PC virusvrij maken

[Mdebruijn]

Ik heb een virus op mijn pc. De pc is vertraagd en op internet onderstreept hij tekst en er doemt steeds reclame op, overal en nergens op het scherm. Ik heb al MBAM uitgevoerd en heb bijgaand logje opgeslagen.

Ook heb ik getracht al HijackThis.com te gebruiken, maar alle free downloads deden het niet. Kunnen jullie mij verder helpen bij het verwijderen van dit virus?

Gr., Mijke

MBAM-log-2014-01-16 (20-46-49).txt

[kape]

Bij MBAM heb je enkel de scan uitgevoerd. De aanduiding "Geen actie ondernomen" kan er op wijzen dat je nog niet gekozen hebt om de gevonden items te verwijderen. Laat MBAM eens opnieuw scannen en kies nu wél voor "verwijderen". Hang daarna het nieuwe logje in je volgende bericht.

[Mdebruijn]

Ik heb het uitgevoerd en verwijderd. kan alleen geen document toevoegen.

Gr., Mijke

[kape]

Ik heb het uitgevoerd en verwijderd. kan alleen geen document toevoegen.

Kan je het logje niet als bijlage aan je bericht hangen ? Net zoals je in je eerste bericht hebt gedaan ?

[Mdebruijn]

Als het goed is heb ik nu de bijlage wel kunnen toevoegen. Optie werkte vrijdag tijdelijk niet. Scherm bleef zwart... Hoop dat je hier iets uit af kan lezen?

mbam-log-2014-01-17 (11-21-04).txt

[kape]

Hier is al behoorlijk wat rotzooi mee verwijderd. Maar we kijken nog wat verder:

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

Bekijk ook de instructievideo.

[Mdebruijn]

Super! ga ik mee aan de slag!

[Mdebruijn]

Hier het logje van RSIT

Logfile of random's system information tool 1.09 (written by random/random)

Run by diedenmijk at 2014-01-21 09:22:58

Microsoft® Windows Vista™ Home Basic Service Pack 1

System drive C: has 90 GB (38%) free of 238 GB

Total RAM: 2036 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:24:03, on 21-1-2014

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.19088)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Users\diedenmijk\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe

C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\diedenmijk\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Users\diedenmijk\AppData\Local\iLivid\iLivid.exe

C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Users\diedenmijk\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\diedenmijk\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sdclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\OTYS Recruiting Technology\OTYS.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\mshta.exe

C:\Windows\system32\mshta.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\diedenmijk\Downloads\RSIT (1).exe

C:\Program Files\trend micro\diedenmijk.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qmotion, alles op het gebied van computers

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qmotion, alles op het gebied van computers

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll

O2 - BHO: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (file missing)

O3 - Toolbar: Lexmark Werkbalk - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll

O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"

O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\diedenmijk\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\diedenmijk\AppData\Roaming\Yontoo\YontooDesktop.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [iLivid] "C:\Users\diedenmijk\AppData\Local\iLivid\iLivid.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-363756370-3354141319-1056003040-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Mijke')

O4 - HKUS\S-1-5-21-363756370-3354141319-1056003040-1004\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup (User 'Mijke')

O4 - HKUS\S-1-5-21-363756370-3354141319-1056003040-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Mijke')

O4 - HKUS\S-1-5-21-363756370-3354141319-1056003040-1004\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN396EWJY005KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 (User 'Mijke')

O4 - S-1-5-21-363756370-3354141319-1056003040-1004 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mijke')

O4 - S-1-5-21-363756370-3354141319-1056003040-1004 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Mijke')

O4 - Startup: Dropbox.lnk = C:\Users\diedenmijk\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

O4 - Global Startup: Metacafe.lnk = C:\Users\diedenmijk\Downloads\Metacafe\MetacafeAgent.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Kopieer selectie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

O8 - Extra context menu item: Kopieer URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html

O8 - Extra context menu item: Pagina opemen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html

O15 - Trusted Zone: bo01.otys.nl

O15 - Trusted Zone: bo04.otys.nl

O15 - Trusted Zone: bo11.otys.nl

O15 - Trusted Zone: bo12.otys.nl

O15 - Trusted Zone: bo13.otys.nl

O15 - Trusted Zone: bo14.otys.nl

O15 - Trusted Zone: bo15.otys.nl

O15 - Trusted Zone: bo16.otys.nl

O15 - Trusted Zone: bo17.otys.nl

O15 - Trusted IP range: 85.112.17.6

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll

O20 - AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe

O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe

O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\diedenmijk\AppData\Local\Torch\Update\TorchCrashHandler.exe

O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

--

End of file - 15577 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd217fbd3327f0.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{34ED3EEF-1860-435F-A3B6-8768D5B0E5CF}.job

C:\Windows\tasks\User_Feed_Synchronization-{3EE8AC18-B689-4BF8-890D-0407C273A89B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Werkbalk - C:\Program Files\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}]

Search-Results Toolbar - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]

Evernote extension - C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2013-03-02 583008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll [2014-01-08 3349528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-18 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-11 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

Yontoo - C:\Program Files\Yontoo\YontooIEClient.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Werkbalk - C:\Program Files\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll [2014-01-08 3349528]

{377e5d4d-77e5-476a-8716-7e70a9272da0} - Search-Results Toolbar - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll []

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-18 194128]

{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-31 4702208]

"Skytel"=C:\Windows\Skytel.exe [2007-10-11 1826816]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2012-02-23 59240]

"lxdxmon.exe"=C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe [2008-06-13 668328]

"lxdxamon"=C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe [2008-06-13 16040]

"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2008-06-13 320168]

"Philips Device Listener"=C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [2010-11-20 380416]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-03-06 421736]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-11-20 4411952]

"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2014-01-08 2486296]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-09-04 311152]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]

""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-09-04 844656]

"MobileDocuments"=C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-18 39408]

"Akamai NetSession Interface"=C:\Users\diedenmijk\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]

"Yontoo Desktop"=C:\Users\diedenmijk\AppData\Roaming\Yontoo\YontooDesktop.exe [2013-05-01 42784]

"KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2013-09-04 1564528]

""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-09-04 844656]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2013-12-06 20203904]

"iLivid"=C:\Users\diedenmijk\AppData\Local\iLivid\iLivid.exe [2013-09-08 6827008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\Windows\system32\igfxtray.exe [2008-02-11 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

Metacafe.lnk - C:\Users\diedenmijk\Downloads\Metacafe\MetacafeAgent.exe

C:\Users\diedenmijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\diedenmijk\AppData\Roaming\Dropbox\bin\Dropbox.exe

EvernoteClipper.lnk - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~2\Wincert\WIN32C~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]

"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-21 09:22:58 ----D---- C:\rsit

2014-01-21 09:22:58 ----D---- C:\Program Files\trend micro

2014-01-20 09:27:43 ----D---- C:\Users\diedenmijk\AppData\Roaming\HpUpdate

2014-01-16 19:56:31 ----D---- C:\Users\diedenmijk\AppData\Roaming\Malwarebytes

2014-01-16 19:56:21 ----D---- C:\ProgramData\Malwarebytes

2014-01-16 19:56:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2014-01-16 19:56:20 ----A---- C:\Windows\system32\drivers\mbam.sys

2014-01-15 14:05:27 ----D---- C:\ProgramData\TorchCrashHandler

2014-01-12 11:03:22 ----D---- C:\Program Files\Microsoft

2014-01-12 11:01:29 ----N---- C:\Windows\system32\HPDiscoPM5912.dll

2014-01-12 10:58:06 ----D---- C:\ProgramData\HP

2014-01-12 10:57:45 ----D---- C:\Program Files\HP

2014-01-12 10:57:37 ----A---- C:\ProgramData\Ament.ini

2014-01-09 10:51:51 ----D---- C:\Program Files\Prezi

======List of files/folders modified in the last 1 month======

2014-01-21 09:23:41 ----D---- C:\Windows\Temp

2014-01-21 09:23:25 ----D---- C:\Windows\Prefetch

2014-01-21 09:22:58 ----RD---- C:\Program Files

2014-01-21 09:05:10 ----D---- C:\ProgramData\MFAData

2014-01-21 09:02:06 ----D---- C:\Users\diedenmijk\AppData\Roaming\Dropbox

2014-01-21 09:01:25 ----D---- C:\Users\diedenmijk\AppData\Roaming\Yontoo

2014-01-20 13:47:44 ----SHD---- C:\System Volume Information

2014-01-20 09:20:47 ----D---- C:\Program Files\Yontoo

2014-01-20 09:20:45 ----D---- C:\ProgramData\Wincert

2014-01-20 09:20:44 ----D---- C:\Program Files\Common Files\Akamai

2014-01-17 14:25:26 ----SHD---- C:\Windows\Installer

2014-01-17 14:25:18 ----D---- C:\Program Files\Microsoft SQL Server

2014-01-17 14:25:05 ----SHD---- C:\Config.Msi

2014-01-17 14:24:53 ----D---- C:\Windows\registration

2014-01-17 11:57:47 ----D---- C:\Windows\system32\drivers

2014-01-17 11:57:01 ----D---- C:\Program Files\Movies Toolbar

2014-01-17 11:52:03 ----D---- C:\Program Files\Search Results Toolbar

2014-01-17 11:52:02 ----HD---- C:\ProgramData

2014-01-17 10:26:17 ----A---- C:\Windows\wininit.ini

2014-01-17 10:16:27 ----D---- C:\Windows\system32\catroot2

2014-01-16 21:06:26 ----D---- C:\Windows\Minidump

2014-01-16 21:06:19 ----D---- C:\Windows

2014-01-16 13:46:25 ----D---- C:\Windows\system32\Tasks

2014-01-16 13:46:02 ----D---- C:\Windows\System32

2014-01-16 09:49:10 ----D---- C:\ProgramData\Microsoft Help

2014-01-16 09:44:54 ----D---- C:\Windows\system32\MRT

2014-01-16 09:40:30 ----A---- C:\Windows\system32\mrt.exe

2014-01-12 11:04:39 ----SD---- C:\ProgramData\Microsoft

2014-01-12 11:01:22 ----D---- C:\Windows\system32\catroot

2014-01-12 11:01:20 ----D---- C:\Windows\inf

2014-01-12 10:57:57 ----D---- C:\Windows\twain_32

2014-01-12 10:43:22 ----D---- C:\ProgramData\Lx_cats

2014-01-09 10:03:39 ----D---- C:\Program Files\Google

2014-01-08 15:30:50 ----D---- C:\Program Files\AVG Secure Search

2014-01-08 13:33:37 ----D---- C:\Users\diedenmijk\AppData\Roaming\vlc

2014-01-07 10:09:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]

R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-07-20 246072]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-07-01 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-10-23 39224]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 208184]

R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2013-10-23 22328]

R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]

R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [2013-11-11 37664]

R2 irda;IrDA-protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2013-04-18 37344]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2010-05-10 15664]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-01 2011224]

R3 irsir;Microsoft-stuurprogramma voor serieel infraroodapparaat; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-21 20992]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]

R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2013-05-22 20032]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192cu.sys [2011-07-06 602216]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-05-02 136904]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-05-02 17864]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-05-02 153672]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-02-15 43520]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 WinUSB;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-21 31616]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-26 55144]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]

R2 BcmSqlStartupSvc;Opstartservice voor SQL Server voor Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]

R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-03-06 82944]

R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2013-04-18 233472]

R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 lxdx_device;lxdx_device; C:\Windows\system32\lxdxcoms.exe [2008-02-28 594600]

R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-28 98984]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 Realtek11nSU;Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]

R2 TorchCrashHandler;Torch Crash Handler; C:\Users\diedenmijk\AppData\Local\Torch\Update\TorchCrashHandler.exe [2013-12-21 1205760]

R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-01-08 1771544]

R2 Yontoo Desktop Updater;Yontoo Desktop Updater; C:\Program Files\Yontoo\Y2Desktop.Updater.exe [2013-05-01 23552]

R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]

R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-06 821608]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14 257416]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-17 194032]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

S4 SQLBrowser;SQL Server-browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

[kape]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  {377e5d4d-77e5-476a-8716-7e70a9272da0};c
 {95B7759C-8C7F-4BF1-B163-73684A933233};c
 C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll;f
 {FD72061E-9FDE-484D-A58A-0BAB4151CAD8};c
 C:\Program Files\Yontoo;fs
 C:\ProgramData\Wincert;fs
 {8dcb7100-df86-4384-8842-8fa844297b3f};c
 C:\Program Files\Microsoft\BingBar;fs
 Yontoo Desktop;s
 C:\Users\diedenmijk\AppData\Roaming\Yontoo;fs
 iLivid;s
 C:\Users\diedenmijk\AppData\Local\iLivid;fs
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}];r
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
 ""=-;r
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
 "Yontoo Desktop"=-;r
 "iLivid"=-;r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
 "AppInit_DLLs"=-;r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe];r
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe];r
 C:\Program Files\Movies Toolbar;fs
 C:\Program Files\Search Results Toolbar;fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[Mdebruijn]

dit was een pittige opdracht. Maar volgens mij is dit het logje van zoek.exe?:

Zoek.exe v5.0.0.0 Updated 22-Januari-2014

Tool run by diedenmijk on do 23-01-2014 at 19:38:13,60.

Microsoft® Windows Vista™ Home Basic 6.0.6001 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\diedenmijk\Downloads\zoek (7).exe [scan all users] [script inserted] [Checkboxes used]

===== Runcheck 19:41:47,85 =====

--- Create Environment Variables 19:41:48,40

--- Create System Restore Point 19:42:01,87

--- Checking Input 19:42:37,06

--- AU AppData Check 19:42:38,98

--- Remove From Windows Installer 19:42:45,35

--- Empty Folders Check 19:43:38,20

--- IE Startpage Check 19:46:01,38

--- Program Files DB Check 19:46:29,58

--- C:\Users\Default\AppData\Roaming DB Check 19:47:24,23

--- C:\Users\Default User\AppData\Roaming DB Check 19:47:24,23

--- C:\Users\diedenmijk\AppData\Roaming DB Check 19:47:24,23

--- C:\Users\Mijke\AppData\Roaming DB Check 19:47:24,23

--- C:\Windows\system32\config\systemprofile\AppData\Roaming DB Check 19:47:24,23

--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 19:47:24,23

--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 19:47:24,23

--- C:\Users\diedenmijk DB Check 19:49:24,35

--- C:\ProgramData DB Check 19:50:04,73