laptop gehacktA

[corryvm]

best,

laptop met windows 7 virusscanner microsoft securitiy essentials

eergisteren was mijn zoon aan het studeren op laptop, toen plots het lampje van de webcam aanging.

nadien verscheen er een chatvenster en was er een persoon geld aan het afpersen en bedreigen de laptop om zeep te helpen als hij niet wou betalen.

toen we hem zijde dat hij hier thuis om het geld moest komen, zodat we die persoon persoonlijk konden aanpakken, heeft hij gezegt ik geef u 1 minuut dan is u laptop om zeep en moogt ge hem wegsmijten.

wij hebben de laptop onmiddelijk offline gehaald en zijn naar het politiekantoor gegaan daar hebben ze ons proberen te helpen, door middel van sommige services en processen te stoppen via taakbeheer. namelijk RasMAn en RasAuto.

we waren toch een beetje opgelucht dat ze ons hierbij hebben geholpen.

maar toen ik later die avond op de laptop bezig was, ging plots het lampje van de webcam weer aan ik heb de laptop weer offline gehaald, en heb vervolgens een systeem herstel ook uitgevoerd, momenteel heb ik al twee dagen niets ondervonden, maar vermoed dat er nog iets op de laptop achtergebleven is.

zou iemand eventueel kunnen helpen, wat we nog kunnen doen.

heb ook het programma HijackThis gedownload en een scan onder administrator laten uitvoeren

hieronder zal ik de post hiervan kleven. in de hoop dat iemand mij toch nog kan helpen en vertellen of de laptop in orde is nog of niet.

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 15:51:54, on 13/06/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16611)

CHROME: 27.0.1453.110

FIREFOX: 16.0.1 (nl)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe

C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Robin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbhelper.dll

R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: CrossriderApp0003491 - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll

O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O3 - Toolbar: Solid YouTube Downloader and Converter DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar\tbcore3.dll

O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: (no name) - !{3462c343-be19-4143-af70-cefb56f46fc6} - (no file)

O3 - Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MediaGet2] C:\Users\Robin\AppData\Local\MediaGet2\mediaget.exe --minimized

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Robin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: SolidWorks Background Downloader.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - MSN Games - Free Online Games

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs:

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (file missing)

O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (file missing)

O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (file missing)

O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe

O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe

O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18152 bytes

[Maxstar]

Hallo en welkom op het forum,

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

   
  startupall; 
  filesrcm; 
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[corryvm]

[ATTACH]26454[/ATTACH]Zoek.exe Version 4.0.0.2 Updated 03-June-2013

zoek.txt

13 juni 2013 aangepast door Maxstar
Log als bijlage toegevoegd

[Maxstar]

Hoi,

Start Zoek.exe nogmaals met het volgende script.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe

(hier of hier) kan je lezen hoe je dat doet.

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

   
  {11111111-1111-1111-1111-110011341191};c
  C:\Program Files (x86)\Vid-Saver;fs
  {3a421c8f-e238-4aeb-8874-b8b5f2cc4772};c
  C:\PROGRA~2\COUPON~2;fs
  {60e91567-ef8a-4520-bce2-83aba5256799};c
  C:\Program Files (x86)\CouponAlert_2p;fs
  {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7};c
  C:\Program Files (x86)\Funmoods;fs
  {EEE6C35C-6118-11DC-9C72-001320C79847};c
  C:\Program Files (x86)\SweetIM;fs
  {FCBCCB87-9224-4B8D-B117-F56D924BEB18};c
  C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar;fs
  {FD72061E-9FDE-484D-A58A-0BAB4151CAD8};c
  C:\Program Files (x86)\Yontoo;fs
  {338B4DFE-2E2C-4338-9E41-E176D497299E};c
  !{2318C2B1-4965-11d4-9B18-009027A5CD4F};c
  !{3462c343-be19-4143-af70-cefb56f46fc6};c
  !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3};c
  !{EEE6C35B-6118-11DC-9C72-001320C79847};c
  {2318C2B1-4965-11d4-9B18-009027A5CD4F};c
  {3462c343-be19-4143-af70-cefb56f46fc6};c 
  {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3};c
  {EEE6C35B-6118-11DC-9C72-001320C79847};c
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
  "SweetIM"=-;r
  "Coupon Alert Search Scope Monitor"=-;r
  "CouponAlert_2p Browser Plugin Loader"=-;r
  autoclean;
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  

[corryvm]

Zoek.exe Version 4.0.0.2 Updated 03-June-2013

Tool run by Robin on do 13/06/2013 at 19:13:21,92.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60e91567-ef8a-4520-bce2-83aba5256799} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60e91567-ef8a-4520-bce2-83aba5256799} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462c343-be19-4143-af70-cefb56f46fc6} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462c343-be19-4143-af70-cefb56f46fc6} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\couponalert_2pservice deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\couponalert_2pservice deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

prefs.js not found

user.js not found

---- Lines OneClickDownload removed from prefs.js ----

---- Lines OneClickDownload modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\z46zjv6u.default

user.js not found

---- Lines OneClickDownload removed from prefs.js ----

---- Lines OneClickDownload modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20131306_1918_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SweetIM"=-

"Coupon Alert Search Scope Monitor"=-

"CouponAlert_2p Browser Plugin Loader"=-

==== Deleting Files \ Folders ======================

"C:\user.js" deleted

"C:\ProgramData\HPWALog.txt" deleted

"C:\user.js" deleted

"C:\end" deleted

"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe" deleted

"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll" deleted

"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll" deleted

"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" deleted

"C:\Users\Robin\AppData\Roaming\windir" deleted

"C:\Program Files (x86)\Vid-Saver" deleted

"C:\Program Files (x86)\CouponAlert_2p" deleted

"C:\Program Files (x86)\Funmoods" deleted

"C:\Program Files (x86)\SweetIM" not deleted

"C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar" deleted

"C:\Program Files (x86)\Yontoo" deleted

"C:\Program Files (x86)\ExpressFiles" deleted

"C:\Program Files (x86)\FoxTabPDFConverter" deleted

"C:\Program Files (x86)\Babylon" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\TB" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Program Files (x86)\Solid YouTube Downloader and Converter DB Toolbar" deleted

"C:\Program Files (x86)\YourFileDownloader" deleted

"C:\Program Files (x86)\Yontoo" deleted

"C:\Program Files (x86)\Vid-Saver" deleted

"C:\Program Files (x86)\Red Sky" deleted

"C:\Program Files (x86)\SweetIM" not deleted

"C:\Program Files (x86)\Funmoods" deleted

"C:\Program Files (x86)\Conduit" deleted

"C:\Users\Robin\AppData\Roaming\YourFileDownloader" deleted

"C:\Users\Robin\AppData\Roaming\OpenCandy" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\SweetIM" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\Users\Robin\AppData\Local\Ilivid Player" deleted

"C:\Users\Robin\AppData\Local\DownTango" deleted

"C:\Users\Robin\AppData\Local\PackageAware" deleted

"C:\Users\Robin\AppData\Local\Vid-Saver" deleted

"C:\Users\Robin\AppData\Local\Conduit" deleted

"C:\Users\Robin\AppData\LocalLow\BabylonToolbar" deleted

"C:\Users\Robin\AppData\LocalLow\Funmoods" deleted

"C:\Users\Robin\AppData\LocalLow\DataMngr" deleted

"C:\Users\Robin\AppData\LocalLow\PriceGong" deleted

"C:\Users\Robin\AppData\LocalLow\searchquband" deleted

"C:\Users\Robin\AppData\LocalLow\Conduit" deleted

"C:\Users\Robin\AppData\LocalLow\Toolbar4" deleted

"C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com" deleted

"C:\Program Files (x86)\CouponAlert_2p\bar" deleted

"C:\Program Files (x86)\CouponAlert_2p\bar\1.bin" deleted

"C:\Program Files (x86)\SweetIM\Messenger" not deleted

"C:\Program Files (x86)\SweetIM\Messenger" not deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\z46zjv6u.default

3D928B3FE97C403A33F803B3D1A260C9 - C:\Users\Robin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update

AB87C54CA19675880B0CAE65B8AF140C - C:\windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11

0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Robin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

8C1CAFEBED8CA61926158CEE71F8A750 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

517021D1BCA1962ABF09099014A7D87D - C:\windows\SysWOW64\npOGPPlugin.dll - OGPlanet Game Plugin

517021D1BCA1962ABF09099014A7D87D - C:\windows\system32\npOGPPlugin.dll - OGPlanet Game Plugin

AB87C54CA19675880B0CAE65B8AF140C - C:\windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11

15E298B5EC5B89C5994A59863969D9FF - C:\windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Robin\AppData\Local\Temp\crx832D.tmp[]

fdloijijlkoblmigdofommgnheckmaki - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx[]

jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click11.crx[]

kincjchfokkeneeofpeefomkikfkiedl - C:\Program Files (x86)\OApps\chromeaddon.crx[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]

niapdbllcanepiiimjjndipklodoedlc - C:\Users\Robin\AppData\Local\Temp\YontooLayers.crx[]

pgmfkblbflahhponhjmkcnpjinenhlnc - C:\Users\Robin\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx[]

pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[12/12/2012 19:51]

Battlefield Heroes - Robin - Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh

Battlefield Play4Free - Robin - Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei

AdBlock - Robin - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://start.funmoods.com/?f=1&a=nv1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{29868439-9DFA-4834-8165-6FD98A0FE43C} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully

HKEY_USERS\S-1-5-21-1807347547-2428687172-3078923314-1000\Software\Classes\Software\Microsoft\Internet Explorer\URLSearchHooks\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Robin\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Robin\AppData\Local\Mozilla\Firefox\Profiles\z46zjv6u.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied

C:\Users\Robin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\SweetIM" not found

"C:\Program Files (x86)\SweetIM" not found

"C:\users\Robin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VRH3LJ76\static.nl.softonic.com" not found

==== EOF on do 13/06/2013 at 19:23:26,12 ======================

[Maxstar]

Hoi,

Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• 
  
• Update MalwareBytes' Anti-Malware
  
• Start MalwareBytes' Anti-Malware
  
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
  

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)

• 
  
• Malwarebytes' Anti-Malware Chameleon
  
• Problemen bij het installeren van Malwarebytes' Anti-Malware
  
• Problemen bij het updaten van Malwarebytes' Anti-Malware
  
• Problemen bij het starten van Malwarebytes' Anti-Malware
  

• 
  
• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  
• Ga daarna naar het tabblad "Scanner", kies hier voor "Volledige Scan".
  
• Druk vervolgens op "Scannen" om de scan te starten.
  
• Het scannen kan een tijdje duren, dus wees geduldig.
  
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  
• Herstart de computer indien nodig en post hierna de log in het volgende bericht als bijlage.
  

[corryvm]

hoe moet je de log invoegen als bijlage vond dit niet ga eens goed moeten nakijken. sorry volgende staat dus ook niet in bijlage

[corryvm]

[ATTACH]26455[/ATTACH]

de scan is eindelijk voltooid hierbij de log bijlage, hopelijk is het me deze keer gelukt bij te voegen

MBAM-log-2013-06-13 (21-37-25).txt

[Maxstar]

Hoi,

Je hebt door MBAM niets laten verwijderen zo te zien, start de scan nogmaals en laat vervolgens alles verwijderen.

Groet Maxstar

[corryvm]

[ATTACH]26456[/ATTACH]

had blijkbaar verkeerde bijlage ingevoegd dit hopelijk de juiste met de ondernomen acties van de scan

mbam-log-2013-06-13 (19-40-18).txt