system32\drivers\NNSProt.sys [2015-2-9 281232]
    R1 NNSPRV;NNSPRV;c:\windows\system32\drivers\NNSPrv.sys [2015-2-9 205456]
    R1 NNSSMTP;NNSSMTP;c:\windows\system32\drivers\NNSSmtp.sys [2015-2-9 108432]
    R1 NNSSTRM;NNSSTRM;c:\windows\system32\drivers\NNSStrm.sys [2015-2-9 239888]
    R1 NNSTLSC;NNSTLSC;c:\windows\system32\drivers\NNStlsc.sys [2015-2-9 94864]
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2015-2-25 168208]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
    R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-9-29 1513784]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-9-29 1135416]
    R2 NanoServiceMain;Panda Protection Service;c:\program files\panda security\panda security protection\PSANHost.exe [2015-2-27 142584]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95408]
    R2 panda_url_filtering;panda_url_filtering Service;c:\programdata\panda security url filtering\panda_url_filteringb.exe -- --> c:\programdata\panda security url filtering\Panda_URL_Filteringb.exe -- [?]
    R2 PandaAgent;Panda Devices Agent;c:\program files\panda security\panda devices agent\AgentSvc.exe [2014-10-9 66808]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2015-4-21 140048]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2015-2-25 105232]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2015-2-25 113936]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2015-2-25 124688]
    R2 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2015-2-25 100624]
    R2 PSUAService;Panda Product Service;c:\program files\panda security\panda security protection\PSUAService.exe [2015-2-27 38136]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-9-29 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-9-29 170200]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-9-29 51928]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
    R3 panda_url_filteringd;panda_url_filteringd driver;c:\programdata\panda security url filtering\Panda_URL_Filteringd.sys [2014-2-18 40024]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
    R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2015-10-22 50320]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-7-9 327296]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-5-4 35992]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-10-14 102912]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    SUnknown MpKslf4a13ccb;MpKslf4a13ccb; [x]
    .
    =============== Created Last 30 ================
    .
    2015-10-23 18:17:14 -------- d-sh--w- C:\$RECYCLE.BIN
    2015-10-23 18:10:00 39168 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c47dfbb-1280-4221-b94d-1c395181588b}\MpKsl1d0871d1.sys
    2015-10-23 18:07:21 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c47dfbb-1280-4221-b94d-1c395181588b}\offreg.1920.dll
    2015-10-23 18:01:53 -------- d-----w- c:\users\sara\appdata\local\temp
    2015-10-23 17:52:32 98816 ----a-w- c:\windows\sed.exe
    2015-10-23 17:52:32 256000 ----a-w- c:\windows\PEV.exe
    2015-10-23 17:52:32 208896 ----a-w- c:\windows\MBR.exe
    2015-10-23 07:49:23 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c47dfbb-1280-4221-b94d-1c395181588b}\offreg.704.dll
    2015-10-23 07:43:44 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2015-10-23 07:07:01 -------- d-----w- c:\users\sara\appdata\roaming\QuickScan
    2015-10-23 05:57:12 8985080 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9c47dfbb-1280-4221-b94d-1c395181588b}\mpengine.dll
    2015-10-22 07:48:02 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
    2015-10-21 18:11:45 8985080 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2015-10-21 15:47:57 750320 ----a-w- c:\programdata\c57IQG.exe
    2015-10-17 14:27:04 3996360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2015-10-15 06:33:27 999936 ----a-w- c:\windows\system32\aeinv.dll
    2015-10-15 06:33:27 587776 ----a-w- c:\windows\system32\invagent.dll
    2015-10-15 06:33:27 1120768 ----a-w- c:\windows\system32\appraiser.dll
    2015-10-15 06:33:26 615936 ----a-w- c:\windows\system32\generaltel.dll
    2015-10-15 06:33:26 423936 ----a-w- c:\windows\system32\devinv.dll
    2015-10-15 06:33:25 62976 ----a-w- c:\windows\system32\acmigration.dll
    2015-10-15 06:33:25 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2015-10-14 09:51:24 -------- d-----w- c:\windows\pss
    2015-10-14 07:25:45 3936192 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-10-14 07:24:58 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2015-10-14 07:23:58 504832 ----a-w- c:\windows\system32\vbscript.dll
    2015-10-13 08:20:41 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{21ed3d42-3b52-42ed-a9a9-81ce72a643cb}\gapaengine.dll
    2015-10-09 19:33:01 -------- d-----w- c:\users\sara\.oracle_jre_usage
    2015-10-06 09:28:52 -------- d-----w- c:\programdata\CSIS
    2015-10-06 09:28:36 -------- d-----w- c:\program files\Heimdal
    2015-10-06 09:27:27 7168 ----a-w- c:\windows\system32\cpn32.dll
    2015-10-06 09:27:24 -------- d-----w- c:\programdata\VoodooShield
    2015-10-06 09:27:24 -------- d-----w- c:\program files\VoodooShield
    2015-10-05 08:47:06 -------- d-----w- c:\programdata\Drivers
    2015-10-05 08:14:51 -------- d-----w- C:\82f03a369b3b1f07c3713f
    2015-10-05 06:32:35 303744 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2015-10-03 10:30:53 -------- d-----w- c:\users\sara\appdata\roaming\Logs
    2015-10-03 07:23:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-10-03 07:16:32 -------- d-----w- c:\users\sara\appdata\local\CrashDumps
    2015-10-02 14:40:50 17314496 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
    2015-09-29 12:47:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-09-29 12:47:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-09-29 12:47:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-09-29 12:47:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-09-29 12:47:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-09-27 05:39:56 -------- d-----w- c:\programdata\Reason
    2015-09-25 12:57:41 -------- d-----w- c:\programdata\Cow measure
    .
    ==================== Find3M ====================
    .
    2015-10-17 14:27:35 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-10-17 14:27:35 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-10-06 09:35:27 97888 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
    2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
    2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
    2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
    2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
    2015-09-29 03:05:01 3990976 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2015-09-29 03:02:09 1308160 ----a-w- c:\windows\system32\ntdll.dll
    2015-09-29 02:59:20 172032 ----a-w- c:\windows\system32\wdigest.dll
    2015-09-29 02:59:17 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2015-09-29 02:59:16 43008 ----a-w- c:\windows\system32\srclient.dll
    2015-09-29 02:59:16 400896 ----a-w- c:\windows\system32\srcore.dll
    2015-09-29 02:59:13 655360 ----a-w- c:\windows\system32\rpcrt4.dll
    2015-09-29 02:59:08 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2015-09-29 02:59:04 552960 ----a-w- c:\windows\system32\kerberos.dll
    2015-09-29 02:58:57 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2015-09-29 02:58:57 36864 ----a-w- c:\windows\system32\cryptbase.dll
    2015-09-29 02:58:57 17408 ----a-w- c:\windows\system32\credssp.dll
    2015-09-29 02:58:37 69632 ----a-w- c:\windows\system32\smss.exe
    2015-09-29 02:58:33 262656 ----a-w- c:\windows\system32\rstrui.exe
    2015-09-29 02:58:05 50176 ----a-w- c:\windows\system32\auditpol.exe
    2015-09-29 02:53:44 60416 ----a-w- c:\windows\system32\msobjs.dll
    2015-09-29 02:53:28 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-09-29 02:49:51 6656 ----a-w- c:\windows\system32\apisetschema.dll
    2015-09-29 02:49:50 686080 ----a-w- c:\windows\system32\adtschema.dll
    2015-09-29 01:43:28 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2015-09-29 01:43:11 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2015-09-29 01:43:10 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2015-09-25 17:59:08 93696 ----a-w- c:\windows\system32\wudriver.dll
    2015-09-25 17:59:08 2955776 ----a-w- c:\windows\system32\wucltux.dll
    2015-09-25 17:59:08 174080 ----a-w- c:\windows\system32\wuwebv.dll
    2015-09-25 17:58:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
    2015-09-25 17:58:29 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2015-09-25 17:58:25 35328 ----a-w- c:\windows\system32\wuapp.exe
    2015-09-16 03:45:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2015-09-16 03:45:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2015-09-16 03:33:07 62464 ----a-w- c:\windows\system32\iesetup.dll
    2015-09-16 03:32:33 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2015-09-16 03:32:24 341504 ----a-w- c:\windows\system32\html.iec
    2015-09-16 03:31:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
    2015-09-16 03:23:07 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
    2015-09-16 03:23:01 115712 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-09-16 03:22:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
    2015-09-16 03:18:00 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2015-09-16 03:10:46 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2015-09-16 03:05:51 4527616 ----a-w- c:\windows\system32\jscript9.dll
    2015-09-16 02:55:49 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2015-09-16 02:55:45 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
    2015-09-16 02:37:26 2011136 ----a-w- c:\windows\system32\wininet.dll
    2015-09-15 17:42:14 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-09-15 17:42:14 139096 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-09-15 17:36:40 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2015-09-15 17:36:40 100352 ----a-w- c:\windows\system32\sspicli.dll
    2015-09-15 17:36:38 248832 ----a-w- c:\windows\system32\schannel.dll
    2015-09-15 17:36:38 22016 ----a-w- c:\windows\system32\secur32.dll
    2015-09-15 17:36:35 221184 ----a-w- c:\windows\system32\ncrypt.dll
    2015-09-15 17:36:30 1061376 ----a-w- c:\windows\system32\lsasrv.dll
    2015-09-15 17:35:49 22528 ----a-w- c:\windows\system32\lsass.exe
    2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
    2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
    2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
    2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
    2015-09-02 01:36:35 2384896 ----a-w- c:\windows\system32\win32k.sys
    2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
    2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
    2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
    2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-08-06 17:44:36 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2015-08-05 17:41:00 751104 ----a-w- c:\windows\system32\schedsvc.dll
    2015-08-05 17:40:50 216064 ----a-w- c:\windows\system32\InkEd.dll
    2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-30 13:13:38 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    .
    ============= FINISH: 11:15:10,70 ===============


    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-10-24 11:53:37
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3160021A rev.3.04 149,05GB
    Running: n2y931bx.exe; Driver: C:\Users\Sara\AppData\Local\Temp\kxldypow.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwReplaceKey + 1525 82A4FB55 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A89BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS Het systeem kan het opgegeven bestand niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!SetScrollRange 753AAE3C 5 Bytes JMP 013962A9 C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!GetScrollInfo 753B5151 5 Bytes JMP 0139623C C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!SetScrollInfo 753B6632 5 Bytes JMP 013962E0 C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!GetScrollRange 753D1B6C 5 Bytes JMP 013961DF C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!SetScrollPos 753D1BD0 5 Bytes JMP 013961BA C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!GetScrollPos 753D252B 5 Bytes JMP 01396217 C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!EnableScrollBar 753D386D 5 Bytes JMP 01396314 C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\CCleaner\CCleaner.exe[3344] USER32.dll!ShowScrollBar 753D5785 5 Bytes JMP 0139626F C:\Program Files\CCleaner\CCleaner.exe
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtCreateFile 770556B0 5 Bytes JMP 52B4D646 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtFlushBuffersFile 77055A40 5 Bytes JMP 52B4D40F C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtQueryFullAttributesFile 770560D0 5 Bytes JMP 52B4D539 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtReadFile 770563A0 5 Bytes JMP 52B4D449 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtReadFileScatter 770563B0 5 Bytes JMP 52EE7E9A C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtWriteFile 77056B50 5 Bytes JMP 52B4D7EA C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!NtWriteFileGather 77056B60 5 Bytes JMP 52EE7EEA C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] ntdll.dll!LdrLoadDll 77072576 5 Bytes JMP 7159A921 C:\Program Files\Mozilla Firefox\mozglue.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75B0952E 7 Bytes JMP 52ED05AF C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] kernel32.dll!QueryPerformanceCounter + 13 75B0C535 7 Bytes JMP 52ED1110 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] kernel32.dll!LoadAppInitDlls + 355 75B0F5F6 7 Bytes JMP 52C495D8 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] USER32.dll!GetWindowInfo 753B6A82 5 Bytes JMP 539A63F0 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4896] GDI32.dll!GetViewportOrgEx + 26C 757487DB 7 Bytes JMP 52ECFD96 C:\Program Files\Mozilla Firefox\xul.dll

    ---- Processes - GMER 2.1 ----

    Process PEV.DAT (*** hidden *** ) 2348

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\[email protected] 385

    ---- EOF - GMER 2.1 ----

  • #2
    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
    (hier en hier) kan je lezen hoe je dat doet.

    Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
    • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
      Code:
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Zoek.exe v5.0.0.1 Updated 23-October-2015
      Tool run by Sara on zo 25-10-2015 at 0:24:08,71.
      Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
      Running in: Safe Mode NETWORK Internet Access Detected
      Launched: C:\Users\Sara\Downloads\zoek.exe [Scan all users] [Script inserted]

      ==== System Restore Info ======================

      ==== Empty Folders Check ======================

      C:\Users\Sara\AppData\Roaming\QuickScan deleted successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================


      ==== Deleting Services ======================


      ==== Deleting Files \ Folders ======================

      C:\PROGRA~2\ProductData deleted
      C:\PROGRA~2\c57IQG.exe deleted
      "C:\ProgramData\c57IQG" deleted
      "C:\ProgramData\.Identifier" deleted

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default
      - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

      AppDir: C:\Program Files\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\as6hys20.default
      7D127425BBE91DF37448A7F44C1DDA52 - C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update
      0A7CFC4EE9CC3206B1DC522FCB8C3DB1 - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll - Silverlight Plug-In
      FE5E10A1775D5B0EE862DBF3BC1283D3 - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U60
      41E59AEE190362FD0D6EF71DE5DCE427 - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.600.27
      863AF0003392FEBC2667A8A790DED955 - C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll - Shockwave Flash
      0B8378EA70622A6F3EC50CC4AF62764C - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll - Microsoft® Silverlight


      ==== Chromium Look ======================

      Google Chrome Version: 46.0.2490.80


      selector is not a valid CSS selector - Sara\AppData\Local\Chromium\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
      Chrome Web Store Payments - Sara\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Google Slides - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
      Google Docs - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Google Sheets - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
      SiteAdvisor - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
      Avast Online Security - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
      Chrome Hotword Shared Module - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
      Google Wallet - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      Google Slides - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
      Google Docs - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
      Web of Trust - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
      YouTube - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Google Sheets - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap
      Google Docs Offline - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
      Chrome Web Store Payments - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
      Gmail - Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ==== Chromium Startpages ======================

      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Preferences
      "startup_urls": [ "http://iron-start.com/" ]


      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.com/"

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.com/"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
      {910B0E08-22E8-4D94-9A35-215BC04329A5} Personiz Engine Url="http://search.bureau108.fr/s.php?q={searchTerms}"
      {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

      ==== Reset Google Chrome ======================

      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Web Data-journal was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully

      ==== Empty IE Cache ======================

      C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

      ==== Empty FireFox Cache ======================

      C:\Users\Sara\AppData\Local\Mozilla\Firefox\Profiles\as6hys20.default\cache2 emptied successfully

      ==== Empty Chrome Cache ======================

      C:\Users\Sara\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== C:\zoek_backup content ======================

      C:\zoek_backup (files=5 folders=1 1034307 bytes)

      ==== Empty Temp Folders ======================

      C:\Users\Default\AppData\Local\temp emptied successfully
      C:\Users\Default User\AppData\Local\temp emptied successfully
      C:\Users\Public\AppData\Local\temp emptied successfully
      C:\Users\Sara\AppData\Local\temp will be emptied at reboot
      C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
      C:\Windows\Temp will be emptied at reboot

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\Sara\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== EOF on zo 25-10-2015 at 0:47:13,15 ======================

      Comment


      • #4
        Mooi, al enige verbetering ?

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Zie de bestanden niet meer tussen mijn processen staan, maar internet gaat nog steeds erg traag, en door malwarebytes antimalware worden steeds kwaadaardige websites geblokkeerd.
          Last edited by Sara-; 26-10-15, 14:32.

          Comment


          • #6
            Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
            Klik hier voor een uitgebreide handleiding van HitmanPro.
            • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
            • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
            • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
            • Als de scan klaar is klik je op "volgende"
            • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
            • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
            • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
              Post dit logje als bijlage in het volgende bericht.
            • Klik nu op de knop "Herstarten".

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              HitmanPro 3.7.10.250
              www.hitmanpro.com

              Computer name . . . . : SARA-PC
              Windows . . . . . . . : 6.1.1.7601.X86/1
              User name . . . . . . : Sara-PC\Sara
              UAC . . . . . . . . . : Enabled
              License . . . . . . . : Free

              Scan date . . . . . . : 2015-10-26 20:16:28
              Scan mode . . . . . . : Normal
              Scan duration . . . . : 12m 3s
              Disk access mode . . : Direct disk access (SRB)
              Cloud . . . . . . . . : Internet
              Reboot . . . . . . . : No

              Threats . . . . . . . : 0
              Traces . . . . . . . : 18

              Objects scanned . . . : 1.107.453
              Files scanned . . . . : 59.973
              Remnants scanned . . : 272.131 files / 775.349 keys

              Suspicious files ____________________________________________________________

              C:\Users\Sara\Downloads\FRST.exe
              Size . . . . . . . : 1.701.376 bytes
              Age . . . . . . . : 0.2 days (2015-10-26 14:44:11)
              Entropy . . . . . : 7.5
              SHA-256 . . . . . : CB3B09C501D8A5F36E1B758C79B04A0F3567F9EB65AC531E686D2720C63A8F19
              Needs elevation . : Yes
              Fuzzy . . . . . . : 24.0
              Program has no publisher information but prompts the user for permission elevation.
              Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
              Authors name is missing in version info. This is not common to most programs.
              Version control is missing. This file is probably created by an individual. This is not typical for most programs.
              Time indicates that the file appeared recently on this computer.

              C:\Windows\PEV.exe
              Size . . . . . . . : 256.000 bytes
              Age . . . . . . . : 3.1 days (2015-10-23 18:52:32)
              Entropy . . . . . : 8.0
              SHA-256 . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
              Fuzzy . . . . . . : 22.0
              Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
              The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
              Authors name is missing in version info. This is not common to most programs.
              Version control is missing. This file is probably created by an individual. This is not typical for most programs.
              Time indicates that the file appeared recently on this computer.
              The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
              Program contains PE structure anomalies. This is not typical for most programs.
              Forensic Cluster
              -12.0s C:\Qoobox\Quarantine\Registry_backups\
              -12.0s C:\Qoobox\
              -12.0s C:\Qoobox\Quarantine\
              -3.2s C:\Qoobox\BackEnv\
              -3.1s C:\Qoobox\Quarantine\catchme.log
              -0.0s C:\Windows\SWSC.exe
              -0.0s C:\Windows\sed.exe
              -0.0s C:\Windows\grep.exe
              -0.0s C:\Windows\zip.exe
              -0.0s C:\Windows\SWREG.exe
              0.0s C:\Windows\PEV.exe
              0.0s C:\Windows\NIRCMD.exe
              0.0s C:\Windows\MBR.exe


              Potential Unwanted Programs _________________________________________________

              HKLM\SOFTWARE\Classes\AppID\YTAHelper.DLL\ (Goobzo)
              HKLM\SOFTWARE\Classes\YTAHelper.YTAHelperBHO.1\ (Goobzo)
              HKLM\SOFTWARE\Classes\YTAHelper.YTAHelperBHO\ (Goobzo)
              HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\i Webar\ (iWebar)
              HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\i Webar\ (iWebar)
              HKU\S-1-5-21-3348400754-9210709-3299811027-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\i Webar\ (iWebar)
              HKU\S-1-5-21-3348400754-9210709-3299811027-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\i Webar\ (iWebar)
              HKU\S-1-5-21-3348400754-9210709-3299811027-1002\Software\Goobzo\ (Goobzo)

              Cookies _____________________________________________________________________

              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\1H92LTND.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\3TALBWRO.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\7786YVGX.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\CPJ9NHKX.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\OSALN777.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\STEMVD58.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\UG997A4N.txt
              C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Cookies\ZHF6VP4M.tx

              Comment


              • #8
                kon niks verwijderen want had geen licentie

                Comment


                • #9
                  Download AdwCleaner by Xplode naar je bureaublad.

                  Sluit alle openstaande programma's.
                  Rechtsklik op AdwCleaner en klik op 'Als administrator uitvoeren...'.

                  Klik op Scannen.
                  Na het scannen, klik op Verwijderen.
                  In het venster '- AdwCleaner – Programma's sluiten -' klik op OK.

                  Tijdens de opruim-actie zullen de snelkoppelingen verdwijnen, dit is normaal.
                  Na het verwijderen verschijnen 2 meldingen:
                  In het venster '- AdwCleaner – Informatie -' klik op OK.
                  In het venster '- AdwCleaner – Herstart benodigd -' klik op OK.

                  Nadat de computer herstart is, opent een logbestand.
                  Sluit het logbestand.
                  Post het bestand C:\AdwCleaner\AdwCleaner[C1].txt als bijlage in je volgend bericht.


                  Licentie is niet duur en het is goed besteed geld

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    Mijn computer draait wel weer sneller nu, hier het logbestand

                    # AdwCleaner v5.015 - Logbestand aangemaakt 27/10/2015 op 22:16:33
                    # Laatste update 26/10/2015 door Xplode
                    # Database : 2015-10-26.2 [Server]
                    # Besturingssysteem : Windows 7 Starter Service Pack 1 (x86)
                    # Gebruikersnaam : Sara - SARA-PC
                    # Gestart vanuit : C:\Users\Sara\Downloads\adwcleaner_5.015.exe
                    # Optie : Scannen
                    # Ondersteuning : http://toolslib.net/forum

                    ***** [ Services ] *****


                    ***** [ Mappen ] *****


                    ***** [ Bestanden ] *****


                    ***** [ DLLs ] *****


                    ***** [ Snelkoppelingen ] *****


                    ***** [ geplande taken ] *****


                    ***** [ Register ] *****


                    ***** [ Internetbrowsers ] *****


                    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [627 bytes] ##########

                    Comment


                    • #11
                      Je kan de gebruikte tools weer verwijderen.



                      Bescherming tegen ongewenste software.

                      Unchecky voorkomt installatie van ongewenste software

                      Dubbelklik op het installatiebestand unchecky_setup.exe om de installatie te starten.
                      In het scherm wat nu verschijnt kunt u voor meer opties kiezen, op deze manier kunt u zelf de locatie instellen waar Unchecky geïnstalleerd dien te worden.
                      Klik vervolgens op de knop Install om Unchecky te installeren.
                      Wanneer de installatie van Unchecky gereed is klikt u op Finish.
                      Start na de installatie wel even de computer opnieuw op, dit om de wijzigingen in het hostsbestand van Windows door te voeren.



                      Misschien ook beter om Hitmanproalert te installeren. Alert
                      Uitleg hieronder.
                      Uitleg

                      Windows 10 opstarten in Veilige Modus

                      Comment

                      Sorry, you are not authorized to view this page
                      Working...
                      X