Trage laptop & hoog processorgebruik.

[kemicky]

Zoek.exe Version 4.0.0.2 Updated 21-June-2013

Tool run by ArMi on vr 21-06-2013 at 13:25:31,54.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results20-06-2013-2115.log 280 bytes

C:\zoek-results20-06-2013-2122.log 370 bytes

C:\zoek-results21-06-2013-1259.log 462 bytes

C:\zoek-results21-06-2013-1301.log 462 bytes

==== EOF on vr 21-06-2013 at 13:25:32,72 ======================

[Mako]

Hoi,

Heb je de code ingegeven uit bericht #8? Daar lijkt het in elk geval niet op...

Er zijn wel al heel wat andere logbestanden gemaakt wat erop wijst dat je de tool al enkele malen zou uitgevoerd hebben.

Indien je zoek.exe hebt uitgevoerd met de code uit bericht #8 voeg dan even de gemaakte logfiles als bijlage toe aan je volgende bericht. Deze kan je vinden op je C schijf met volgende namen:

C:\zoek-results21-06-2013-1259.log 462 bytes

C:\zoek-results21-06-2013-1301.log 462 bytes

Hoe je een bijlage aan je bericht kan toevoegen lees je hier.

[kemicky]

Hallo,

ik heb #8 gedaan maar krijg volgende meldingen (zie bijlage run script)

en vervolgens als ik erop heb geklikt komt nieuwe download (zie bijlage zoek exe).

[Mako]

Hallo,

De eerste afbeelding die je hebt toegevoegd is van de webpagina waar je zoek.exe downloadt. Wanneer je dan inderdaad ergens klikt zal er een download starten. Dat heb je aan de 2e afbeelding te zien al zo'n 9 keer gedaan.

Vervolgens open je het gedownloade bestand met het vergrootglas icon door erop te rechtsklikken en te kiezen voor Uitvoeren als Administrator.

In je tweede afbeelding rechtsklik je dus op zoek en kies je voor Uitvoeren als Administrator.

Vervolgens zal er opnieuw zo'n venster openen als in je eerste afbeelding. In het grote witte/lege scherm plak je volgende code:

startupall; 
filesrcm;
{377e5d4d-77e5-476a-8716-7e70a9272da0};c
{7F6AFBF1-E065-4627-A2FD-810366367D01};c
{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014};c
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8};c
C:\PROGRA~1\SEARCH~1;fs
C:\Users\ArMi\AppData\Roaming\DefaultTab;fs
C:\Program Files\Yontoo;fs
C:\Program Files\Media Finder;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"DATAMNGR"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"Media Finder"=-;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"="C:\PROGRA~2\Wincert\WIN32C~1.DLL";r
DefaultTabSearch;s
DefaultTabUpdate;s
autoclean;

Vervolgens druk je op Run script.

Wacht geduldig tot er een logje opent. Post dit in je volgende bericht .

[kemicky]

Zoek.exe Version 4.0.0.2 Updated 21-June-2013

Tool run by ArMi on vr 21-06-2013 at 19:28:06,25.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results20-06-2013-2115.log 280 bytes

C:\zoek-results20-06-2013-2122.log 370 bytes

C:\zoek-results21-06-2013-1259.log 462 bytes

C:\zoek-results21-06-2013-1301.log 462 bytes

C:\zoek-results21-06-2013-1325.log 508 bytes

C:\zoek-results21-06-2013-1926.log 554 bytes

C:\zoek-results21-06-2013-1927.log 600 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1AB61EFD-9B15-4EC4-AEFE-520192E12C09} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7344BBFD-2AEF-41FA-BE8A-8C0C6FE6154C} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7344BBFD-2AEF-41FA-BE8A-8C0C6FE6154C} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabSearch deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabSearch deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabUpdate deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default

---- Lines mystart removed from prefs.js ----

user_pref("browser.startup.homepage", "http://mystart.incredimail.com");

---- Lines mystart modified from prefs.js ----

---- Lines mystart removed from user.js ----

---- Lines yontoo removed from prefs.js ----

---- Lines yontoo modified from prefs.js ----

---- Lines yontoo removed from user.js ----

user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");

---- FireFox user.js and prefs.js backups ----

user_21-06-2013_1932_.backup

prefs_21-06-2013_1932_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DATAMNGR"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Media Finder"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~2\Wincert\WIN32C~1.DLL"

==== Deleting Files \ Folders ======================

"C:\Program Files\Media Finder" not found

"C:\Users\ArMi\Downloads\SoftonicDownloader_voor_ilivid-download-manager.exe" deleted

"C:\Users\ArMi\Downloads\SoftonicDownloader_voor_ilivid-download-manager.exe" deleted

"C:\Windows\System32\Tasks\Browser Manager" deleted

"C:\Users\Public\sdelevURL.tmp" deleted

"C:\Users\ArMi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk" deleted

"C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences" deleted

"C:\Windows\system32\sasnative32.exe" deleted

"C:\Windows\system32\roboot.exe" deleted

"C:\Users\ArMi\Desktop\Ongebruikt\rcpsetup_softonic_sd_new.exe" deleted

"C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe" deleted

"C:\Program Files\Advanced System Protector\aspsys.dll" deleted

"C:\Program Files\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted

"C:\Program Files\Advanced System Protector\System.Data.SQLite.dll" deleted

"C:\Program Files\Advanced System Protector\unrar.dll" deleted

"C:\Program Files\Advanced System Protector\Xceed.Compression.dll" deleted

"C:\Program Files\Advanced System Protector\Xceed.FileSystem.dll" deleted

"C:\Program Files\Advanced System Protector\Xceed.Zip.dll" deleted

"C:\ProgramData\Wincert\win32cert.dll" deleted

"C:\ProgramData\Wincert\win32prop.dll" deleted

"C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe" deleted

"C:\Users\ArMi\AppData\Roaming\Canon" deleted

"C:\Users\ArMi\AppData\Roaming\DefaultTab" deleted

"C:\Program Files\Yontoo" deleted

"C:\Program Files\uTorrentControl_v2" deleted

"C:\Program Files\uTorrentControl_v2" deleted

"C:\Program Files\Search Results Toolbar" not deleted

"C:\Program Files\DefaultTab" deleted

"C:\Program Files\Advanced System Protector" not deleted

"C:\Program Files\Yontoo" deleted

"C:\Users\ArMi\AppData\Roaming\DefaultTab" deleted

"C:\Users\ArMi\AppData\Roaming\Systweak" deleted

"C:\Users\ArMi\AppData\Roaming\Media Finder" deleted

"C:\Users\ArMi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com" deleted

"C:\ProgramData\Browser Manager" deleted

"C:\ProgramData\Systweak" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\Wincert" not deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector" deleted

"C:\Users\ArMi\AppData\Local\iLivid" deleted

"C:\Users\ArMi\AppData\Local\CRE" deleted

"C:\Users\ArMi\AppData\Local\SwvUpdater" deleted

"C:\Users\ArMi\AppData\LocalLow\searchresultstb" deleted

"C:\Users\ArMi\AppData\LocalLow\ilividtoolbargaw" deleted

"C:\Users\ArMi\AppData\LocalLow\DataMngr" deleted

"C:\Windows\System32\searchplugins" deleted

"C:\Windows\System32\Extensions" deleted

"C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default\extensions\plugin@yontoo.com" deleted

"C:\Program Files\Search Results Toolbar\Datamngr" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-06-21 07:29:21 DCB7F77357A34BE73CB47788165E769A 17 ----a-w- C:\Windows\STARTYPE.INI

====== C:\Users\ArMi\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-06-12 20:44:26 F67B1B348CBBCB60DAEC276712582E8C 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-12 20:44:25 B3DC4D1658093C1E486CA9F22180BECF 1141248 ----a-w- C:\Windows\System32\urlmon.dll

2013-06-12 20:44:25 5E2D9C88284AA3BECF15BEA0920A1903 391168 ----a-w- C:\Windows\System32\ieui.dll

2013-06-12 20:44:23 FCA0837B2739C044EEC00AF0DDD73FFC 13760512 ----a-w- C:\Windows\System32\ieframe.dll

2013-06-12 20:44:21 F383B1AD5D7FDC1ACB0D900B50572F8D 2046976 ----a-w- C:\Windows\System32\iertutil.dll

2013-06-12 20:44:21 05920BD009621D06722A1CD339DA6481 14327808 ----a-w- C:\Windows\System32\mshtml.dll

2013-06-12 20:41:18 091C7153A1292F19BE34FAC07FFF12EC 690688 ----a-w- C:\Windows\System32\jscript.dll

2013-06-12 20:41:16 97FA62873FF759574B20DF39FF22CC27 2877440 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-12 20:41:16 4395AC0BC02009AFAAB01368BA38AF30 39424 ----a-w- C:\Windows\System32\jsproxy.dll

2013-06-12 20:41:15 A10E7B582DEA86572510CB73CCCECA34 61440 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-12 20:41:13 DD09C65E52F3D5574F9774EE0D4DAA57 33280 ----a-w- C:\Windows\System32\iernonce.dll

2013-06-12 20:41:13 64DF9B793072A53F245515E08D8F5E37 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-06-12 20:41:13 0FEED965B909BA2D210CE78C21626A69 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2013-06-12 20:41:12 CE3EC9D85ED88ED4AD948B90BB9ED31D 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 20:41:12 9593EA1AE5F39C1174B532213D47664B 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-12 20:41:09 2473CA6595A2659D7039A4A89FECA269 1767936 ----a-w- C:\Windows\System32\wininet.dll

2013-06-12 14:51:51 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 14:51:43 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-06-12 14:51:33 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 14:51:31 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-12 14:51:31 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-12 14:51:31 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe

2013-06-12 14:51:30 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll

2013-06-12 14:51:30 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-12 14:51:27 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-12 14:51:25 575DDD83B40880E1DEB48758673BDA71 3913576 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-12 14:51:25 3F63CF7DF313428CA9C5D1F410DF4645 3968872 ----a-w- C:\Windows\System32\ntkrnlpa.exe

====== C:\Windows\system32\drivers =====

2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-12 14:51:22 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

2013-06-20 19:15:17 49509E5A965A94760609D96C3413BE38 3120 ----a-w- C:\Windows\system32\Tasks\{2C483F32-378A-4E30-A7CD-592650256511}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Users\ArMi\AppData\Roaming ======

====== C:\Users\ArMi ======

2013-06-21 11:01:47 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\ArMi\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-21 10:46:44 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\ArMi\Downloads\TFC.exe

2013-06-20 17:25:41 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\ArMi\Downloads\spsetup122.exe

====== C: exe-files ==

2013-06-21 17:25:05 6DBA0910EE06D90BBA58D1C94F3A5124 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IDPK8IA.exe

2013-06-21 17:25:05 3FAD3B84854A26F4C83B185AAB8469DC 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IDL2SBE.exe

2013-06-21 16:46:49 63CF267FD22CC27CD72F7473E240EA15 1272128 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RDPK8IA.exe

2013-06-20 19:13:34 76FE155CDBD3BA74860B8389BB8EECDF 1271997 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RDL2SBE.exe

2013-06-19 10:38:44 FC89629363054D6EE349BE6D372FB8A8 129896 ----a-w- C:\Program Files\Speccy\uninst.exe

2013-06-19 10:38:04 185804AC50A546738B466B5CF04AC793 5926168 ----a-w- C:\Program Files\Speccy\Speccy.exe

=== C: other files ==

2013-06-21 17:25:08 F60AF75461A3489B8B8D1CC3A925298D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IEWO4U7.zip

2013-06-21 17:25:05 EABAF33610D7AA4CD3A953FA767440AB 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IOJHG4E.zip

2013-06-21 17:25:05 A6C57531A243A5C043AF38EF25716108 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IJJ8YNB.zip

2013-06-21 17:25:05 7CB4A0A661CB49B870663BB2DB75FA24 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$I4B49GY.zip

2013-06-21 17:25:05 733716C1FE71658E7D2E670189DCF15A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$INRQ3FC.zip

2013-06-21 17:25:05 578AE4FACD66E95D75BB9B671602D702 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$I39ZLZ0.zip

2013-06-21 17:25:05 12367075BE452E89316D04BFDDA6B9E5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$I5CIK41.zip

2013-06-21 16:49:51 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$REWO4U7.zip

2013-06-21 16:47:40 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RJJ8YNB.zip

2013-06-21 16:47:28 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RNRQ3FC.zip

2013-06-21 16:47:24 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$R4B49GY.zip

2013-06-21 16:47:24 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$R39ZLZ0.zip

2013-06-21 16:47:20 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$R5CIK41.zip

2013-06-21 16:47:03 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$ROJHG4E.zip

2013-06-21 11:22:29 59971CC6BF628653C45FBA2FC81F7B3B 144 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys

2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

"Inetreg"="C:\Program Files\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe /i_again -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 "

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe"

"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe"

"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe"

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe"

"NUSB3MON"="C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"

"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe"

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"

"avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui"

"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"PDFPrint"="C:\Program Files\PDF24\pdf24.exe"

"Family Tree Builder Update"="C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default

- Undetermined - %ProfilePath%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aaaanijiojpcccpkjdjjmjghddcgcbfj - C:\Users\ArMi\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx[]

bllaobobdmgmnafkbkdjnkebbaopjofd - C:\Users\ArMi\AppData\Local\CRE\bllaobobdmgmnafkbkdjnkebbaopjofd.crx[]

ccbgjfdieajmokelnlapbedknchgenne - C:\Users\ArMi\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[]

dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\ArMi\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]

icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[31-10-2012 00:48]

kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files\DefaultTab\DefaultTab.crx[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 13:14]

lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\ArMi\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]

niapdbllcanepiiimjjndipklodoedlc - C:\Program Files\Yontoo\YontooLayers.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ccbgjfdieajmokelnlapbedknchgenne - C:\Users\ArMi\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[]

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]

General Crawler - ArMi - Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

WeatherBug - ArMi - Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak

Skype Click to Call - ArMi - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_find.conduit.com_0.localstorage-journal deleted successfully

C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully

C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully

C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.de_0.localstorage-journal deleted successfully

C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://mystart.incredimail.com?a=6R8TMMCqBW"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{5F3CED0B-0F7E-4CDA-A345-CD93F32E506D} WEB.DE Suche Url="http://go.web.de/br/ie8_search_web/?su={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{88EAB4FF-0C04-4773-B0BB-661AA49BB50D} Amazon Url="http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}"

{CB62A195-5D27-4833-8F3F-0730AEEB9589} eBay Url="http://go.web.de/br/ie8_search_ebay/?q={searchTerms}"

{E8A0F93B-C792-415F-BF1F-90EF126373C9} Bing Url="http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ccbgjfdieajmokelnlapbedknchgenne deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ccbgjfdieajmokelnlapbedknchgenne deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

==== Empty IE Cache ======================

C:\Users\ArMi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\ArMi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\Search Results Toolbar" not found

"C:\Program Files\Advanced System Protector" not found

"C:\ProgramData\Wincert" not found

==== EOF on vr 21-06-2013 at 19:53:30,72 ======================

- - - Updated - - -

Ik hoop dat het nu de juiste is!

[Mako]

Hallo,

Dat is inderdaad het goede logje.

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

   
  filesrcm;
  C:\Windows\STARTYPE.INI;p
  [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
  "IncrediMail"=-;r
  [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run];r
  "IncrediMail"=-;r
  [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce];r
  "Inetreg"=-;r
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
  "IncrediMail"=-;r
  C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f};fs
  {5F3CED0B-0F7E-4CDA-A345-CD93F32E506D};c
  emptyalltemp; 
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht als bijlage.
  
• Op het bureaublad zal nu een bestand genaamd sample_20120615_0718.zip staan (de cijfers achter Sample_ duiden de datum en tijd aan).
  
• Upload dit bestand naar Gratis bestanden delen en uploaden via Mijn Bestand! en plaats het linkje in het volgende bericht.
  

[kemicky]

Goedemorgen!

Zoek.exe Version 4.0.0.2 Updated 21-June-2013

Tool run by ArMi on za 22-06-2013 at 8:29:17,25.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results20-06-2013-2115.log 280 bytes

C:\zoek-results20-06-2013-2122.log 370 bytes

C:\zoek-results21-06-2013-1259.log 462 bytes

C:\zoek-results21-06-2013-1301.log 462 bytes

C:\zoek-results21-06-2013-1325.log 508 bytes

C:\zoek-results21-06-2013-1926.log 554 bytes

C:\zoek-results21-06-2013-1927.log 600 bytes

C:\zoek-results21-06-2013-1953.log 28878 bytes

==== Creating Sample_22-06-2013_0829.zip ======================

Process chrome.exe killed

Copied file C:\Windows\STARTYPE.INI to sample\STARTYPE.INI

sample\STARTYPE.INI renamed to DCB7F77357A34BE73CB47788165E769A

C:\Users\Public\Desktop\sample_22-06-2013_0829.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F3CED0B-0F7E-4CDA-A345-CD93F32E506D} deleted successfully

HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5F3CED0B-0F7E-4CDA-A345-CD93F32E506D} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"=-

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"=-

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Inetreg"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"=-

==== Deleting Files \ Folders ======================

"C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-06-21 07:29:21 DCB7F77357A34BE73CB47788165E769A 17 ----a-w- C:\Windows\STARTYPE.INI

====== C:\Users\ArMi\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-06-12 20:44:26 F67B1B348CBBCB60DAEC276712582E8C 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-12 20:44:25 B3DC4D1658093C1E486CA9F22180BECF 1141248 ----a-w- C:\Windows\System32\urlmon.dll

2013-06-12 20:44:25 5E2D9C88284AA3BECF15BEA0920A1903 391168 ----a-w- C:\Windows\System32\ieui.dll

2013-06-12 20:44:23 FCA0837B2739C044EEC00AF0DDD73FFC 13760512 ----a-w- C:\Windows\System32\ieframe.dll

2013-06-12 20:44:21 F383B1AD5D7FDC1ACB0D900B50572F8D 2046976 ----a-w- C:\Windows\System32\iertutil.dll

2013-06-12 20:44:21 05920BD009621D06722A1CD339DA6481 14327808 ----a-w- C:\Windows\System32\mshtml.dll

2013-06-12 20:41:18 091C7153A1292F19BE34FAC07FFF12EC 690688 ----a-w- C:\Windows\System32\jscript.dll

2013-06-12 20:41:16 97FA62873FF759574B20DF39FF22CC27 2877440 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-12 20:41:16 4395AC0BC02009AFAAB01368BA38AF30 39424 ----a-w- C:\Windows\System32\jsproxy.dll

2013-06-12 20:41:15 A10E7B582DEA86572510CB73CCCECA34 61440 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-12 20:41:13 DD09C65E52F3D5574F9774EE0D4DAA57 33280 ----a-w- C:\Windows\System32\iernonce.dll

2013-06-12 20:41:13 64DF9B793072A53F245515E08D8F5E37 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-06-12 20:41:13 0FEED965B909BA2D210CE78C21626A69 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2013-06-12 20:41:12 CE3EC9D85ED88ED4AD948B90BB9ED31D 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 20:41:12 9593EA1AE5F39C1174B532213D47664B 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-12 20:41:09 2473CA6595A2659D7039A4A89FECA269 1767936 ----a-w- C:\Windows\System32\wininet.dll

2013-06-12 14:51:51 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 14:51:43 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-06-12 14:51:33 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 14:51:31 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-12 14:51:31 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-12 14:51:31 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe

2013-06-12 14:51:30 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll

2013-06-12 14:51:30 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-12 14:51:27 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-12 14:51:25 575DDD83B40880E1DEB48758673BDA71 3913576 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-12 14:51:25 3F63CF7DF313428CA9C5D1F410DF4645 3968872 ----a-w- C:\Windows\System32\ntkrnlpa.exe

====== C:\Windows\system32\drivers =====

2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-12 14:51:22 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

2013-06-20 19:15:17 49509E5A965A94760609D96C3413BE38 3120 ----a-w- C:\Windows\system32\Tasks\{2C483F32-378A-4E30-A7CD-592650256511}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Users\ArMi\AppData\Roaming ======

2013-06-21 17:40:17 -------- d-----w- C:\users\ArMi\AppData\Local\Temp

====== C:\Users\ArMi ======

2013-06-21 11:01:47 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\ArMi\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-21 10:46:44 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\ArMi\Downloads\TFC.exe

2013-06-20 17:25:41 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\ArMi\Downloads\spsetup122.exe

====== C: exe-files ==

2013-06-19 12:32:24 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Users\ArMi\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe

2013-06-19 10:38:44 FC89629363054D6EE349BE6D372FB8A8 129896 ----a-w- C:\Program Files\Speccy\uninst.exe

2013-06-19 10:38:04 185804AC50A546738B466B5CF04AC793 5926168 ----a-w- C:\Program Files\Speccy\Speccy.exe

=== C: other files ==

2013-06-22 06:29:59 5F564D422FECD62C2FB3BDF9734664F5 756 ----a-w- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

2013-06-22 04:37:43 59971CC6BF628653C45FBA2FC81F7B3B 144 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys

2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Empty IE Cache ======================

C:\Users\ArMi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\ArMi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on za 22-06-2013 at 8:59:06,41 ======================

[Mako]

Goede morgen,

Dat ziet er al heel wat beter uit.

Op je bureaublad zou je volgend bestand moeten hebben staan: sample_22-06-2013_0829.zip

Kan je dit even uploaden naar Gratis bestanden delen en uploaden via Mijn Bestand! en een link naar het geuploadde bestand in je volgende bericht plaatsen aub?

[kemicky]

Uw bestand, sample_22-06-2013_0829.zip, is succesvol geupload

[Mako]

Hoi,

In bericht #8 werd ook nog gevraagd naar het logje van MBAM. Kan je dit ook nog even plaatsen aub?

Doe tot slot nog even volgende 2 scans aub:

1. Download AdwCleaner by Xplode naar het bureaublad.
   
   • 
     
   • Sluit alle openstaande vensters.
     
   • Dubbelklik op AdwCleaner om hem te starten.
     
   • Klik vervolgens op Verwijderen.
     
   • Klik bij AdwCleaner – Informatie op OK
     
   • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
     

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht.

[*]Download OTL naar je bureaublad.

• 
  
• Dubbelklik op "OTL.exe" om de tool te starten.
  
• Wanneer er een melding verschijnt van het gebruikersaccountbeheer klik dan op "Ja / Yes".
  
• Vink bovenin OTL de optie "Scan all users" aan.
  
• Klik nu op de knop "Run Scan" .
  
• Wanneer OTL gereed is zullen er twee log bestanden worden geopend (Deze worden tevens op dezelfde locatie opgeslagen als waar OTL is uitgevoerd).
  
• Voeg beide bestanden nu als bijlage toe aan het volgende bericht.