Pagina 1 van 1

Online Armor vreemde autostarters en programma's

Geplaatst: zo 20 jan, 2013 17:08:19
door danderoo
Goedendag,

ik probeer de PC de laptop van mijn ouders weer enigzins leven in te blazen (was niet vooruit te branden) en kom er achter dat in de programmalijst van Online Armor elke keer hele vreemde regels komen, waarin oa de tekst "click2run" staat, met heel veel vreemde tekens.

toen ik daarna in de "autostarters" keek schrok ik, want daar staat een lijst met honderden programma's met de meest vreemde namen, waaronder het grootste deel ook dezelfde tekst "click2run" bevat.

Hoe kan ik dit eenvoudig en veilig verwijderen?
ik heb ccleaner en spybot al gerund, en laat Malwarebytes nu draaien.

Bij voorbaat dank.

mvg

Re: Online Armor vreemde autostarters en programma's

Geplaatst: zo 20 jan, 2013 18:09:58
door danderoo
nu het resultaat van MBAM toegevoegd:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Databaseversie: v2013.01.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Willeke :: WILLEKE-PC [administrator]

20-1-2013 16:41:56
MBAM-log-2013-01-20 (18-08-53).txt

Scan type: Volledige scan (C:\|Q:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 387247
Verstreken tijd: 1 uur/uren, 25 minuut/minuten, 2 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 7
HKCR\CLSID\{4f6c5a7f-93ba-41ce-ba77-5a415b3debef} (PUP.FunWebProducts) -> Geen actie ondernomen.
HKCR\TypeLib\{68e87bb7-8295-4514-9562-ac39cd4bb2c5} (PUP.FunWebProducts) -> Geen actie ondernomen.
HKCR\Interface\{7560E624-E498-4D61-A34D-00546B8C1F9D} (PUP.FunWebProducts) -> Geen actie ondernomen.
HKCR\Maps4PC_0cInstaller.Start.1 (PUP.FunWebProducts) -> Geen actie ondernomen.
HKCR\Maps4PC_0cInstaller.Start (PUP.FunWebProducts) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F6C5A7F-93BA-41CE-BA77-5A415B3DEBEF} (PUP.FunWebProducts) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4F6C5A7F-93BA-41CE-BA77-5A415B3DEBEF} (PUP.FunWebProducts) -> Geen actie ondernomen.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\Program Files (x86)\Maps4PC_0cEI\Installr\1.bin\0cEZSETP.dll (PUP.FunWebProducts) -> Geen actie ondernomen.

(einde)

Re: Online Armor vreemde autostarters en programma's

Geplaatst: zo 20 jan, 2013 21:54:20
door smeenk
Download zoek.exe naar het bureaublad.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Vink nu de onderstaande opties aan.
    • Auto Clean
    • Recently Created
    • Installed Programs
    • Startup Info
    • System Restore Point
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 09:27:13
door danderoo
Goedemorgen,

bij deze:

==== Creating Sample_21-01-2013_0913.zip ======================

Process chrome.exe killed
Copied file C:\Users\Willeke\PhotoshopElements_9_LS15.exe to sample
sample\PhotoshopElements_9_LS15.exe renamed to 363CDCC90169E47FA30ACFBCC0D95306

C:\Users\Public\Desktop\sample_21-01-2013_0913.zip created successfully

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Willeke\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-01-10 16:13:27 52CCA2E9FFD0653CACED1E808AADE4B6 492032 ----a-w- C:\Windows\SysWOW64\win32spl.dll
2013-01-10 16:13:13 EAADD6E47ED2A7003ACE1793B98CF63F 1389568 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2013-01-10 16:13:13 21D3A18769EC2C4E56756D04E989A221 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2013-01-10 16:13:09 BF6D6ED5FADCEEE885BD0144ECF1BA27 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-01-10 16:13:06 B7230010D97787AF3D25E4C82F2B06B9 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll
2013-01-10 16:12:57 ED59143843560B5EDB543C2A48CB9E4B 45568 ----a-w- C:\Windows\SysWOW64\oflc-nz.rs
2013-01-10 16:12:57 A704E750245D5D4EE4A23E99A00F27D5 46592 ----a-w- C:\Windows\SysWOW64\fpb.rs
2013-01-10 16:12:57 9EDCFA23CC081E38C86CA309D0F7E3DC 30720 ----a-w- C:\Windows\SysWOW64\usk.rs
2013-01-10 16:12:57 9B7D7F4D1F79E8B7D727BE94B1630D59 44544 ----a-w- C:\Windows\SysWOW64\pegibbfc.rs
2013-01-10 16:12:57 6EC618588447B82EA8D88719EE46F725 43520 ----a-w- C:\Windows\SysWOW64\csrr.rs
2013-01-10 16:12:57 41CE7975CAD7BCF92538D2C452239523 40960 ----a-w- C:\Windows\SysWOW64\cob-au.rs
2013-01-10 16:12:57 27828AAA24AA46F11036954ADE355C1C 15360 ----a-w- C:\Windows\SysWOW64\djctq.rs
2013-01-10 16:12:56 A067A19A91C2AA0198F9BD01A5CEF5C6 21504 ----a-w- C:\Windows\SysWOW64\grb.rs
2013-01-10 16:12:56 5109C45498BC709C8A7E016D5FFCCAC2 20480 ----a-w- C:\Windows\SysWOW64\pegi.rs
2013-01-10 16:12:56 4F5C56DBF076D5BBB1D22B37BF281396 20480 ----a-w- C:\Windows\SysWOW64\pegi-pt.rs
2013-01-10 16:12:55 64E211E0FDFCE4D186DF58BB7D0503BC 2576384 ----a-w- C:\Windows\SysWOW64\gameux.dll
2013-01-10 16:12:55 43C9CF6825CEA58F1815B7C3DBBB385C 308736 ----a-w- C:\Windows\SysWOW64\Wpc.dll
2013-01-10 16:12:52 DDD1C4AB9A9DAE6D4092C4C95E714650 51712 ----a-w- C:\Windows\SysWOW64\esrb.rs
2013-01-10 16:12:51 CBC69A055EF410CBD65593E4808B6DB4 23552 ----a-w- C:\Windows\SysWOW64\oflc.rs
2013-01-10 16:12:51 7752619457598CF057C4CC02A0867029 55296 ----a-w- C:\Windows\SysWOW64\cero.rs
2013-01-10 16:12:51 72035C97983745E742D71E9A8EF70BBB 20480 ----a-w- C:\Windows\SysWOW64\pegi-fi.rs
2013-01-10 16:11:54 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\SysWOW64\locale.nls
2013-01-10 16:11:51 E954A79D6A754A5475582CACED1565E6 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-01-10 16:11:48 AC0B6F41882FC6ED186962D770EBF1D2 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-01-10 16:11:47 D836382F58FC216317C9C0CFC7EE6B5A 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-10 16:11:47 C27C0DBA18C5668D47D17D7EB305172B 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-01-10 16:11:42 E0AD44A09B01D863B90F9ED8DF7AE771 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-10 16:11:42 4707A115C283D2FE29BE63CC24B83EC7 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-10 16:11:41 C991F87D8C679B016BBEC40412B36AF6 2048 ----a-w- C:\Windows\SysWOW64\user.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-01-20 12:11:38 23948829C6D049B8ADE0E0FB87305AC3 17272 ----a-w- C:\Windows\Sysnative\sdnclean64.exe
2013-01-10 16:13:28 0353B239C28B0E9EBC7FA3D1F6181661 750592 ----a-w- C:\Windows\Sysnative\win32spl.dll
2013-01-10 16:13:15 99B91C5D2FCEF218CAD3600ECB62A799 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll
2013-01-10 16:13:13 371948BC5911ABA06168FAC91ED25F06 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2013-01-10 16:13:09 5F3307352216618221A17CFEF273EEE2 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2013-01-10 16:13:06 DBF99FD9CAF75CA66D042BD8D050FF71 800768 ----a-w- C:\Windows\Sysnative\usp10.dll
2013-01-10 16:12:57 EBB73E4E8CA01089CF74ECE506EB7607 43520 ----a-w- C:\Windows\Sysnative\csrr.rs
2013-01-10 16:12:57 C4B0793E4B97AA36A2A8C81A7AA1979A 44544 ----a-w- C:\Windows\Sysnative\pegibbfc.rs
2013-01-10 16:12:57 A2E0F1E01A0983E9C94565BBEC862BF7 40960 ----a-w- C:\Windows\Sysnative\cob-au.rs
2013-01-10 16:12:57 997938D423CE830161CB6059434E3C9F 45568 ----a-w- C:\Windows\Sysnative\oflc-nz.rs
2013-01-10 16:12:57 65A8302C7551CFE45FAA2BC085C9E7E2 15360 ----a-w- C:\Windows\Sysnative\djctq.rs
2013-01-10 16:12:57 5C48A43FC30FC61ECB1335DC646686BC 30720 ----a-w- C:\Windows\Sysnative\usk.rs
2013-01-10 16:12:57 54B11BB2AFBC3D5EBA9C96F0C1820B9B 46592 ----a-w- C:\Windows\Sysnative\fpb.rs
2013-01-10 16:12:56 6D540AF9B183FC97DC4CC54369561548 20480 ----a-w- C:\Windows\Sysnative\pegi-pt.rs
2013-01-10 16:12:56 661AE5EAC62C4598DD01795CEB915BAE 20480 ----a-w- C:\Windows\Sysnative\pegi.rs
2013-01-10 16:12:56 4489D5D2CB4BA0799F3FB4625DE181CF 21504 ----a-w- C:\Windows\Sysnative\grb.rs
2013-01-10 16:12:56 027675ED9B34EE1B91505C3B8752649F 441856 ----a-w- C:\Windows\Sysnative\Wpc.dll
2013-01-10 16:12:55 2BCBA6052374959A30BD7948444DBB79 2746368 ----a-w- C:\Windows\Sysnative\gameux.dll
2013-01-10 16:12:52 51D25C805A01A2C4F930F9720CF51FFE 51712 ----a-w- C:\Windows\Sysnative\esrb.rs
2013-01-10 16:12:51 D0C01412FBF59C1C25630C49F0C1B803 55296 ----a-w- C:\Windows\Sysnative\cero.rs
2013-01-10 16:12:51 9BB05674E013C35F4DAED51F5015355D 20480 ----a-w- C:\Windows\Sysnative\pegi-fi.rs
2013-01-10 16:12:51 4773EB5962548068547214A620E9ACC3 23552 ----a-w- C:\Windows\Sysnative\oflc.rs
2013-01-10 16:11:55 1F56F209585F350A5666E3CC7931FD67 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2013-01-10 16:11:54 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\Sysnative\locale.nls
2013-01-10 16:11:49 65C113214F7B05820F6D8A65B1485196 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll
2013-01-10 16:11:47 BA69FBB4BFC88BA6AA8EB5A285393A72 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2013-01-10 16:11:47 9E479C2B605C25DA4971ABA36250FAEF 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2013-01-10 16:11:47 5674E21E82CFBEA36DDAD5DB285D6DBC 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2013-01-10 16:11:47 3EE3AA76D8AB6D5644C4C8F34471CEB3 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2013-01-10 16:11:47 259EB5F7D95A29842B476C5B3EB6E186 243200 ----a-w- C:\Windows\Sysnative\wow64.dll
2013-01-10 16:11:47 1BCDB508143B517F21BBDAC10F5777BF 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2013-01-10 16:10:47 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\Sysnative\taskhost.exe
2013-01-10 16:10:44 523B9B64F2B6C630A2E0A87116C05F12 3149824 ----a-w- C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2013-01-20 15:36:26 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-01-20 20:49:01 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio
2013-01-20 20:49:00 -------- d-----w- C:\Program Files (x86)\Common Files\DESIGNER
2013-01-20 12:11:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
======= C: =====
====== C:\Users\Willeke\AppData\Roaming ======
2013-01-20 12:09:46 -------- d-----w- C:\users\Willeke\AppData\Local\Programs
2013-01-20 11:55:58 -------- d-----w- C:\users\Willeke\AppData\Roaming\Apple Computer
====== C:\Users\Willeke ======
2013-01-20 12:30:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

====== C: exe-files ==
2013-01-21 08:07:49 A2DD738C3E673E76E5EA538702414BB7 15480 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgrdtestx.exe
2013-01-21 08:07:49 277F82FB2817806BA25A2BD2790B1257 7241864 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
2013-01-21 08:07:47 0214EC38CFEF72AA54F5243F9D689F04 621176 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe
2013-01-21 08:07:45 150DE281AA5F4DA6FECAB535F93EC7F4 270968 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe
2013-01-21 08:07:26 FE1504AFFC3AA544B85FB8BE09FE47A2 4422016 ----a-w- C:\Users\Willeke\Downloads\avg_free_stb_all_2013_2805_cnet.exe
2013-01-20 19:22:14 9D10F99A6712E28F8ACD5641E3A7EA6B 149352 ----a-w- C:\Users\Willeke\AppData\Local\Temp\Setup00000cd4\ose00000.exe
2013-01-20 15:35:40 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\Users\Willeke\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-20 12:11:44 CB63BDB77BB86549FC3303C2F11EDC18 168384 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
2013-01-20 12:11:43 E3947C81667D9A6957379C7AC1878700 3044904 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe
2013-01-20 12:11:42 A529CFE32565C0B145578FFB2B32C9A5 1369624 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2013-01-20 12:11:41 6DA79FBD5004D058822D7FFB4E6FC668 4939800 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSBIEdit.exe
2013-01-20 12:11:41 452DB84283EB2F043827AC95D62CE19C 3487240 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
2013-01-20 12:11:40 E5B08C76D70149D83C70524BD6A9BB2A 3208736 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDBootCD.exe
2013-01-20 12:11:40 3DF5CA3E4BDA7354D908C96536F20BD0 2768416 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPEStart.exe
2013-01-20 12:11:40 2184F839E2CE175323326E24E4926EEC 3984912 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
2013-01-20 12:11:40 215DB59AE80A17F6603F1ED56890A944 222744 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPESetup.exe
2013-01-20 12:11:40 1E5AEF78349B28B346C7F8B96C46143E 4201504 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScript.exe
2013-01-20 12:11:39 08EAD3366AB556F9C014EE6A0AD3FB75 3828768 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
2013-01-20 12:11:38 E4A0900CF535888DDD85B10040CA3E34 3906584 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
2013-01-20 12:11:38 36A82C214B46787385F3B0CD02ECAA88 3653656 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
2013-01-20 12:11:38 23948829C6D049B8ADE0E0FB87305AC3 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-20 12:11:38 1B2B3215F4B6B735813844AC1769E239 3713032 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
2013-01-20 12:11:37 E4A0900CF535888DDD85B10040CA3E34 3906584 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
2013-01-20 12:11:36 DF90E955A74D16DF44BDD08BA9F815E4 204896 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanHelper.exe
2013-01-20 12:11:36 206387AB881E93A1A6EB89966C8651F1 1103392 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
2013-01-20 12:11:35 B5A4EBA9487F08BECC843A87422B8052 3825176 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
2013-01-20 12:11:35 79A1D2AAB399849D0307325D24C2595A 3764248 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
2013-01-20 12:11:34 1E95079AFDB035878460D797BE585D3D 3500568 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
2013-01-20 12:11:33 046606A36202B6C15D515F3FFD800391 2876984 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPRE.exe
2013-01-20 12:11:32 92161F1EE9DF9F7F5E4A0FF553055C46 3211288 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDShred.exe
2013-01-20 12:11:32 3492434F098E2DD918F264CF0042B1E0 3571224 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSysRepair.exe
2013-01-20 12:11:32 30665EF9A00E926D2FC81398616EBB21 4494368 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
2013-01-20 12:11:32 0B8FB4EFC5518BEF358E684F4C2D397A 3397648 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
2013-01-20 12:11:31 DA15D9D80D2E27845C2C6A8F8CCE644A 2710040 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
2013-01-20 12:11:31 98F2272A7D1BA8E3155FBEA167BCC613 91648 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\xcacls.exe
2013-01-20 12:11:31 43EA4CE22183E3E76BE235A459F376B0 3495464 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPhoneScan.exe
2013-01-20 12:11:31 3EA8740BD2371CC255EF46D8500C8A43 1265480 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
2013-01-20 12:11:31 23132C88F03BAE38A3C62468ABFD63D2 132120 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\blindman.exe
2013-01-20 12:07:49 272A7ED33C052AA6F3F56802853CCC48 55454464 ----a-w- C:\Users\Willeke\Downloads\SpybotSD2.exe
2013-01-18 13:54:52 5F3D2EB5C6CB581C892734BA197BD8D3 4178040 ----a-w- C:\Users\Willeke\Downloads\ccsetup326.exe
2013-01-18 13:34:35 C2E930040DE2590CEE0CDADD48CC6B96 324416 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 6\newyear.exe
2013-01-15 14:28:54 1E701B2373F0593B54701E98C682CC5F 4658296 ----a-w- C:\Program Files (x86)\AVG\AVG10\avgcrema.exe
=== C: other files ==
2013-01-21 08:13:40 CD2C194FEFEEB5B6C786E306133881D6 496852 ----a-w- C:\Users\Public\Desktop\sample_21-01-2013_0913.zip
2013-01-21 08:07:49 D548D02F1133E6232B54E22997B4312C 775288 ----a-w- C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll
2013-01-21 08:07:45 13DD23172C3E8A81FAA9F88C34131C61 939008 ----a-w- C:\ProgramData\MFAData\SelfUpd\htmlayout.dll
2013-01-20 20:32:59 9A40D119A54139EFB609CB00DAD6493D 1811 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip
2013-01-20 20:32:58 F6E41BBCC0C2931C57C9307A8CDEC257 2161 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip
2013-01-20 20:32:58 ECDD06652D8B939B5371FD911F45CB70 1817 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip
2013-01-20 20:32:58 93823A6A6E3195609D9AABD4B067950F 2155 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0002.zip
2013-01-20 20:32:58 80BC12FA00F0502B8FFBF872DC4DC773 2214 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip
2013-01-20 20:32:58 32AAA05CE213F86278F10C4C26C1AF1A 2156 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0001.zip
2013-01-20 20:32:58 2BC6643260B8DEB261D9F33CE427D39D 2089 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip
2013-01-20 19:21:51 B29FA53EC3A0229530139FC27B7EC328 186240 ----a-w- C:\Users\Willeke\AppData\Local\Temp\Setup00000cd4\OSETUPUI.DLL
2013-01-20 19:21:49 0B86D643B09BD5DFF7D81F185EABCB19 6540136 ----a-w- C:\Users\Willeke\AppData\Local\Temp\Setup00000cd4\OSETUP.DLL
2013-01-20 15:36:26 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-20 15:34:09 C49D5E7A296030F5AD1B8AC207E66F3F 1810 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
2013-01-20 15:34:09 2399FF15AEDD51CAFCDC26B8F651F332 1816 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip
2013-01-20 15:34:08 FC090A5924BAD5F79DD82FA158FF0056 2154 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip
2013-01-20 15:34:08 7E616443F32D2A81AC920186E9B3D89D 2160 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip
2013-01-20 15:34:08 5A50BB097C3F2259F3F6BED966F047F0 2213 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip
2013-01-20 15:34:08 4B4508C3CFFB8435EDBE269172784C73 2134 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip
2013-01-20 15:34:07 CD8BDC2593606B184A53775A9F53408F 1851 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip
2013-01-20 14:34:32 A651B77570076EEDA0A73CCA284E4947 2333 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip
2013-01-20 14:34:32 9E7FB83F37336B77B310332A3D2EDD37 2798 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
2013-01-20 14:34:32 8AC90BBA643141EDA37A08FA24351559 2323 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
2013-01-20 14:34:32 56E9BCFAE6582733CDE8BAB485304EEE 2327 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
2013-01-20 14:34:32 370E22077C3B0652199D12A6B0BEBEAF 2671 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip
2013-01-20 14:34:32 2E1A4C14451B37D9D979AA2402026696 2710 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
2013-01-20 14:34:31 EDAFC4AE7D1B9D886935A99746EF96AF 2651 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
2013-01-20 14:34:31 9F6A3A8CC3E3AE3D9610C62973D1DA53 2712 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
2013-01-20 14:34:31 791A2AC621EF24CB684391B6A6DB0BFC 2662 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
2013-01-20 14:34:31 4A02399E5A158841DBF06DD4651BCEF1 2352 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip
2013-01-20 14:34:30 F6BA26751F0F03B6C91840A26BA00970 2353 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip
2013-01-20 14:34:30 BF45D99A3A728ECE7CDA476E35F2BF33 2353 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip
2013-01-20 12:11:44 240F3F7F2DB45CFEAAE7B5AEEAEC10C1 3214392 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
2013-01-20 12:11:43 D6CC267B372BFEA2657872865C1B2D2D 129080 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll
2013-01-20 12:11:43 CA1750C2A2CA3222BCD59F6E51DBAA49 464384 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
2013-01-20 12:11:43 AAEB7449CE5D81FD54A4B6220EC46480 11816 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDEvents.dll
2013-01-20 12:11:38 87AEA5092863E574378A40DC9ABE5DC9 1193000 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunizeLibrary.dll
2013-01-20 12:11:36 3418998AC123E20359514F0BA54B9B5B 1998384 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll
2013-01-20 12:11:35 0671A791C292F46423CFE37B53D598D0 597552 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanLibrary.dll
2013-01-20 12:11:34 BF12FBECC08DE2A379D2584D238345C8 322960 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\DelZip190.dll
2013-01-20 12:11:34 88F54314E76EDA9F6D1D9D6C40E36636 36088 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\borlndmm.dll
2013-01-20 12:11:34 14361FB2FD630988816A4F46AEAF0684 574840 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-20 12:11:33 FAD9807ACDE89A34D2EB4743D57016D7 1254456 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
2013-01-20 12:11:33 D21AB32F16E8DE67D45E5A383B5E52BA 244624 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2013-01-20 12:11:33 B009D6171147BE129636A49C4178E487 1112408 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2013-01-20 12:11:33 A0E86BA4B3E56C1DC277BD7CCEC555DA 2628632 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDResources.dll
2013-01-20 12:11:33 A0BCA2FDFE9C603924325B6A13D1A86F 244624 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\libssl32.dll
2013-01-20 12:11:33 7DA5E11256C85B32AE481F2F416238E3 391200 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll
2013-01-20 12:11:33 2019D23806347477C55CED2AF146593B 306200 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLists.dll
2013-01-20 12:11:31 E43F1F7E724887782AA18C98774D30AB 1579568 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll
2013-01-20 12:11:31 8D8468FBC1AA862B122FE5B535B8465B 1092640 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\UninsSrv.dll
2013-01-15 14:28:54 0A292388BCE0877C3F8A5545951E2633 7484536 ----a-w- C:\Program Files (x86)\AVG\AVG10\avgcorea.dll
2013-01-15 14:28:52 43B6BD4F2702A4704DCB02172E7B6C30 6175864 ----a-w- C:\Program Files (x86)\AVG\AVG10\avgcorex.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Willeke\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Akamai NetSession Interface"="C:\Users\Willeke\AppData\Local\Akamai\netsession_win.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Willeke\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Willeke\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG10\avgtray.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"ROC_roc_dec12"="C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Willeke\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Akamai NetSession Interface"="C:\Users\Willeke\AppData\Local\Akamai\netsession_win.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Willeke\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Willeke\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-01-2013 17:08]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-06-2010 23:42]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-06-2010 23:42]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-255706571-4020994972-1659730412-1000Core.job --a------ C:\Users\Willeke\AppData\Local\Google\Update\GoogleUpdate.exe [19-09-2012 13:37]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-255706571-4020994972-1659730412-1000UA.job --a------ C:\Users\Willeke\AppData\Local\Google\Update\GoogleUpdate.exe [19-09-2012 13:37]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Willeke\AppData\Roaming\Mozilla\Firefox\Profiles\piuv44eh.default
586FDC4E02623EE228EC35B9604AE5F2 - C:\Users\Willeke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll - Google Update
2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx[09-09-2011 02:11]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx[09-11-2012 14:20]

http //www.venere.com/nl/duitsland/berlijn/?c - Willeke - Default\Extensions\cgjglgdjmnngpdfbbkafnmnjejpcnjoa
http //www.ns.nl/reizigers/home - Willeke - Default\Extensions\fdpejkmdgijbalgkkcbjjiobkcncljhn
http //www.arriva.nl/reisinformatie/dienstreg - Willeke - Default\Extensions\fejgdahgpelmlakompkcahddlkmealeh
AVG Safe Search - Willeke - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Trackers on this page - Willeke - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
http //www.smulweb.nl/ - Willeke - Default\Extensions\nimopahienpgffjjbbdmgdahgbhdiijd
http //www.concert-nederland.nl/ - Willeke - Default\Extensions\pjjndnaicpimklloiehpjoficfnmodmd

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.nu.nl/"
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj65&r=27360510m7b6l0460z135f4431w802"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj65&r=27360510m7b6l0460z135f4431w802"
"Start Page"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj65&r=27360510m7b6l0460z135f4431w802"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj65&r=27360510m7b6l0460z135f4431w802"
"Start Page"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj65&r=27360510m7b6l0460z135f4431w802"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.nu.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKCU\*\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
HKCU\*\SearchScopes\{1621810A-F29A-4EAE-8293-0E92C172A36D} Ask Search Url="http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=F564E45F-4515-4FEB-9205-00F2EC8501A5&apn_sauid=D5EFF964-2120-4237-8E94-FEADC839E4B7"
HKCU\*\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_nlFR382ES384"
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
HKCU\*\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={861960E3-CC25-4F11-AFCB-CA8A5ECAB48C}&mid=2bc29732f1bcb548076c7c4f878e4c67-740d3feaef82ec8f8ec8b1b55c150b14342dde1b&lang=nl&ds=AVG&pr=fr&d=2011-12-18"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1621810A-F29A-4EAE-8293-0E92C172A36D} deleted successfully
HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-255706571-4020994972-1659730412-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Willeke\AppData\Roaming\Mozilla\Firefox\Profiles\piuv44eh.default

---- Lines Softonic removed from prefs.js ----

user_pref("extensions.Softonic.admin", false);
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.id", "a4366488000000000000c417feb5f748");
user_pref("extensions.Softonic.instlDay", "15659");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.vrsn", "1.5.21.0");
user_pref("extensions.Softonic.vrsni", "1.5.21.0");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.00:22:05");

---- Lines Softonic modified from prefs.js ----


---- Lines Softonic removed from user.js ----

user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
user_pref("extensions.Softonic.autoRvrt", "false");
user_pref("extensions.Softonic_i.newTab", false);
user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.Softonic.id", "a4366488000000000000c417feb5f748");
user_pref("extensions.Softonic.instlDay", "15659");
user_pref("extensions.Softonic.vrsn", "1.5.21.0");
user_pref("extensions.Softonic.vrsni", "1.5.21.0");
user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.00:22:05");
user_pref("extensions.Softonic.prtnrId", "softonic");
user_pref("extensions.Softonic.prdct", "Softonic");
user_pref("extensions.Softonic.aflt", "orgnl");
user_pref("extensions.Softonic_i.smplGrp", "none");
user_pref("extensions.Softonic.tlbrId", "base");
user_pref("extensions.Softonic.instlRef", "MON00001");
user_pref("extensions.Softonic.dfltLng", "");
user_pref("extensions.Softonic.excTlbr", false);
user_pref("extensions.Softonic.admin", false);

---- Lines ask.com removed from prefs.js ----

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");

---- Lines ask.com modified from prefs.js ----


---- Lines ask.com removed from user.js ----


---- FireFox user.js and prefs.js backups ----

user_21-01-2013_0920_.backup
prefs_21-01-2013_0920_.backup

==== Deleting Files \ Folders ======================

"C:\user.js" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted
"C:\user.js" deleted
"C:\Users\Willeke\PhotoshopElements_9_LS15.exe" deleted
"C:\Program Files (x86)\Maps4PC_0cEI" deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\Partner" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Willeke\AppData\Roaming\Mozilla\Firefox\Profiles\piuv44eh.default
586FDC4E02623EE228EC35B9604AE5F2 - C:\Users\Willeke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll - Google Update
2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Willeke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\Willeke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Willeke\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Willeke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 10:30:40
door smeenk
Er is een zip-bestand op je bureaublad geplaatst: C:\Users\Public\Desktop\sample_21-01-2013_0913.zip
Zou je die willen uploaden naar http://ww.mijnbestand.nl en het linkje daarvan willen posten?

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Kopieer onderstaande code en plak die in het grote invulvenster van zoek.exe:
    hijackthis;
    C:\ProgramData\Spybot - Search & Destroy\Quarantine\*;f
    emptyclsid;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Vertel meteen even hoe het nu gaat? :)

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 11:00:39
door danderoo
linkje:
http://www.mijnbestand.nl/Bestand-XTE4SYCT73HL.zip

ik ga nu het zoek.exe nogmaals draaien

ik kon mijn avg niet goed uitzetten tijdens het runnen van zoek.exe en kwam erachter dat 2011 nog geïnstalleerd was. deze heb ik inmiddels geupgrade naar 2013.

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 11:04:39
door danderoo
Alvast/nog bedankt trouwens!
heb inmiddels ook online armor opnieuw geinstalleerd. deze liep ook niet echt lekker.

bij deze de nieuwste resultaten van zoek.exe

Zoek.exe Version 4.0.0.1 Updated 19-January-2013
Tool run by Willeke on ma 21-01-2013 at 11:01:26,50.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Files \ Folders ======================

"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0002.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip" deleted
"C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0001.zip" deleted

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstall ... VctUTRMWkc"&"inst=NzctNjM3NTg3NTE3LUZMKzktRkwxMCsxLUREVCszMzQwNi1GMTBNMTJFTisxLVRCKzEtVEwrMS1GMTBNMTNWKzUtRjEwTTEzKzEtRjEwTTEzRCsyNS1GMTBNMTNJRCs2Mzc1ODc1MTctQzEwVSsxMTEz"&"prod=90"&"ver=10.0.1430
O4 - HKCU\..\Run: [Google Update] "C:\Users\Willeke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Willeke\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Willeke\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Willeke\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files (x86)\Online Armor\OAcat.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files (x86)\Online Armor\oasrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 11:53:34
door smeenk
Het ziet er best weer goed uit, loopt alles inmiddels ook weer zoals het hoort? :)

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Kopieer onderstaande code en plak die in het grote invulvenster van zoek.exe:
    resetieproxy;
    C:\Users\Willeke\AppData\Roaming\Mozilla\Firefox\Profiles\piuv44eh.default\*.backup;f
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 12:43:41
door danderoo
en bij deze het resultaat:


Zoek.exe Version 4.0.0.1 Updated 19-January-2013
Tool run by Willeke on ma 21-01-2013 at 12:40:37,33.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting Files \ Folders ======================

"C:\Users\Willeke\AppData\Roaming\Mozilla\Firefox\Profiles\piuv44eh.default\prefs_21-01-2013_0920_.backup" deleted
"C:\Users\Willeke\AppData\Roaming\Mozilla\Firefox\Profiles\piuv44eh.default\user_21-01-2013_0920_.backup" deleted

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="127.0.0.1:9421;<local>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 13:01:08
door smeenk
Ziet er goed uit nu ;)

Doe nog even de volgende stappen:

Download Ccleaner

Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome (automatisch) mee geinstalleerd.
Wil je dit voorkomen, dan moet je tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd wordt.

Start CCleaner op.
• Klik in de linkse kolom op Cleaner.
• Klik achtereenvolgens op Analyseren en Opschonen.
• Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
• Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
• Dan krijg je de vraag om een back-up te maken, klik op JA en kies dan Herstel alle geselecteerde fouten.
• Sluit hierna CCleaner af.


Je mag alle gebruikte tools + de bijbehorende logjes verwijderen.

Verwijder nog even alle oude systeemherstelpunten want daar kunnen nog besmettingen in zitten.
Windows systeemherstelpunten verwijderen klik hier.
Let op: ga geen systeemherstel doen, maar laat alle oude systeemherstelpunten verwijderen.


Om herbesmetting te vermijden, kan je deze tips eens nalezen: Hoe voorkom ik een nieuwe infectie?.

Groeten smeenk :)

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 13:52:38
door danderoo
Top, hartstikke bedankt!~

mvg

Re: Online Armor vreemde autostarters en programma's

Geplaatst: ma 21 jan, 2013 14:01:18
door smeenk
Graag gedaan hoor, fijn dat we je hier konden helpen :D

Groeten smeenk

Re: Online Armor vreemde autostarters en programma's

Geplaatst: di 22 jan, 2013 10:18:33
door PC Web Plus
Kaspersky Internet Security 2013 U maakt automatisch kans op één van de vijf licenties

PC Web Plus mag met dank aan Kaspersky vijf licenties verloten van 'Kaspersky Internet Security 2013'.

Het meedoen aan deze actie is heel simpel, u hoeft namelijk helemaal niets te doen! Geen prijsvraag, puzzel echt helemaal niets.
Als u op het forum komt voor hulp en ondersteuning bij het verwijderen van een malware gerelateerd probleem dingt u automatisch mee om kans te maken op één van de vijf licenties van Kaspersky Internet Security 2013

Uw naam wordt vanaf 1 januari 2013 opgenomen in de lijst van deelnemers en op vrijdag 1 Februari 2013 zullen de gebruikers van het forum bekend gemaakt worden die een een licentie van Kaspersky Internet Security 2013 krijgen toegestuurd

Meer informatie lees u bij: Start het nieuwe jaar veilig met kasperksy Internet Security


Re: Online Armor vreemde autostarters en programma's

Geplaatst: vr 01 feb, 2013 09:41:14
door Maxstar
Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.


Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.