Spybot-Search&destroy

[Drekkie]

Volgens mijn scanner bevindt er zich wat malware in mijn systeem, maar ik ben een beetje bang om dit zomaar te verwijderen. Kunnen jullie mij verzekeren dat ik deze bestanden mag verwijderen? Het gaat om volgende:

Banyan.eSafe: [SBI $F482B9B1] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\WsysSvc

Banyan.eSafe: [SBI $FB2AF391] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsysSvc

Banyan.eSafe: [SBI $1F28F10C] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsysSvc

Banyan.eSafe: [SBI $5F547154] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc

Banyan.eSafe: [SBI $ADDBE1BA] Settings (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\

Banyan.eSafe: [SBI $7F0A4FAD] Link (File, nothing done)
C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Properties.size=1747
Properties.md5=275D0F9D63ED476A981D74968CF62ED5
Properties.filedate=1380456032
Properties.filedatetext=2013-09-29 13:00:32

Banyan.eSafe: [SBI $043C19FB] Program directory (Directory, nothing done)
C:\ProgramData\eSafe\
Directory.subfile=C:\ProgramData\eSafe\eDelayinfo.edb
Directory.subfile.size=866
Directory.subfile.md5=3FB52854C060EA40730E17B61F6BD4C4
Directory.subfile.filedate=1389336015
Directory.subfile.filedatetext=2014-01-10 07:40:14
Directory.subfile=C:\ProgramData\eSafe\eGdpSvc.exe_old
Directory.subfile.size=825920
Directory.subfile.md5=256F569179D786680CD216C0240A42D3
Directory.subfile.filedate=1380456174
Directory.subfile.filedatetext=2013-09-29 13:02:54
Directory.subfile=C:\ProgramData\eSafe\log\eGdpSvc.LOG
Directory.subfile.size=365676
Directory.subfile.md5=B713C77E321499003BBACD87F3E5E3A8
Directory.subfile.filedate=1389336018
Directory.subfile.filedatetext=2014-01-10 07:40:18

Banyan.eSafe: [SBI $691AD54E] Data (File, nothing done)
C:\ProgramData\eSafe\eDelayinfo.edb
Properties.size=866
Properties.md5=3FB52854C060EA40730E17B61F6BD4C4
Properties.filedate=1389336015
Properties.filedatetext=2014-01-10 07:40:14

Win32.Agent.exq: [SBI $FDC3174F] Data (File, nothing done)
C:\ProgramData\eSafe\log\eGdpSvc.LOG
Properties.size=365676
Properties.md5=B713C77E321499003BBACD87F3E5E3A8
Properties.filedate=1389336018
Properties.filedatetext=2014-01-10 07:40:18

Win32.Agent.exq: [SBI $14C06E3F] Program directory (Directory, nothing done)
C:\ProgramData\eSafe\log\
Directory.subfile=C:\ProgramData\eSafe\log\eGdpSvc.LOG
Directory.subfile.size=365676
Directory.subfile.md5=B713C77E321499003BBACD87F3E5E3A8
Directory.subfile.filedate=1389336018
Directory.subfile.filedatetext=2014-01-10 07:40:18


Alvast bedankt,

D

 

[Zer0Day]

Dag Drekkie,

Ja hoor, die gevonden items zijn adware en mag je allemaal laten verwijderen.
Als je graag een extra controle hebt, plaats hieronder dan een HijackThis logje.

 

[Drekkie]

Dag Anthony,

ik hoop dat ik het goed heb gedaan (Zie onder).

D.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:02:38, on 1/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Dirk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Dirk\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\windows\system32\conhost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Object moved
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Object moved
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe"
O4 - HKLM\..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [7DD318628A5EDBCC97F782D0A1D777C9974CF03A._service_run] "C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Dirk\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Dirk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Afbeelding knippen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Kopieer selectie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Kopieer URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Nieuwe notitie - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Pagina opemen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\Users\Dirk\AppData\Local\DProtect\eBP.dll,
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: WMI_Hook_Service - MICRO-STAR INT'L,.LTD. - C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
O23 - Service: Wsys Service (WsysSvc) - Unknown owner - C:\ProgramData\eSafe\eGdpSvc.exe (file missing)

--
End of file - 17127 bytes

 

[Zer0Day]

1.
Ga naar Start - Alle Programma's - Bureau-accessoires - Opdrachtprompt
Windows Vista/7 gebruikers dienen de opdrachtprompt Als Administrator uit te voeren via het rechtsklik menu.
Tik in: sc stop Wpm gevolgd door Enter.
Tik in: sc delete Wpm gevolgd door Enter.
Tik in: sc stop WsysSvc gevolgd door Enter.
Tik in: sc delete WsysSvc gevolgd door Enter.
Tik in: Exit om het venster te sluiten.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie en laat ons weten welke foutmelding je kreeg.


2.
Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O20 - AppInit_DLLs: C:\Users\Dirk\AppData\Local\DProtect\eBP.dll,
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.


3.
Download

AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
• Dubbelklik op AdwCleaner om hem te starten.
• Klik vervolgens op Verwijderen.
• Klik bij AdwCleaner – Informatie op OK
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.
Nadat de PC opnieuw is opgestart, opent een logfile.
Post aansluitend de inhoud van dit log in je volgende bericht.

 

[Drekkie]

Dag Anthony,

ik krijg volgende foutmelding op uw advies:
Tik in: sc stop WsysSvc gevolgd door Enter. de opgegeven service is geen geïnstalleerde service
Tik in: sc delete WsysSvc gevolgd door Enter. de opgegeven service is geen geïnstalleerde service

Ga ik nu verder met stap 2 en 3 of beter even afwachten?

D.

 

[Zer0Day]

Doe maar gewoon verder met de volgende stappen.

 

[Drekkie]

Anthony,

dit is het logbestand. Stappen 3, 4 en 5 heb ik nog niet gedaan, omdat ik bij stap 3 niet weet wat ik mag/moet verwijderen.

# AdwCleaner v3.018 - Report created 03/02/2014 at 12:07:47
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Dirk - DIRK-MSI
# Running from : C:\Users\Dirk\Downloads\adwcleaner (2).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Dirk\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Found : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\Uniblue\DriverScanner
Folder Found C:\Users\Dirk\AppData\Local\DProtect
Folder Found C:\Users\Dirk\AppData\Local\Temp\DProtect
Folder Found C:\Users\Dirk\AppData\Local\Temp\eIntaller
Folder Found C:\Users\Dirk\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Dirk\AppData\Roaming\Babylon
Folder Found C:\Users\Dirk\Documents\optimizer pro

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ddab72fc-acee-4fc2-b857-c66967ef6762_00FEE432&ts=1380455600 )
Shortcut Found : C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ddab72fc-acee-4fc2-b857-c66967ef6762_00FEE432&ts=1380455600 )
Shortcut Found : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ddab72fc-acee-4fc2-b857-c66967ef6762_00FEE432&ts=1380455600 )
Shortcut Found : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ddab72fc-acee-4fc2-b857-c66967ef6762_00FEE432&ts=1380455600 )
Shortcut Found : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=ddab72fc-acee-4fc2-b857-c66967ef6762_00FEE432&ts=1380455600 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=3219913727_67194_00FEE432&ts=1379953013
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\5b6888ce138ef43
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_bitdefender-total-security_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_bitdefender-total-security_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\qvo6Software
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.v9.com/newtab/?utm_source=b&utm_medium=eBP&utm_campaign=eBP&utm_content=nt&from=eBP&uid=3219913727_67194_00FEE432&ts=1380470171

-\\ Google Chrome v

[ File : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6101 octets] - [03/02/2014 10:29:41]
AdwCleaner[R1].txt - [6021 octets] - [03/02/2014 12:07:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6081 octets] ##########

 

[Zer0Day]

Drekkie,

Volg gewoon de stappen zoals beschreven in post 4:

1.
Services verwijderen heb je gedaan in de mate van het mogelijke.

2.
HijachThis regels fixen. (Reeds gedaan?)

3.
AdwCleaner starten en klikken op Verwijderen. (In je post hierboven heb je voor "Scannen" gekozen i.p.v "Verwijderen")
Aansluitend plaats je het log van Adwcleaner in je volgende post.

 

[Drekkie]

Anthony,

dit is het logbestand.

# AdwCleaner v1.606 - Logfile created 02/04/2014 at 09:54:54
# Updated 10/05/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Dirk - DIRK-MSI
# Running from : C:\Users\Dirk\Desktop\adwcleaner-1.606-en.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Dirk\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
Deleted on reboot : C:\Users\Dirk\AppData\Local\Temp\toolbar@planet-surf.com

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.11.9600.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

-\\ Google Chrome v32.0.1700.102

File : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1245 octets] - [04/02/2014 09:54:54]

########## EOF - C:\AdwCleaner[S1].txt - [1373 octets] ##########

 

[Zer0Day]

Het verwijderen is gedaan met een oude versie van AdwCleaner.

Sluit alle openstaande vensters

• Start AdwCleaner en klik Deinstallatie.
• Klik op "Ja"

Doe dit bij alle versies van AdwCleaner die op je computer staan!


Download AdwCleaner dan opnieuw en volg de instructies zoals hieronder beschreven:

Download

AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
• Dubbelklik op AdwCleaner om hem te starten.
• Klik vervolgens op Verwijderen.
• Klik bij AdwCleaner – Informatie op OK
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.
Nadat de PC opnieuw is opgestart, opent een logfile.
Post aansluitend de inhoud van dit log in je volgende bericht.

 

[Drekkie]

Eerst scannen, dan pas verwijderen? Verwijderen kan ik namelijk niet gebruiken vooraleer ik gescand heb. En laat ik dan alles verwijderen, dus zowel services als folders, files, ..

Hopelijk geen al te domme vragen...

 

[Zer0Day]

Ja hoor, adwcleaner zal alle gevonden items verwijderen. Je hoeft daarvoor niets te selecteren, gewoon op verwijderen klikken en de tool doet de rest.

 

[Drekkie]

Is het zo correct?

# AdwCleaner v3.018 - Report created 04/02/2014 at 14:09:39
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Dirk - DIRK-MSI
# Running from : C:\Users\Dirk\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Users\Dirk\AppData\Local\DProtect
Folder Deleted : C:\Users\Dirk\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Dirk\AppData\Local\Temp\DProtect
Folder Deleted : C:\Users\Dirk\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Dirk\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Dirk\Documents\optimizer pro
Folder Deleted : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Deleted : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
File Deleted : C:\Users\Dirk\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Dirk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\5b6888ce138ef43
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_bitdefender-total-security_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_bitdefender-total-security_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\BabSolution
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v

[ File : C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [12848 octets] - [03/02/2014 10:29:41]
AdwCleaner[R1].txt - [6161 octets] - [03/02/2014 12:07:47]
AdwCleaner[S0].txt - [5442 octets] - [04/02/2014 14:09:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5502 octets] ##########

 

[Zer0Day]

Download

MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware
• Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

• Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
• Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
• Ga dan naar "Scanner Instellingen". Onderaan bij "PUP" kies je voor "Weergeven in scan resultaten - selecteren voor verwijdering".
• Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
• Druk vervolgens op "Scannen" om de scan te starten.
• Het scannen kan een tijdje duren, dus wees geduldig.
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
• Herstart de computer indien nodig en post hierna de log in het volgende bericht.

 

[Drekkie]

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Databaseversie: v2014.02.04.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Dirk :: DIRK-MSI [administrator]

4/02/2014 15:52:30
mbam-log-2014-02-04 (15-52-30).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 223609
Verstreken tijd: 14 minuut/minuten, 37 seconde

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 2
C:\Users\Dirk\AppData\Local\TNT2 (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 50
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$Recycle.Bin\S-1-5-21-1182207860-4173128867-2532542494-1000\$R03SZHI.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$Recycle.Bin\S-1-5-21-1182207860-4173128867-2532542494-1000\$RIZSXYW.exe (PUP.Optional.BundleInstaller.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$Recycle.Bin\S-1-5-21-1182207860-4173128867-2532542494-1000\$RNIGE65.exe (PUP.Optional.Solimba) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\nsc14FD.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\nsnED5.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\nssB246.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\nsx5D22.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\nsxB60E.exe (PUP.Optional.SearchProtect.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\n9850\searchprotect_2111-1a12a8ce.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\Temp\nss7ADF\SpSetup.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\Local Settings\Temporary Internet Files\Content.IE5\N9UQKSOK\spstub[1].exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\Local Settings\Temporary Internet Files\Content.IE5\XJ9RZMEN\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\GameApps.ini (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\GameEngine.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\log.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\passport.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\passport64.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Dirk\AppData\Local\TNT2\2.0.0.1702\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)