HJT-log na politievirus

Goedemiddag,

vanochtend heb ik het welbekende 'politie-virus' verwijderd van de laptop van mijn vriendin, daarna Spybot SD en avira gedraaid en ik wil nu graag zeker weten of alle malware etc verdwenen is!

Zouden jullie even naar mijn logje willen kijken?

Alvast bedankt!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:16:07, on 7-2-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Sophia\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sophia\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sophia\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Sophia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [ulovufvyp] C:\Users\Sophia\AppData\Roaming\Ardyi\taave.exe

O4 - HKCU\..\Run: [irtigaavyp] C:\Users\Sophia\AppData\Roaming\Azxu\saep.exe

O4 - HKCU\..\Run: [Waimnaaqfo] C:\Users\Sophia\AppData\Roaming\Ulsay\wuavl.exe

O4 - HKCU\..\Run: [Dyhaanu] C:\Users\Sophia\AppData\Roaming\Ygav\awre.exe

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B499A49F893696E0E911D4475B7C3117] "C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BEBXHPH05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Sophia\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sophia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.nl/s/v/63.24/uploader2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - foto afdrukken online - HEMA

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15495 bytes

p.s.

Andere vervelende dingen mogen ook worden aangevinkt

Uitvoeren als administrator.

Start HijackThis op en klik op scan.

Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKCU\..\Run: [ulovufvyp] C:\Users\Sophia\AppData\Roaming\Ardyi\taave.exe

O4 - HKCU\..\Run: [irtigaavyp] C:\Users\Sophia\AppData\Roaming\Azxu\saep.exe

O4 - HKCU\..\Run: [Waimnaaqfo] C:\Users\Sophia\AppData\Roaming\Ulsay\wuavl.exe

O4 - HKCU\..\Run: [Dyhaanu] C:\Users\Sophia\AppData\Roaming\Ygav\awre.exe

Sluit alle vensters behalve HijackThis

Klik op 'Fix checked' om de items te verwijderen.

- - - Updated - - -

Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
  

  startupall;
  filesrcm;
  emptyclsid;
  

  
  

• Vink nu de onderstaande opties aan.
  
  • 
    
    
  • Standaard Search
    
  • Auto Clean
    
  • Running processes
    
  • Empty All Temp
    
  • IE Defaults
    
    

  [*] Klik nu op de knop "Run script".

  [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  [*] Post nu de inhoud van het geopende logje in het volgende bericht.

hartstikke bedankt voor de reactie, hierbij het logje van zoek.exe

Zoek.exe Version 4.0.0.1 Updated 11-February-2013

Tool run by Sophia on di 12-02-2013 at 17:41:17,73.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Sophia\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sophia\Desktop\zoek.exe

C:\Users\Sophia\AppData\Local\Temp\RarSFX0\zoek.com

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\mshta.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3926265562-724405455-2413529294-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} deleted successfully

HKEY_USERS\S-1-5-21-3926265562-724405455-2413529294-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3926265562-724405455-2413529294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting Files \ Folders ======================

"C:\ProgramData\2802977.pad" deleted

"C:\Users\Sophia\AppData\LocalLow\BabylonToolbar" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Internet Explorer: 9.0.8112.16421

Memory (RAM): 3069 MB

CPU Info: Pentium® Dual-Core CPU T4300 @ 2.10GHz

CPU Speed: 711,8 MHz

Sound Card: Luidsprekers en koptelefoons (I |

Display Adapters: NVIDIA GeForce G 103M | NVIDIA GeForce G 103M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller

CD / DVD Drives: 1x (E: | ) E: hp DVD RW AD-7581S

Ports: COM3 | COM4 LPT Port NOT Present.

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C: 284,9GB | D: 13,0GB

Hard Disks - Free: C: 128,0GB | D: 2,2GB

Manufacturer *: Hewlett-Packard

BIOS Info: AT/AT COMPATIBLE | 10/13/09 | HPQOEM - 1

Time Zone: West-Europa (standaardtijd)

Motherboard *: Hewlett-Packard 306A

Sun Java version: 1.7.0_06

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Sophia\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-02-07 13:00:52 ABA97A87CE05312D64EDD2B1EC19A4AE 388624 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT

====== C:\Windows\Sysnative\drivers =====

2013-02-07 12:08:13 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-01-27 14:34:22 -------- d-----w- C:\Program Files\HP

======= C:\Program Files (x86) =====

2013-02-07 12:03:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

======= C: =====

====== C:\Users\Sophia\AppData\Roaming ======

2013-02-07 13:49:16 66E364F169F2E57082437F6BDE77C406 7624 ----a-w- C:\users\Sophia\AppData\Local\Resmon.ResmonCfg

2013-02-07 12:21:37 70FAED1D57677AB405F1C05669082D1A 101744 ----a-w- C:\users\Sophia\AppData\Local\GDIPFONTCACHEV1.DAT

2013-02-01 11:14:55 -------- d-----w- C:\users\Gast\AppData\Local\Apple Computer

2013-01-27 14:33:42 -------- d-----w- C:\users\Sophia\AppData\Local\HP

2013-01-25 10:37:33 -------- d-----w- C:\users\Sophia\AppData\Local\PackageAware

====== C:\Users\Sophia ======

2013-02-07 12:03:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-27 14:35:10 -------- d-----w- C:\ProgramData\HP

2013-01-27 14:34:13 3B99DB869422A84410D37407F7907D1E 57 ----a-w- C:\ProgramData\Ament.ini

====== C: exe-files ==

2013-02-09 20:01:31 E066148EF4F22719F8FADC7ED311089C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IQ6JEEO.exe

2013-02-09 20:01:31 6D290BBA7187DE7AD8D9955585A70268 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IHNU7R4.exe

2013-02-09 20:01:31 515672A06EDEE831EFB1F9717F582661 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IP2JZRW.exe

2013-02-09 20:00:28 D560B1BFB230214BF85A1A3DAA96D010 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$I6EJFRV.exe

2013-02-09 20:00:28 385937EE49BC7ACBA10DCD0A01DB4E4A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IHKND5T.exe

2013-02-09 20:00:28 1F853962355781BFE817690A73EE1EFB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IMKSK1V.exe

2013-02-09 20:00:28 129D212D93ED584AC39ED2431827D5AB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IDCK34X.exe

2013-02-07 12:07:10 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$RHNU7R4.exe

2013-02-07 12:03:37 896A1DB9A972AD2339C2E8569EC926D1 2144088 --sha-r- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

2013-02-07 12:03:37 794D4B48DFB6E999537C7C3947863463 1153368 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

2013-02-07 12:03:37 4CD08EEAC08BA53A38E48AF4813E1968 2005504 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\SDShred.exe

2013-02-07 12:03:36 8F70F2CCE1DEF20016B53A8D217FA3B5 1757696 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\SDFiles.exe

2013-02-07 12:03:36 7C616AD7AE8F75278A069641ECFCDC06 1740632 --sha-r- C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

2013-02-07 12:03:36 6B44700917F45B19B96B46B345B6F0E7 414552 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\SDMain.exe

2013-02-07 12:03:36 0477C2F9171599CA5BC3307FDFBA8D89 5365592 --sha-r- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

2013-02-07 12:03:36 00071AF6D95C1002E5F9B63EA00A37A3 464728 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Update.exe

2013-02-07 12:03:35 8C9740A3B7603B0A746213DAE8C89526 428888 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\blindman.exe

2013-02-07 12:03:35 0BA1ACFEE0532249412F53EE6374EE93 696200 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe

2013-02-07 12:02:18 54ACBA9CFD7154C02CEACF6310CF3CFA 16409960 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$RP2JZRW.exe

=== C: other files ==

2013-02-11 21:35:52 86AC03BDB72C67E46AD2BC1557F61C4E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$IUMT3XJ.zip

2013-02-11 21:35:45 CF705418280C70F6A33A003928A793F3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$I8X1SO9.zip

2013-02-07 12:58:52 A5EC6FFB4371B27CD1B89AF0704E18B4 1853 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip

2013-02-07 12:58:52 6CA77F69713E96CA5F949D4ECDE579D3 674 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip

2013-02-07 12:58:52 6CA77F69713E96CA5F949D4ECDE579D3 674 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip

2013-02-07 12:58:51 913181309D804F9E03F2C7B756C56CDC 617 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip

2013-02-07 12:58:51 5F138F9AA718864640F385B9F0053C43 611 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip

2013-02-07 12:58:51 0DBDFE8AB223A260FD5FFB39B47646D9 659 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip

2013-02-07 12:58:50 DAE1D9DEFC5706AEE6365412CF0C608A 637 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip

2013-02-07 12:58:50 D7E8B1AE05018EC3EB7351279A4EFD27 618 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip

2013-02-07 12:58:50 D3288FB5FC0EF158444771CBF34C29B2 564 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip

2013-02-07 12:58:50 C7C6994D9728953DE225A893FC1D05C8 550 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip

2013-02-07 12:58:50 9A9701B7FE4E88E03D49E24E369F772C 594 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip

2013-02-07 12:58:50 928BDFD601D62E4B3860DD99282F65DC 547 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip

2013-02-07 12:58:50 7A011EE2591468FEEC56356628349943 566 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip

2013-02-07 12:58:50 5DC1CBC8193DCB6452084C57B011C429 551 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip

2013-02-07 12:58:50 140E97A635FA38A7A7AD0678B9FDD4BF 597 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip

2013-02-07 12:58:50 0D617A328E1B8A1794AA53D2CC94AFAC 618 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip

2013-02-07 12:58:49 DDC1CBA540FDD2A168FD75E48293D33F 547 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip

2013-02-07 12:58:49 D3A2A3D16059AE1C4F73D7B277B15F14 561 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip

2013-02-07 12:58:49 3F5D3A278ABBBDC3287A987C3391E264 617 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip

2013-02-07 12:52:37 641F481AF1C73C8CF938E527CCC5233C 5925596 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger13.zip

2013-02-07 12:52:37 0D07399DF304641E22382AC8C62A2A0D 577 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger12.zip

2013-02-07 12:52:36 CE37B9BB92F203B79E188AAF20410DE5 580 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger10.zip

2013-02-07 12:52:36 BEC863ED9B7C4AD060177561CCD8BFF5 581 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger8.zip

2013-02-07 12:52:36 787E850FD2CC01E1AB45D24B520F3F14 576 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger9.zip

2013-02-07 12:52:36 5C4CD3091BEFE53AB529E5373F84CC6B 582 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger11.zip

2013-02-07 12:52:35 F2587A3A476B6C0845E0491B6F834C73 550 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger5.zip

2013-02-07 12:52:35 AF23EB95D8A206F381E32C9A86ED65D2 572 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger7.zip

2013-02-07 12:52:35 99285086FC5428C2DC9F3526AA02231D 567 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger4.zip

2013-02-07 12:52:35 8F8B9AC2784B48A6DC6C6DB19FF578C1 549 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger6.zip

2013-02-07 12:52:35 0A9D94F428102DDE0E89A63A4380F28A 636 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger3.zip

2013-02-07 12:52:34 9A4CC8A0FEF3F5E97CE071DD7EE4567B 658 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger1.zip

2013-02-07 12:52:34 6FE5220825E98C99E95E5F208137955A 676 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger.zip

2013-02-07 12:52:34 00483946FA8F1A17488C0939E420BF88 630 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\FacebookMessenger2.zip

2013-02-07 12:52:30 E2E7ECB9E24E21D0471178E341C2DB0E 1853 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip

2013-02-07 12:52:30 B9A85CC92D6034D126B00B3A88C025FC 659 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip

2013-02-07 12:52:30 AB10770BC948F4F51258210B211F6054 674 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip

2013-02-07 12:52:30 9247FB08AF95D2359C2CCFA1C41F1780 771 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip

2013-02-07 12:52:29 F7EB45828813677C352B12D88A5B094D 550 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip

2013-02-07 12:52:29 B921498E3BBAEBA8A1E2AB270F0069E3 610 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip

2013-02-07 12:52:29 A34F8DF368DE81A5734D496A242BE163 616 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip

2013-02-07 12:52:28 DA74134163D86A7B0A30E385C5BBED2A 622 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip

2013-02-07 12:52:28 C7FAD2D1F49373F77F2EB8B24D911404 564 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip

2013-02-07 12:52:28 AD9F0EE1EE36E1AC586FCA29C1A49A52 614 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip

2013-02-07 12:52:28 967A535CFE6E3E480CDF4732BF1D66E9 566 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip

2013-02-07 12:52:28 896E811C2DDB8C96C8D31F14E3299A2C 638 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip

2013-02-07 12:52:28 7442F75820128822AE473F4B429B9421 642 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip

2013-02-07 12:52:28 6D91DC0D7BC268AC4DAB597956B21BD2 611 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip

2013-02-07 12:52:28 0E4C7D251B028A0C363206D79BDFAF89 638 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip

2013-02-07 12:52:27 F0CE60157A983CAF89018E81A1EF8CA3 550 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip

2013-02-07 12:52:27 CD2C1AEBCCB8A3B3F43C496F65A375E6 561 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip

2013-02-07 12:52:27 5AFE87F4454497E4F27BFE6D3A4470DE 633 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip

2013-02-07 12:52:27 4707CF19E7A4869F329CAAEA1C5B5180 546 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip

2013-02-07 12:37:24 EC155C323A3B777441BF6A2BF4077FCC 12459888 ----a-w- C:\Users\Sophia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll

2013-02-07 12:03:38 E6CA375504CA89B91062E639E318BD47 54440 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll

2013-02-07 12:03:38 578F846D048D278230222964294CC282 717176 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll

2013-02-07 12:03:38 4EBD1EC62AC4CF53DB91BDD25ACFDA51 795520 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll

2013-02-07 12:03:37 E5E95EDC3546821AE025D4A4726986C0 121344 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll

2013-02-07 12:03:37 DDD2BFF569E29E44DABA708B72203A15 790392 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll

2013-02-07 12:03:36 F9F07B9E08F555D3A54F7ED78F1726A6 333288 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll

2013-02-07 12:03:36 5A0F27A0F68EB7ACE2F2C54B76603DD4 255392 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll

2013-02-07 12:03:36 544B7FE37CB975F8CC97256704FE53BB 1303896 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\Tools.dll

2013-02-07 12:03:36 279A23F355D2473022F8117272F5E73E 34472 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\aports.dll

2013-02-07 12:03:35 820AB10BB0186A7845A1B6460E50088B 1287000 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll

2013-02-07 12:03:35 20807A8C7E22EF615DC2E9B8A27ED479 204160 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\UninsSrv.dll

2013-02-07 12:03:35 022C2F6DCCDFA0AD73024D254E62AFAC 1879896 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

2013-02-06 12:10:56 791C82064CB821F8BCE95F7D1707D877 65773 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$RUMT3XJ.zip

2013-02-06 09:44:38 CDB98E4D964ECF150A43308981D80F06 15592 ----a-w- C:\$Recycle.Bin\S-1-5-21-3926265562-724405455-2413529294-1001\$R8X1SO9.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3926265562-724405455-2413529294-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW"

"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"

"Google Update"="C:\Users\Sophia\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Facebook Update"="C:\Users\Sophia\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"

"GoogleChromeAutoLaunch_B499A49F893696E0E911D4475B7C3117"="C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN2BEBXHPH05KC:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"

"Spotify Web Helper"="C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"

"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"

"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW"

"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"

"Google Update"="C:\Users\Sophia\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Facebook Update"="C:\Users\Sophia\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"

"GoogleChromeAutoLaunch_B499A49F893696E0E911D4475B7C3117"="C:\Users\Sophia\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN2BEBXHPH05KC:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"

"Spotify Web Helper"="C:\Users\Sophia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Folders ======================

2011-12-15 12:00:43 1051 ----a-w- C:\users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-01-27 17:31:54 1296 ----a-w- C:\users\Sophia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3926265562-724405455-2413529294-1001Core.job --a------ C:\Users\Sophia\AppData\Local\Facebook\Update\FacebookUpdate.exe []

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3926265562-724405455-2413529294-1001UA.job --a------ C:\Users\Sophia\AppData\Local\Facebook\Update\FacebookUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-07-2010 12:29]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-07-2010 12:29]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3926265562-724405455-2413529294-1001Core.job --a------ C:=C:=C:\Users\Sophia\AppData\Local\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3926265562-724405455-2413529294-1001UA.job --a------ C:=C:=C:\Users\Sophia\AppData\Local\Google\Update\GoogleUpdate.exe []

==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Sophia\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[02-10-2012 16:09]

YouTube - Sophia - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Sophia - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

The more filter lists you use, the slower AdBlock runs. Using too many lists can even crash your browser on some websites. Press OK to subscribe to this list anyway. - Sophia - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Download All MP3 - Sophia - Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

Gmail - Sophia - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.facebook.com/?ref=home"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.facebook.com/?ref=home"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{AFCD3809-7D60-45C4-89A1-8FC90E68C1FD}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{AFCD3809-7D60-45C4-89A1-8FC90E68C1FD} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7SUNC_nlNL387"

{F91A45AB-7F89-45EB-ABD0-6A77979A8FEE} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"

==== HijackThis Entries ======================

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sophia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.nl/s/v/63.24/uploader2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - foto afdrukken online - HEMA

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Sophia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Sophia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Sophia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Sophia\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sophia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Mag ik weten hoe het nu gaat met de problemen?

dat mag zeker,

geen last meer gehad van het virus en volgens mijn vriendin werkt de laptop verder prima.

Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).

• Zoek.exe
  
• HijackThis
  

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Volledige systeemscan

Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma.

• Handleiding Emsisoft Emergency Kit
  

Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software

2.) Systeemherstelpunten verwijderen

Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.

• Hoe u de herstelpunten verwijderd leest u hier
  

3.) Wachtwoorden wijzigen

De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.

Meer informatie hierover leest u hier

4.) Installeren van essentiële updates.

Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.

Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

5.) Pas op voor 'Phishing' berichten.

Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.

Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.

Meer informatie leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.

Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.

Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.

oke, ik zal de stappen inderdaad nog even goed nalopen,

hartstikke bedankt voor de hulp!