Mededeling

Collapse
No announcement yet.

Phishing mail

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Phishing mail

    Hallo,

    Via mijn ouders hun email wordt op tijden dat zij niet achter de computer zitten, mailtjes rondgestuurd met het bericht:

    Import! Hello! Important message, visiti: en dan een url..

    Het lijkt op Phishing en heb dus hun wachtwoord maar verandert... Hierbij klop ik ook bij jullie aan om de computer te controleren..!

    Hierbij de logjes:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 21-9-2015
    Scantijd: 11:06
    Logboekbestand:
    Beheerder: Ja

    Versie: 2.1.8.1057
    Malware-database: v2015.09.21.02
    Rootkit-database: v2015.09.18.01
    Licentie: Gratis
    Malware-bescherming: Uitgeschakeld
    Bescherming tegen kwaadaardige websites: Uitgeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: van den Berg

    Scantype: Aangepaste scan
    Resultaat: Voltooid
    Objecten gescand: 651940
    Verstreken tijd: 3 u., 1 min, 21 sec

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Ingeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerwaarden: 0
    (Geen kwaadaardige items gedetecteerd)

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 0
    (Geen kwaadaardige items gedetecteerd)

    Bestanden: 10
    PUP.HackTool.Patcher, C:\Program Files (x86)\Electronic Arts\De Sims 3 Levensweg\Game\Bin\the.sims.3.nodvd.exe, In quarantaine, [b5d17bb7434887afcede45c326da40c0],
    PUP.Optional.OpenCandy, C:\Users\van den Berg\AppData\Local\Temp\HYD4D46.tmp.1442743507\HTA\install.1442743507.zip, In quarantaine, [b8cedf53236884b26182494faf56a55b],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$DRa0.457\the.sims.3.nodvd.exe, In quarantaine, [9ee873bfc1cabf77fbb1d92fd22e2ed2],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$DRa0.559\the.sims.3.nodvd.exe, In quarantaine, [b6d01a1892f994a27b31a464ec14d729],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$DRa0.799\the.sims.3.nodvd.exe, In quarantaine, [8bfbd75bbfcc280e9d0fb157af51d52b],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$DRa0.854\the.sims.3.nodvd.exe, In quarantaine, [d2b4fe34137856e0cae28088fa060cf4],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$EXa0.439\the.sims.3.nodvd.exe, In quarantaine, [5630b67ced9eb38302aaa365b947c838],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$EXa0.569\the.sims.3.nodvd.exe, In quarantaine, [97ef3200d1ba7eb896160206f50ba957],
    PUP.HackTool.Patcher, C:\Users\van den Berg\AppData\Local\Temp\Rar$EXa0.992\the.sims.3.nodvd.exe, In quarantaine, [1c6af73bc0cba88e3b71b1573cc4d62a],
    PUP.HackTool.Patcher, C:\Users\van den Berg\Dropbox\Downloads\the.sims.3.nodvd (1).rar, In quarantaine, [513547eb90fb9b9b7f2df90f0cf46a96],

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)

    ------------------------------------------------------------------------------------------------------------------------------------
    # AdwCleaner v5.008 - Logbestand aangemaakt 21/09/2015 op 14:17:26
    # Laatste update 18/09/2015 door Xplode
    # Database : 2015-09-20.1 [Server]
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (x64)
    # Gebruikersnaam : van den Berg - VANDENBERG-PC
    # Gestart vanuit : C:\Users\van den Berg\Desktop\adwcleaner_5.008.exe
    # Optie : Scannen
    # Ondersteuning : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Mappen ] *****

    Map Gevonden : C:\Program Files (x86)\Innovative Solutions
    Map Gevonden : C:\Program Files\Common Files\PicRec
    Map Gevonden : C:\ProgramData\Avg_Update_0814tb
    Map Gevonden : C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    Map Gevonden : C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    Map Gevonden : C:\Users\van den Berg\AppData\Local\Innovative Solutions
    Map Gevonden : C:\Users\van den Berg\AppData\Roaming\RPEng
    Map Gevonden : C:\Windows\Microsoft\sogr

    ***** [ Bestanden ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ geplande taken ] *****


    ***** [ Register ] *****

    Sleutel Gevonden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    Sleutel Gevonden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    Sleutel Gevonden : HKU\.DEFAULT\Software\Avg Secure Update
    Sleutel Gevonden : HKCU\Software\Avg Secure Update
    Sleutel Gevonden : [x64] HKCU\Software\Avg Secure Update

    ***** [ Internetbrowsers ] *****


    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1718 bytes] ##########
    Je moet goed drinken want eten is ook duur.

  • #2
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.18015 BrowserJavaVersion: 10.80.2
    Run by van den Berg at 14:25:55 on 2015-09-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3576.1552 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\GWX\GWX.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC}\36F6E6568716E647 : DHCPNameServer = 10.0.0.2
    TCP: Interfaces\{E94F8658-7079-4071-AA59-FB256BF9D92F} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: acrord32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-IFEO: acrord32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\van den Berg\AppData\Roaming\Mozilla\Firefox\Profiles\5jr7x5my.default-1354722557499\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\van den Berg\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-27 79488]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-27 40064]
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-28 65224]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-28 274808]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-10-28 1048344]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-10-28 447944]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
    R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-24 28656]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-28 90968]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2013-12-26 150672]
    R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-8 146600]
    R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
    R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2013-10-18 539952]
    R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-3-3 5611280]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-10-8 2365792]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-7-27 87168]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-7-27 188544]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-22 25816]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-12 766096]
    R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2013-10-18 10240]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2013-10-18 9216]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-19 11880]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-27 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-26 1133880]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-28 46136]
    S3 AvastVBoxSvc;AvastVBox COM Service;"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
    S3 cleanhlp;cleanhlp;C:\Users\van den Berg\Desktop\Run\cleanhlp64.sys [2013-10-4 57024]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
    S3 EyeTV_One;EyeTV One PBDA Service;C:\Windows\System32\drivers\EyeTV_One.sys [2010-12-6 688352]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-9 114688]
    S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-26 113880]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-26 63704]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2011-7-27 694888]
    S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2013-10-18 22184]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
    S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2014-1-22 206080]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-24 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-4 1255736]
    S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2010-9-23 129008]
    S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    .
    =============== Created Last 30 ================
    .
    2015-09-21 09:05:20 113880 ----a-w- C:\Windows\System32\drivers\0C46484C.sys
    2015-09-20 10:08:01 -------- d-----w- C:\Users\van den Berg\AppData\Local\Lenovo
    2015-09-20 10:07:22 -------- d-----w- C:\Program Files (x86)\Lenovo
    2015-09-20 10:07:09 -------- d-----w- C:\Windows\Downloaded Installations
    2015-09-10 08:32:30 3209216 ----a-w- C:\Windows\System32\win32k.sys
    2015-09-10 08:32:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2015-09-10 08:32:29 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2015-09-10 08:32:29 41984 ----a-w- C:\Windows\System32\lpk.dll
    2015-09-10 08:32:29 372736 ----a-w- C:\Windows\System32\atmfd.dll
    2015-09-10 08:32:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2015-09-10 08:32:29 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2015-09-10 08:32:29 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
    2015-09-10 08:32:29 14336 ----a-w- C:\Windows\System32\dciman32.dll
    2015-09-10 08:32:29 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
    2015-09-10 08:32:29 100864 ----a-w- C:\Windows\System32\fontsub.dll
    2015-09-09 14:38:14 1737216 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2015-09-09 14:37:54 82944 ----a-w- C:\Windows\System32\dwmapi.dll
    2015-09-09 14:37:54 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
    2015-09-09 14:37:54 1632256 ----a-w- C:\Windows\System32\dwmcore.dll
    2015-09-09 14:37:54 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
    2015-09-09 14:34:33 1941504 ----a-w- C:\Windows\System32\authui.dll
    2015-09-09 14:34:33 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
    2015-09-09 14:34:33 115136 ----a-w- C:\Windows\System32\consent.exe
    2015-09-09 14:34:32 70656 ----a-w- C:\Windows\System32\appinfo.dll
    2015-09-02 11:35:58 -------- d-----w- C:\Users\van den Berg\AppData\Local\{8184B6F6-5F21-47FD-B6D8-96D2397C6FEF}
    .
    ==================== Find3M ====================
    .
    2015-09-21 12:16:28 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-08-27 18:18:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2015-08-27 18:18:27 1887232 ----a-w- C:\Windows\System32\msxml3.dll
    2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2015-08-27 17:58:14 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2015-08-27 17:58:14 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
    2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
    2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
    2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
    2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
    2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
    2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2015-08-15 06:34:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-08-15 06:33:56 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-08-15 06:18:47 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-08-15 06:18:00 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-08-15 06:17:54 417792 ----a-w- C:\Windows\System32\html.iec
    2015-08-15 06:17:49 585216 ----a-w- C:\Windows\System32\vbscript.dll
    2015-08-15 06:17:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-08-15 06:04:47 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-08-15 06:04:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-08-15 06:04:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-08-15 06:00:44 5923328 ----a-w- C:\Windows\System32\jscript9.dll
    2015-08-15 05:57:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-08-15 05:53:22 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-08-15 05:46:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-08-15 05:40:29 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-08-15 05:40:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-08-15 05:39:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-08-15 05:39:22 341504 ----a-w- C:\Windows\SysWow64\html.iec
    2015-08-15 05:38:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-08-15 05:29:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-08-15 05:29:12 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-08-15 05:22:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-08-15 05:22:03 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-08-15 05:16:37 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-08-15 05:10:32 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-08-15 05:07:28 2427392 ----a-w- C:\Windows\System32\wininet.dll
    2015-08-15 05:01:47 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-08-15 05:01:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-08-15 04:43:00 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-08-14 08:40:37 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2015-08-12 16:16:16 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-08-12 16:16:16 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-08-08 12:18:51 150672 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2015-08-08 12:18:50 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2015-08-08 12:18:50 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2015-08-08 12:18:50 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2015-08-08 12:18:50 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2015-08-08 12:18:50 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2015-08-08 12:18:37 43112 ----a-w- C:\Windows\avastSS.scr
    2015-08-05 17:56:14 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
    2015-08-05 17:56:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
    2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
    2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
    2015-08-04 18:03:10 692672 ----a-w- C:\Windows\System32\winload.efi
    2015-08-04 18:00:24 616360 ----a-w- C:\Windows\System32\winresume.efi
    2015-08-04 17:56:54 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2015-08-04 17:56:37 59392 ----a-w- C:\Windows\System32\appidapi.dll
    2015-08-04 17:56:37 32768 ----a-w- C:\Windows\System32\appidsvc.dll
    2015-08-04 17:55:57 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2015-08-04 17:55:57 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2015-08-04 17:47:42 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2015-08-04 16:58:09 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
    2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
    2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2015-07-30 13:13:38 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-30 13:13:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
    2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
    2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
    2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
    2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
    2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
    2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
    2015-07-23 00:06:26 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-07-23 00:06:25 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-07-23 00:06:25 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-07-23 00:03:19 1730496 ----a-w- C:\Windows\System32\ntdll.dll
    2015-07-23 00:03:07 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2015-07-23 00:03:07 243712 ----a-w- C:\Windows\System32\wow64.dll
    2015-07-23 00:03:07 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2015-07-23 00:03:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2015-07-23 00:01:53 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-07-23 00:01:39 338432 ----a-w- C:\Windows\System32\conhost.exe
    2015-07-23 00:01:32 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-07-22 23:58:17 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-07-22 23:57:53 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-07-22 23:51:59 686080 ----a-w- C:\Windows\System32\adtschema.dll
    2015-07-22 17:57:49 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    .
    ============= FINISH: 14:28:34,69 ===============
    Je moet goed drinken want eten is ook duur.

    Comment


    • #3
      GMER 2.1.19357 - http://www.gmer.net
      Rootkit scan 2015-09-21 14:38:50
      Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 WDC_WD10 rev.80.0 931,51GB
      Running: b8osfrpb.exe; Driver: C:\Users\VANDEN~1\AppData\Local\Temp\kgtyykod.sys


      ---- User code sections - GMER 2.1 ----

      .text C:\Program Files\AVAST Software\Avast\avastui.exe[1140] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076428769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]

      ---- User IAT/EAT - GMER 2.1 ----

      IAT C:\Windows\system32\svchost.exe[456] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefaaf2960] c:\windows\system32\uxtuneup.dll
      IAT C:\Windows\system32\svchost.exe[456] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefaaf2840] c:\windows\system32\uxtuneup.dll

      ---- Threads - GMER 2.1 ----

      Thread C:\Windows\system32\svchost.exe [640:3740] 000007fef4ed5c24
      Thread C:\Windows\system32\svchost.exe [640:3908] 000007fef4edeff0
      Thread C:\Windows\system32\svchost.exe [640:3912] 000007fef4be4f84
      Thread C:\Windows\system32\svchost.exe [640:4296] 000007fef1ccd3c8
      Thread C:\Windows\system32\svchost.exe [640:4300] 000007fef1ccd3c8
      Thread C:\Windows\system32\svchost.exe [640:4304] 000007fef1ccd3c8
      Thread C:\Windows\system32\svchost.exe [640:4308] 000007fef1ccd3c8
      Thread C:\Windows\system32\svchost.exe [1124:1460] 000007fefab98274
      Thread C:\Windows\system32\svchost.exe [1124:1144] 000007fefab98274
      Thread C:\Windows\system32\taskhost.exe [1204:2128] 000007fefa9e1010
      Thread C:\Windows\system32\taskhost.exe [1204:4260] 000007fef8ad5170
      Thread C:\Windows\System32\svchost.exe [2312:2468] 000007fef7a00360
      Thread C:\Windows\System32\svchost.exe [2312:2472] 000007fef79de460
      Thread C:\Windows\System32\svchost.exe [2312:2476] 000007fef79de450
      Thread C:\Windows\System32\svchost.exe [2312:2480] 000007fef79a5570
      Thread C:\Windows\System32\svchost.exe [2312:2484] 000007fef79da130
      Thread C:\Windows\System32\svchost.exe [2312:2488] 000007fef79a5560
      Thread C:\Windows\System32\svchost.exe [2312:2492] 000007fef7a282a0
      Thread C:\Windows\system32\svchost.exe [2344:2436] 000007fef7f25fd0
      Thread C:\Windows\system32\svchost.exe [2344:2440] 000007fef7f263ec
      Thread C:\Windows\system32\svchost.exe [2344:4028] 000007fef1438470
      Thread C:\Windows\system32\svchost.exe [2344:2800] 000007fef1442418
      Thread C:\Windows\System32\WUDFHost.exe [3856:3892] 000007fef42724a0

      ---- Disk sectors - GMER 2.1 ----

      Disk \Device\Harddisk0\DR0 unknown MBR code

      ---- EOF - GMER 2.1 ----
      Je moet goed drinken want eten is ook duur.

      Comment


      • #4
        Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
        Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
        (hier en hier) kan je lezen hoe je dat doet.

        Download Zoek.exe naar het bureaublad (klik hier voor meer informatie over hoe zoek.exe te gebruiken)
        • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.
        • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
        • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
        • Kopieer nu onderstaande code en plak die in het grote invulvenster:
        • Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
          Code:
           
          emptyfolderscheck;delete
          firefoxlook; 
          Chromelook; 
          CHRdefaults;
          autoclean; 
          iedefaults;
        • Klik nu op de knop "Run script".
        • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
        • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
        • Post het geopende logje in het volgende bericht als bijlage.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Hierbij de log. Een bijlage uploaden lukte niet... Wanneer ik op het paperclipje klik een klein groen schermpje en verder niets..

          Zoek.exe v5.0.0.0 Updated 21-09-2015
          Tool run by van den Berg on ma 21-09-2015 at 18:29:02,18.
          Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
          Running in: Normal Mode Internet Access Detected
          Launched: C:\Users\van den Berg\Desktop\zoek.exe [Scan all users] [Script inserted]

          ==== Older Logs ======================

          C:\zoek-results2012-11-03-144714.log 9192 bytes

          ==== Empty Folders Check ======================

          C:\PROGRA~2\DSPRobotics deleted successfully
          C:\PROGRA~2\Lenovo deleted successfully
          C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
          C:\PROGRA~2\MSXML 4.0 deleted successfully
          C:\PROGRA~2\Zylom Games deleted successfully
          C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
          C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
          C:\Program Files\Canon deleted successfully
          C:\Program Files\Google deleted successfully
          C:\PROGRA~3\Oracle deleted successfully
          C:\PROGRA~3\Symantec deleted successfully
          C:\Users\van den Berg\AppData\Roaming\DRPSu deleted successfully
          C:\Users\van den Berg\AppData\Roaming\Malwarebytes deleted successfully
          C:\Users\van den Berg\AppData\Roaming\Octoshape deleted successfully
          C:\Users\van den Berg\AppData\Roaming\Publish Providers deleted successfully
          C:\Users\van den Berg\AppData\Local\EmieBrowserModeList deleted successfully
          C:\Users\van den Berg\AppData\Local\EmieSiteList deleted successfully
          C:\Users\van den Berg\AppData\Local\EmieUserList deleted successfully
          C:\Users\van den Berg\AppData\Local\Lenovo deleted successfully
          C:\Users\van den Berg\AppData\Local\photoOptimizeHistoryDataBase deleted successfully

          ==== Deleting CLSID Registry Keys ======================


          ==== Deleting CLSID Registry Values ======================


          ==== Deleting Services ======================


          ==== Deleting Files \ Folders ======================

          C:\PROGRA~2\DSPRobotics not found
          C:\PROGRA~2\Lenovo not found
          C:\PROGRA~2\Zylom Games not found
          C:\http_filter deleted
          C:\PROGRA~3\Package Cache deleted
          C:\Users\Public\sdelevURL.tmp deleted
          C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

          ==== Firefox Extensions Registry ======================

          [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
          "[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08-08-2015 14:18]

          ==== Firefox Extensions ======================

          AppDir: C:\Program Files (x86)\Mozilla Firefox
          - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
          - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

          ==== Firefox Plugins ======================

          Profilepath: C:\Users\van den Berg\AppData\Roaming\Mozilla\Firefox\Profiles\5jr7x5my.default-1354722557499
          87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
          B6A800D881A0176C544988870861E798 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
          EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash
          7D127425BBE91DF37448A7F44C1DDA52 - C:\Users\van den Berg\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update


          ==== Chromium Look ======================

          Google Chrome Version: 45.0.2454.93

          HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
          gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17-03-2015 11:26]

          AdBlock - van den Berg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
          Chrome Web Store Payments - van den Berg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

          ==== Set IE to Default ======================

          Old Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="http://www.google.nl/"
          "Search Page"="http://www.google.com"
          "Search Bar"="http://www.google.com/ie"
          "Default_Search_URL"="http://www.google.com/ie"
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
          @="http://www.google.com/search?q=%s"
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
          "SearchAssistant"="http://www.google.com/ie"
          "Default_Search_URL"="http://www.google.com/ie"

          New Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
          "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
          "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
          "Start Page"="http://www.google.nl/"
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
          "(Default)"="http://search.msn.com/results.asp?q=%s"
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
          "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
          "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

          ==== All HKCU SearchScopes ======================

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
          "DefaultScope"="{14FB70AD-A8A5-4820-844A-C0CC7D365304}"
          {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
          {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
          {14FB70AD-A8A5-4820-844A-C0CC7D365304} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7MDNE_nlNL450NL452"
          {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7"

          ==== Reset Google Chrome ======================

          C:\Users\van den Berg\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
          C:\Users\van den Berg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
          C:\Users\van den Berg\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
          C:\Users\van den Berg\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

          ==== Deleting Registry Keys ======================

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acrord32.exe deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
          HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

          ==== Empty IE Cache ======================

          C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\van den Berg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

          ==== Empty FireFox Cache ======================

          No FireFox Cache found

          ==== Empty Chrome Cache ======================

          C:\Users\van den Berg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

          ==== Empty All Flash Cache ======================

          Flash Cache Emptied Successfully

          ==== Empty All Java Cache ======================

          Java Cache cleared successfully

          ==== C:\zoek_backup content ======================

          C:\zoek_backup (files=235 folders=26 21031731 bytes)

          ==== Empty Temp Folders ======================

          C:\Users\Default\AppData\Local\temp emptied successfully
          C:\Users\Default User\AppData\Local\temp emptied successfully
          C:\Users\Public\AppData\Local\temp emptied successfully
          C:\Users\van den Berg\AppData\Local\Temp will be emptied at reboot
          C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
          C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
          C:\Windows\Temp will be emptied at reboot

          ==== After Reboot ======================

          ==== Empty Temp Folders ======================

          C:\Windows\Temp successfully emptied
          C:\Users\VANDEN~1\AppData\Local\Temp successfully emptied

          ==== Empty Recycle Bin ======================

          C:\$RECYCLE.BIN successfully emptied

          ==== EOF on ma 21-09-2015 at 19:12:06,99 ======================
          Je moet goed drinken want eten is ook duur.

          Comment


          • #6
            Gaat het al beter nu ?

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Ik moet zeggen dat je er niet heel veel van merkte, er was nog mee te werken. De computer is nu wel sneller. Even afwachten of er nog mails verstuurt gaan worden via hun e-mail.

              Nog tips om dit in de toekomst te voorkomen? En waar schortte het nou aan? Hadden ze last van Phishing etc.?

              Moet zeggen dat het opstarten voor mijn gevoel ook lang duurt... Zit dan wel geen SSD in, maar na het inloggen hoor je de computer denken en denken... en er start weinig tot niets op! Volgens mij moet dit sneller kunnen..... Nadat de pc is opgestart, loopt alles wel 'vlot'
              Last edited by steven92; 23-09-15, 10:36.
              Je moet goed drinken want eten is ook duur.

              Comment


              • #8
                Misschien start er wat teveel op die je ook handmatig kan starten.

                laat zoek.exe nog eens lopen met deze code.

                Code:
                startupall;

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Zoek.exe v5.0.0.0 Updated 23-09-2015
                  Tool run by van den Berg on do 24-09-2015 at 12:29:54,65.
                  Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
                  Running in: Normal Mode Internet Access Detected
                  Launched: C:\Users\van den Berg\Desktop\zoek.exe [Scan all users] [Script inserted]

                  ==== Older Logs ======================

                  C:\zoek-results2012-11-03-144714.log 9192 bytes
                  C:\zoek-results2015-09-21-171206.log 9411 bytes

                  ==== Startup Registry Enabled ======================

                  [HKEY_USERS\S-1-5-21-676889318-1339772364-1996742186-1002\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
                  "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

                  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

                  ==== Startup Registry Enabled x64 ======================

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

                  ==== Startup Registry Disabled ======================

                  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
                  "Google Update"="\"C:\\Users\\van den Berg\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"


                  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
                  "CLMLServer"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""
                  "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
                  "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
                  "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"


                  ==== Startup Registry Disabled x64 ======================

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Adobe ARM"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Adobe Creative Cloud"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Synchronizer]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Adobe Reader Synchronizer"
                  "hkey"="HKCU"
                  "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AdobeCollabSync.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="AdobeAAMUpdater-1.0"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="ccleaner"
                  "hkey"="HKCU"
                  "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /AUTO"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="CCleaner Monitoring"
                  "hkey"="HKCU"
                  "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dropbox Update]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Dropbox Update"
                  "hkey"="HKCU"
                  "command"="\"C:\\Users\\van den Berg\\AppData\\Local\\Dropbox\\Update\\DropboxUpdate.exe\" /c"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Facebook Update"
                  "hkey"="HKCU"
                  "command"="\"C:\\Users\\van den Berg\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Google Update"
                  "hkey"="HKCU"
                  "command"="\"C:\\Users\\van den Berg\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="RTHDVCPL"
                  "hkey"="HKLM"
                  "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sbsdk-server]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="sbsdk-server"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\SMART Technologies\\Education Software\\sbsdk-server\\NodeLauncher.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Skype"
                  "hkey"="HKCU"
                  "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Board Service]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="SMART Board Service"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\SMART Technologies\\Education Software\\SMARTBoardService.exe\" -d"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Floating Tools]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="SMART Floating Tools"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\SMART Technologies\\Education Software\\FloatingTools.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Ink]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="SMART Ink"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\SMART Technologies\\Education Software\\SMARTInk.exe\" -a"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Tray Tools]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="SMART Tray Tools"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\SMART Technologies\\Education Software\\SMARTTrayIcon.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMARTNotification]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="SMARTNotification"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\SMART Technologies\\Education Software\\SMARTNotification.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Spotify"
                  "hkey"="HKCU"
                  "command"="\"C:\\Users\\van den Berg\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
                  "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="Spotify Web Helper"
                  "hkey"="HKCU"
                  "command"="\"C:\\Users\\van den Berg\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\""

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="StartCCC"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
                  "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
                  "item"="SunJavaUpdateSched"
                  "hkey"="HKLM"
                  "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
                  "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
                  "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
                  "backupExtension"=".CommonStartup"
                  "command"="C:\\PROGRA~2\\MCAFEE~1\\30266C~1.313\\SSSCHE~1.EXE "
                  "item"="McAfee Security Scan Plus"


                  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
                  "BCSSync"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
                  "MedionReminder"="C:\\Program Files (x86)\\CyberLink\\PowerRecover\\Reminder.exe"


                  ==== Task Scheduler Jobs ======================

                  C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [22-09-2015 02:16]
                  C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002Core.job --a------ C:\Users\van den Berg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19-06-2015 16:53]
                  C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002UA.job --a------ C:\Users\van den Berg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19-06-2015 16:53]
                  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002Core.job --a------ C:\Users\van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe [12-08-2012 15:01]
                  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002UA.job --a------ C:\Users\van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe [12-08-2012 15:01]
                  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-08-2015 04:07]
                  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-08-2015 04:07]
                  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002Core.job --a------ C:\Users\van den Berg\AppData\Local\Google\Update\GoogleUpdate.exe [31-08-2015 14:54]
                  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002UA.job --a------ C:\Users\van den Berg\AppData\Local\Google\Update\GoogleUpdate.exe [31-08-2015 14:54]

                  ==== Other Scheduled Tasks ======================

                  "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
                  "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
                  "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
                  "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002Core" [C:\Users\van den Berg\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
                  "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002UA" [C:\Users\van den Berg\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
                  "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002Core" [C:\Users\van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe]
                  "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002UA" [C:\Users\van den Berg\AppData\Local\Facebook\Update\FacebookUpdate.exe]
                  "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\van den Berg\AppData\Local\Google\Update\GoogleUpdate.exe]
                  "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
                  "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
                  "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002Core" [C:\Users\van den Berg\AppData\Local\Google\Update\GoogleUpdate.exe]
                  "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-676889318-1339772364-1996742186-1002UA" [C:\Users\van den Berg\AppData\Local\Google\Update\GoogleUpdate.exe]
                  "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
                  "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
                  "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe]
                  "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{86C07645-5C28-4AF7-9601-449AAC97B40A}" [C:\Windows\system32\msfeedssync.exe]
                  "C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64 35" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe"]
                  "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

                  ==== C:\zoek_backup content ======================

                  C:\zoek_backup (files=235 folders=26 21031731 bytes)

                  ==== EOF on do 24-09-2015 at 12:32:29,53 ======================
                  Je moet goed drinken want eten is ook duur.

                  Comment


                  • #10
                    Download ZHPDiag via onderstaande link:
                    - ZHPDiag (klik op de blauwe knop 'Télécharger')
                    Bewaar het op je bureaublad.

                    Antivirussoftware uitschakelen
                    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPDiag.

                    ZHPDiag uitvoeren
                    • Rechtsklik op ZHPDiag3.exe en klik op Als Administrator uitvoeren.
                    • Klik op "I agree" in het openingsscherm "TERMS OF USE".
                    • Klik op "Scanner" en wacht geduldig tot dit klaar is.
                    • Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze als bijlage in je volgende bericht.
                      (Het logbestand kan je ook terugvinden in de map %AppData%\ZHP.)

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Aangezien ik geen bijlage via jullie website kon uploaden maar via een andere weg gedaan.

                      http://pastebin.ca/3172867
                      Je moet goed drinken want eten is ook duur.

                      Comment


                      • #12
                        Download ZHPfix naar het bureaublad.
                        ZHPFix installeren:
                        • Rechtsklik op ZHPFix.exe en klik op "Als Administrator uitvoeren".
                        • Klik meerdere keren op "Suivant" en vervolgens op "Installer" om het programma te installeren.
                        • Klik daarna op "Terminer".


                        Kopieer onderstaande code volledig:

                        Code:
                        Script ZHPFix
                        HKLM\SOFTWARE\Wow6432Node\aducky  =>PUP.Optional.aDucky
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASAPI32  =>PUP.Optional.BProtector
                        HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASMANCS  =>PUP.Optional.BProtector
                        
                        shortcutfix
                        emptytemp
                        emptyflash
                        Schakel uw antivirussoftware tijdelijk uit.
                        ZHPFix uitvoeren:
                        • Dubbelklik op de snelkoppeling ZHPFix op het bureaublad.
                        • De geselecteerde scriptcode wordt in het venster van ZHPFix geplakt. Gebeurt dit niet automatisch, rechtsklik dan in het venster van ZHPFix en klik op Plakken.
                        • Druk op de knop "Importeren".
                        • Druk daarna onderaan op de knop "Go".
                        • Wacht nu geduldig af tot er een logje opent.

                        Post het logbestand met de naam "ZHPFix[r1].txt" als bijlage in je volgend bericht.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Rapport de ZHPFix 2015.8.24.7 par Nicolas Coolman, Update du 24/08/2015
                          Fichier d'export Registre :
                          Run by van den Berg at 25-9-2015 1:01:49
                          High Elevated Privileges : OK
                          Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

                          Prullenbak geleegd (00mn 12s)
                          Reparatie van browser snelkoppelingen

                          ========== Registersleutels ==========
                          VERWIJDERD: HKLM\SOFTWARE\Wow6432Node\aducky
                          VERWIJDERD: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASAPI32
                          VERWIJDERD: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PerformanceOptimizer_RASMANCS

                          ========== Mappen ==========
                          Verwijderen tijdelijke Windows (30)
                          Verwijderd Flash Cookies (0)

                          ========== Bestanden ==========
                          Verwijderen tijdelijke Windows (88) (20.089.512 octets)
                          Verwijderd Flash Cookies (0) (0 octets)


                          ========== Samenvatting ==========
                          3 : Registersleutels
                          2 : Mappen
                          2 : Bestanden


                          End of clean in 00mn 13s

                          ========== Pad naar bestand verslag ==========
                          C:\Users\van den Berg\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25-9-2015 1:02:01 [979]
                          Je moet goed drinken want eten is ook duur.

                          Comment


                          • #14
                            Vertel even of je nog problemen hebt.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Als de computer is opgestart reageert deze erg vlot, maar voordat je iets kan opstarten vind ik persoonlijk nogal lang duren ondanks dat je er zo min mogelijk in de achtergrond opstart.

                              Tot nu toe geen meldingen meer dat er via dit e-mailadres mail wordt verstuurt.

                              Waar lag het nou aan? Is daar iets zinnigs over te zeggen?
                              Je moet goed drinken want eten is ook duur.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X