reclame

[wim aarnink]

hoe kom ik van al die reclame af die ik niet wens op de laptop:rofl:

[kape]

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[wim aarnink]

snap niet goed hoe het werkt ik heb 1een 64 bit

[kape]

snap niet goed hoe het werkt ik heb 1een 64 bit

Dan klik je op de blauwe link RSIT 64 bit (RSITx64.exe) en opent de download van het 64-bit-programma.

[wim aarnink]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Gebruiker at 2014-01-12 08:58:51

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 183 GB (60%) free of 305 GB

Total RAM: 2908 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:58:52, on 12-1-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\trend micro\Gebruiker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conb_original_ctid&searchsource=55&cui=&um=2&up=spdd8833cd-10d8-4e94-a3a7-c21b55a73575&sspv=/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: CheaPMe - {2404C97D-BEA9-B7B3-9BC3-5031D329F39D} - C:\ProgramData\CheaPMe\Uf.dll

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} (SNRet Control) - http://acer.custhelp.com/euf/assets/activex/snret.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\webplat\webplat.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7897 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe 3871872

\??\C:\Windows\system32\conhost.exe "760358472229935219-1866276865-5140616775537892941665991937-1072644998281194518

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"taskhost.exe"

"C:\Windows\system32\rundll32.exe" "c:\progra~3\webplat\WebPlatSvc.dll",service

"C:\Windows\system32\rundll32.exe" "c:\progra~3\webplat\WebPlatSvc.dll",service

"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon

"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon

"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr

"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2500

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\splwow64.exe 8192

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

"c:\Program Files\Microsoft Security Client\NisSrv.exe"

"C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

C:\Windows\servicing\TrustedInstaller.exe

"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

taskeng.exe {6E90B39B-5B4B-4047-BE39-BA1EFA5C9728}

"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

"C:\Users\Gebruiker\Downloads\RSITx64 (2).exe"

C:\Windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000Core.job

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}]

CheaPMe - C:\ProgramData\CheaPMe\Uf.x64.dll [2014-01-01 475136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}]

CheaPMe - C:\ProgramData\CheaPMe\Uf.dll [2014-01-01 425472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-10-10 171040]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-10-10 399392]

"Persistence"=C:\Windows\system32\igfxpers.exe [2012-10-10 441888]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-07-29 2280232]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"=C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 138096]

"Google Update"=C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-04 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Users\Gebruiker\AppData\Roaming\BitTorrent\BitTorrent.exe [2013-12-01 895328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper]

C:\Users\Gebruiker\AppData\Local\Smartbar\Application\Linkury.exe startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-11-06 1564528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-11-06 311152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Users\Gebruiker\AppData\Roaming\uTorrent\uTorrent.exe [2013-11-27 1142864]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" C:\PROGRA~3\WebPlat\WEBPLA~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2012-10-10 441856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-11 15:17:59 ----D---- C:\rsit

2014-01-11 15:17:59 ----D---- C:\Program Files\trend micro

2014-01-08 18:48:05 ----D---- C:\AdwCleaner

2014-01-06 20:23:36 ----A---- C:\Windows\SYSWOW64\GPhotos.scr

2014-01-04 19:50:04 ----D---- C:\Program Files (x86)\RanndomPPricce

2014-01-01 08:32:53 ----D---- C:\ProgramData\RanndomPPricce

2014-01-01 08:32:51 ----D---- C:\ProgramData\adbpbbbkcdghcpalelpliddmdeelcofm

2014-01-01 08:32:41 ----D---- C:\ProgramData\f1bb140aeae9bcc1

2014-01-01 08:32:39 ----D---- C:\ProgramData\CheaPMe

2013-12-31 18:19:54 ----D---- C:\ProgramData\WebPlat

2013-12-30 11:30:13 ----D---- C:\Users\Gebruiker\AppData\Roaming\LavasoftStatistics

2013-12-30 11:11:35 ----D---- C:\ProgramData\Lavasoft

2013-12-30 11:01:06 ----D---- C:\Users\Gebruiker\AppData\Roaming\newnext.me

======List of files/folders modified in the last 1 month======

2014-01-12 08:57:45 ----D---- C:\Windows\Temp

2014-01-12 08:47:22 ----D---- C:\Windows\system32\config

2014-01-11 15:17:59 ----RD---- C:\Program Files

2014-01-10 15:43:20 ----SHD---- C:\System Volume Information

2014-01-10 15:31:49 ----D---- C:\Windows\inf

2014-01-09 07:19:16 ----D---- C:\Windows

2014-01-08 18:50:19 ----HD---- C:\ProgramData

2014-01-08 18:49:54 ----D---- C:\Windows\system32\Tasks

2014-01-08 18:49:54 ----D---- C:\Windows\System32

2014-01-08 18:49:41 ----RD---- C:\Program Files (x86)

2014-01-07 10:58:43 ----SHD---- C:\Windows\Installer

2014-01-07 10:58:43 ----SHD---- C:\Config.Msi

2014-01-07 09:07:04 ----D---- C:\Windows\system32\catroot2

2014-01-04 19:41:12 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-01-04 19:39:42 ----D---- C:\Windows\system32\drivers

2014-01-04 15:18:36 ----D---- C:\ProgramData\CanonIJPLM

2014-01-04 10:56:21 ----D---- C:\Users\Gebruiker\AppData\Roaming\uTorrent

2014-01-04 10:56:21 ----D---- C:\Users\Gebruiker\AppData\Roaming\BitTorrent

2013-12-30 18:46:06 ----D---- C:\Windows\Tasks

2013-12-30 18:46:06 ----D---- C:\Windows\SysWOW64

2013-12-30 18:46:06 ----D---- C:\Windows\system32\wfp

2013-12-30 18:46:06 ----D---- C:\Windows\system32\wbem

2013-12-30 18:46:06 ----D---- C:\Windows\servicing

2013-12-30 18:45:09 ----D---- C:\Windows\system32\DriverStore

2013-12-30 18:45:09 ----D---- C:\Windows\ehome

2013-12-30 18:45:08 ----D---- C:\Windows\AppPatch

2013-12-30 18:45:08 ----D---- C:\Program Files\Windows Sidebar

2013-12-30 18:45:08 ----D---- C:\Program Files\Windows Media Player

2013-12-30 18:45:08 ----D---- C:\Program Files\Windows Mail

2013-12-30 18:45:08 ----D---- C:\Program Files\Windows Defender

2013-12-30 18:45:08 ----D---- C:\Program Files\Internet Explorer

2013-12-30 18:45:08 ----D---- C:\Program Files\DVD Maker

2013-12-30 18:45:08 ----D---- C:\Program Files (x86)\Windows Media Player

2013-12-30 18:45:08 ----D---- C:\Program Files (x86)\Windows Mail

2013-12-30 18:45:08 ----D---- C:\Program Files (x86)\Internet Explorer

2013-12-30 18:45:06 ----D---- C:\Windows\system32\Wat

2013-12-30 18:45:03 ----D---- C:\Windows\system32\drivers\UMDF

2013-12-30 18:45:01 ----D---- C:\Windows\Downloaded Program Files

2013-12-30 18:44:52 ----D---- C:\Program Files\WinRAR

2013-12-30 18:44:51 ----D---- C:\Program Files\Microsoft Security Client

2013-12-30 18:44:51 ----D---- C:\Program Files\CCleaner

2013-12-30 18:44:48 ----D---- C:\Program Files (x86)\FuzeZip

2013-12-30 18:44:48 ----D---- C:\Program Files (x86)\Easy Cover Print

2013-12-30 18:44:30 ----D---- C:\Windows\registration

2013-12-30 18:43:39 ----D---- C:\Program Files\Common Files

2013-12-27 14:03:01 ----D---- C:\Users\Gebruiker\AppData\Roaming\vlc

2013-12-26 13:42:50 ----D---- C:\Windows\Microsoft.NET

2013-12-26 13:40:34 ----RSD---- C:\Windows\assembly

2013-12-24 10:30:33 ----D---- C:\ProgramData\Microsoft Help

2013-12-24 10:23:30 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2013-12-17 07:30:50 ----D---- C:\Program Files (x86)\Google

2013-12-16 18:48:50 ----D---- C:\Windows\debug

2013-12-14 09:47:57 ----D---- C:\Windows\system32\MRT

2013-12-14 09:45:44 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]

R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-08-23 3724288]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2012-08-13 72280]

R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2012-08-13 21080]

R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2012-06-18 55384]

R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2012-08-14 70744]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-10-10 5343584]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]

R3 MEIx64;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-07-29 1383472]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-08-21 103576]

S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS [2013-02-05 37344]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 204568]

S3 tap0901;Spotflux Network Device Driver; C:\Windows\system32\DRIVERS\tap0901.sys [2013-01-10 38624]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

S3 WinUSB;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 976137e5;WebPlat; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]

R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-12-28 101376]

R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]

R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 136176]

S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 136176]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-13 1255736]

S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

- - - Updated - - -

is dit het soms?

[kape]

Dit is het helemaal

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.zip naar het bureaublad.

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {2404C97D-BEA9-B7B3-9BC3-5031D329F39D};c
 C:\ProgramData\CheaPMe;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}];r64
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\Program Files (x86)\RanndomPPricce;fs
 C:\ProgramData\RanndomPPricce;fs
 C:\ProgramData\adbpbbbkcdghcpalelpliddmdeelcofm;fs
 C:\ProgramData\f1bb140aeae9bcc1;fs
 C:\ProgramData\CheaPMe;fs
 C:\ProgramData\WebPlat;fs
 C:\Users\Gebruiker\AppData\Roaming\newnext.me;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[wim aarnink]

Zoek.exe v5.0.0.0 Updated 12-Januari-2014

Tool run by Gebruiker on ma 13-01-2014 at 18:41:49,87.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gebruiker\Downloads\zoek (1).exe [scan all users] [script inserted]

==== System Restore Info ======================

13-1-2014 18:42:36 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AVS4YOU deleted successfully

C:\PROGRA~2\BearShare Applications deleted successfully

C:\PROGRA~2\Mp3 To Wave Converter deleted successfully

C:\PROGRA~2\RanndomPPricce deleted successfully

C:\PROGRA~2\YoWindow deleted successfully

C:\Program Files\Google deleted successfully

C:\ProgramData\CanonEPP deleted successfully

C:\ProgramData\CanonIJEPPEX2 deleted successfully

C:\ProgramData\eMule deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\ProgramData\RanndomPPricce deleted successfully

C:\Users\Gebruiker\AppData\Roaming\Nico Mak Computing deleted successfully

C:\Users\Gebruiker\AppData\Local\Fuze Zip deleted successfully

C:\Users\Gebruiker\AppData\Local\FuzeZip deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\RanndomPPricce not found

C:\ProgramData\RanndomPPricce not found

C:\ProgramData\CheaPMe deleted

C:\ProgramData\adbpbbbkcdghcpalelpliddmdeelcofm deleted

C:\ProgramData\f1bb140aeae9bcc1 deleted

C:\Users\Gebruiker\AppData\Roaming\newnext.me deleted

"C:\ProgramData\WebPlat\WebPlat_x64.dll" deleted

"C:\ProgramData\WebPlat" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-01-06 19:23:36 1A5F9109705CF798D2ED9B5D7D596A72 4558848 ----a-w- C:\Windows\SysWOW64\GPhotos.scr

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-11 14:17:59 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Gebruiker\AppData\Roaming ======

2014-01-07 09:58:42 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup

2014-01-02 17:21:03 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{934F1A0F-37F1-3A71-8B6B-82187C74CD28}

2014-01-02 17:21:02 -------- d-----w- C:\Users\Gebruiker\AppData\Locallow\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}

2014-01-01 07:32:54 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\{934F1A0F-37F1-3A71-8B6B-82187C74CD28}

2014-01-01 07:32:42 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\{2404C97D-BEA9-B7B3-9BC3-5031D329F39D}

2014-01-01 07:32:42 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages

2013-12-30 10:30:13 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\LavasoftStatistics

====== C:\Users\Gebruiker ======

2014-01-13 06:53:01 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Desktop\RSITx64.exe

2014-01-13 06:51:33 708B4EDAC89885F6BC24A2DD486AC64D 1272 ----a-w- C:\Users\Gebruiker\Desktop\adware.exe

2014-01-12 07:57:26 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64 (2).exe

2014-01-11 14:17:22 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64 (1).exe

2014-01-11 14:12:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe

2014-01-11 09:59:49 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner (4).exe

2014-01-11 09:54:10 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\AdwCleaner (3).exe

2014-01-11 09:52:51 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\AdwCleaner (2).exe

2014-01-11 09:43:02 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner (1).exe

2014-01-08 17:47:40 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner.exe

2014-01-04 07:34:45 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Gebruiker\Downloads\mbam-setup-1.75.0.1300 (3).exe

2013-12-30 10:11:35 -------- d-----w- C:\ProgramData\Lavasoft

2013-12-17 06:30:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

====== C: exe-files ==

2014-01-13 06:53:01 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Desktop\RSITx64.exe

2014-01-13 06:51:33 708B4EDAC89885F6BC24A2DD486AC64D 1272 ----a-w- C:\Users\Gebruiker\Desktop\adware.exe

2014-01-12 07:57:26 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64 (2).exe

2014-01-11 14:18:00 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gebruiker.exe

2014-01-11 14:17:22 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64 (1).exe

2014-01-11 14:12:39 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Gebruiker\Downloads\RSITx64.exe

2014-01-11 09:59:49 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner (4).exe

2014-01-11 09:54:10 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\AdwCleaner (3).exe

2014-01-11 09:52:51 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\AdwCleaner (2).exe

2014-01-11 09:43:02 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner (1).exe

2014-01-08 17:47:40 AF5C84446657B48C9B9B870C46438261 1233962 ----a-w- C:\Users\Gebruiker\Downloads\adwcleaner.exe

2014-01-07 09:58:42 395FDFF5365F878DDFD7B435E7CB2AFD 71894 ----a-r- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}\GPUploader.exe

2014-01-06 20:53:26 CA6C073CAB5ADFAA2898771C262D0FC3 1071384 ----a-w- C:\Program Files (x86)\Google\Picasa3\PicasaUpdater.exe

2014-01-06 20:53:24 DE6E7A6AFDD684FB3EF48101B8A9C364 4811032 ----a-w- C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe

2014-01-06 20:53:02 8254CD23B40B25A6486CAB5B05CC7555 9992472 ----a-w- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

2014-01-06 20:52:58 9437738476CDCDC0012EF66E3BC40207 715032 ----a-w- C:\Program Files (x86)\Google\Picasa3\moviethumb.exe

2014-01-06 20:52:54 70F553984736DEDD46FFBE184A3CF828 1104152 ----a-w- C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe

2014-01-06 20:52:52 723C6F3446082E94424357B6020DA7BC 1902872 ----a-w- C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1055028090-3034766534-2611135348-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~3\\webplat\\webplat.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BitTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\Gebruiker\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Browser Infrastructure Helper"

"hkey"="HKCU"

"command"="C:\\Users\\Gebruiker\\AppData\\Local\\Smartbar\\Application\\Linkury.exe startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesPreload"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesTrayAgent"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="uTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\Gebruiker\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update SecretSauce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Util SecretSauce]

==== Startup Folders ======================

2013-03-06 14:14:09 1300 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-12-2013 18:29]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [24-01-2013 10:30]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe [24-01-2013 10:30]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-03-2013 22:14]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-03-2013 22:14]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [04-03-2013 22:20]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [04-03-2013 22:20]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000Core" [C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000UA" [C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000Core" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1055028090-3034766534-2611135348-1000UA" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]

"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMPMOMJMGMGMNJNJJJCNHMOJOMKMCNLMLMLJHMCNHMPMJJNMCNGMNJIMOMNJHMMJNMOMOJKJNMJNJICMIMCNGMCNPMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMEKMICNJJCKJNBJCMILKJNJNIKIGJEJKJNIJNKJCMJNNICMJNDJCMBJDJ"]

"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]

"C:\Windows\SysNative\tasks\Torntv V6.0-chromeinstaller" [C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-chromeinstaller.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{95D3121F-2448-4974-958E-5F8B4C8276CE}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=19 folders=6 10303496 bytes)

==== EOF on ma 13-01-2014 at 18:46:58,06 ======================

[kape]

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  C:\Users\Gebruiker\Downloads\RSITx64 (2).exe;f
C:\Users\Gebruiker\Downloads\RSITx64 (1).exe;f
C:\Users\Gebruiker\Downloads\RSITx64.exe;f
C:\Users\Gebruiker\Downloads\adwcleaner (4).exe;f
C:\Users\Gebruiker\Downloads\AdwCleaner (3).exe;f
C:\Users\Gebruiker\Downloads\AdwCleaner (2).exe;f
C:\Users\Gebruiker\Downloads\adwcleaner (1).exe;f
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update SecretSauce];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Util SecretSauce];r
 C:\Windows\SysNative\tasks\Torntv V6.0-chromeinstaller;fs

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.