Guy R

Lid

Bekijk profiel Bekijk hun activiteit

Items
6
Registratiedatum
12 november 2013
Laatst bezocht
10 januari 2014

Inhoudstype

Alle activiteit

Profielen

Forums

Store

Product Reviews

Alles dat geplaatst werd door Guy R

gebruiker kan niet aanmelden

Guy R plaatste een topic in Archief Windows Algemeen

Beste, onze pc heeft 5 gebruikers. Een gebruiker kan plots niet meer aanmelden. Volgende melding komt op het scherm. "De service UserProfile-Service verhinderd het aanmelden." "Gebruikersprofiel kan niet worden geladen" men kan niets anders doen dan op de "ok" knop klikken, en dan komt het opstartscherm komt terug. Hoe kan ik dit deblokkeren? Groeten en alvast bedankt, Guy
- 6 januari 2014
- 1 antwoord
FCCU-virus verwijderen

Guy R reageerde op Guy R's topic in Archief Bestrijding malware & virussen

Hallo, ik heb nog even de tijd gevonden om verder te werken aan het probleempje, hieronder het resultaat van die zoekfunktie: Zoek.exe Version 4.0.0.5 Updated 14-November-2013 Tool run by Guy on vr 22/11/2013 at 8:26:48,58. Running in: Normal Mode Internet Access Detected Launched: C:\Users\Guy\Desktop\zoek\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results2013-11-12-165055.log 63923 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\4rlw409.dssearch deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01/07/2009 23:05] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid.xpi ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[22/11/2012 10:30] Skype for Chromium - Guy - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Skype for Chromium - Lynn - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Skype for Chromium - Martine - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl AdBlock - Xenia - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Skype for Chromium - Xenia - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.sintsixtus.be/bierverkoopactueel.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.sintsixtus.be/bierverkoopactueel.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Martine & Guy\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Guy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on vr 22/11/2013 at 8:59:26,37 ====================== Grtz, Guy
- 22 november 2013
- 8 antwoorden
FCCU-virus verwijderen

Guy R reageerde op Guy R's topic in Archief Bestrijding malware & virussen

Hoi, het probleempje met de startpagina is blijkbaar ook opgelost. Grtz, Guy
- 12 november 2013
- 8 antwoorden
FCCU-virus verwijderen

Guy R reageerde op Guy R's topic in Archief Bestrijding malware & virussen

hallo, ik heb de PC herstart, blijkbaar is die FCCU-virus verdwenen, er komt telkens wel een "RunDLL" foutmelding op het buroblad (Er is een fout opgetreden tijdens het laden van C:\PROGRA~2\4rlw409.dss kan opgegeven module niet vinden) en telkens als ik opstart en de internetbrowser open is mijn opgegeven startpagina weg. grtz, Guy
- 12 november 2013
- 8 antwoorden
FCCU-virus verwijderen

Guy R reageerde op Guy R's topic in Archief Bestrijding malware & virussen

hoi, ik krijg het laatste resultaat van de "zoek-funktie" op het kladblok niet in bijlage daarom plaats ik het even hier als dit goed is. ; Zoek.exe Version 4.0.0.5 Updated 09-November-2013 Tool run by Guy on di 12/11/2013 at 16:30:49,51. Running in: Normal Mode Internet Access Detected Launched: C:\Users\Martine & Guy\Desktop\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== Failed to create System Restore Point ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} ntshrui.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\SmartFTPCopyHook {B8323370-FF27-11D2-97B6-204C4F4F5020} C:\Program Files\SmartFTP Client\SmartHook.dll ==== Empty Folders Check ====================== C:\Program Files\ABBYY FineReader 9.0 Sprint deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\RegTool deleted successfully C:\Program Files\TomTom HOME deleted successfully C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 deleted successfully C:\ProgramData\Babylon deleted successfully C:\Users\Guy\AppData\Roaming\AdobeUM deleted successfully C:\Users\Guy\AppData\Roaming\ICAClient deleted successfully C:\Users\Guy\AppData\Roaming\Lite deleted successfully C:\Users\Guy\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Lynn\AppData\Roaming\iolo deleted successfully C:\Users\Martine\AppData\Roaming\iolo deleted successfully C:\Users\Martine & Guy\AppData\Roaming\Google deleted successfully C:\Users\Martine & Guy\AppData\Roaming\iolo deleted successfully C:\Users\Xenia\AppData\Roaming\AdobeUM deleted successfully C:\Users\Xenia\AppData\Roaming\iolo deleted successfully C:\Users\Xenia\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Guy\AppData\Local\Conduit deleted successfully C:\Users\Guy\AppData\Local\PackageAware deleted successfully C:\Users\Guy\AppData\Local\Yahoo deleted successfully C:\Users\Lynn\AppData\Local\{00C9AA69-E11F-4B6E-800D-DCE6630A5B53} deleted successfully C:\Users\Lynn\AppData\Local\{0C25703A-F8B3-4344-B5E4-12CD331DEC3C} deleted successfully C:\Users\Lynn\AppData\Local\{13A0EE3F-4028-44F4-8DD0-F2D45EB2F8A5} deleted successfully C:\Users\Lynn\AppData\Local\{1516437D-E6C4-49F8-820E-43A2ECAC2D95} deleted successfully C:\Users\Lynn\AppData\Local\{1EA76585-E84C-44E5-8F50-26301C9FDC2A} deleted successfully C:\Users\Lynn\AppData\Local\{23452725-28B1-4604-BB5C-DAC037C93F37} deleted successfully C:\Users\Lynn\AppData\Local\{2A158979-C4C3-4A80-9ECB-DC6F1BC71A21} deleted successfully C:\Users\Lynn\AppData\Local\{33646234-95C3-4BCA-8C54-1DFBFD26C39D} deleted successfully C:\Users\Lynn\AppData\Local\{339FF3DE-0D52-470F-90C5-904C73B3F557} deleted successfully C:\Users\Lynn\AppData\Local\{39239DE7-45A5-469F-AC0D-2B27A9896236} deleted successfully C:\Users\Lynn\AppData\Local\{3F9972E4-DC30-4D57-A1AA-C3E106C6DDB7} deleted successfully C:\Users\Lynn\AppData\Local\{4202B779-06CA-4E15-B342-3F43B2639EFA} deleted successfully C:\Users\Lynn\AppData\Local\{4F6392E1-EA62-444C-9422-123901E8A7A1} deleted successfully C:\Users\Lynn\AppData\Local\{5341C1C4-AB22-44A5-BD74-C947CBF6AD04} deleted successfully C:\Users\Lynn\AppData\Local\{582ADD1A-13B5-4731-B74F-E476A5DF7879} deleted successfully C:\Users\Lynn\AppData\Local\{7B5230DA-6911-4905-A4C0-678690282BE8} deleted successfully C:\Users\Lynn\AppData\Local\{7D6ACB36-ED77-4F23-9BC3-5FA0C0695567} deleted successfully C:\Users\Lynn\AppData\Local\{7E42FDD2-4E01-45B1-9366-3ADE58DE833F} deleted successfully C:\Users\Lynn\AppData\Local\{8665DAF8-9048-440C-B875-F33BB5AFD86A} deleted successfully C:\Users\Lynn\AppData\Local\{8BBCE1D2-E2A3-4D8F-B558-A343CD57F9DE} deleted successfully C:\Users\Lynn\AppData\Local\{8CEFF85E-0C0E-4AC4-9AE1-B729B87B345B} deleted successfully C:\Users\Lynn\AppData\Local\{8EB589AA-6CC6-4964-BBC5-1F5D782E83AC} deleted successfully C:\Users\Lynn\AppData\Local\{8FCF6678-F016-4695-A1DC-4BF4353042D4} deleted successfully C:\Users\Lynn\AppData\Local\{94CD4EAC-33B9-43E5-83D6-060CDBDE396D} deleted successfully C:\Users\Lynn\AppData\Local\{B3FF5088-A42F-450A-9011-00167CBAB4A9} deleted successfully C:\Users\Lynn\AppData\Local\{BC475F53-AEB8-48B4-A6F0-9E67D0D5EE83} deleted successfully C:\Users\Lynn\AppData\Local\{BFEF80D4-268B-4E2B-9F56-25017A0F3D3F} deleted successfully C:\Users\Lynn\AppData\Local\{CB98D23C-5DF8-47E3-91BF-1578382C1834} deleted successfully C:\Users\Lynn\AppData\Local\{CF39E04E-4401-4C3F-ABB2-D5A99829FE39} deleted successfully C:\Users\Lynn\AppData\Local\{D3AE5360-AA45-4036-BC4D-BDAC177271E4} deleted successfully C:\Users\Lynn\AppData\Local\{DFDC3ABD-C01A-4661-80BD-1CE617A6434F} deleted successfully C:\Users\Lynn\AppData\Local\{E06CAB36-EF82-4AF4-8578-F09AE2DE7744} deleted successfully C:\Users\Lynn\AppData\Local\{E67656FB-3268-4E4F-94E0-01EB0E678336} deleted successfully C:\Users\Lynn\AppData\Local\{E93BDFED-AF6E-4F16-848C-5C4CA62B55E3} deleted successfully C:\Users\Lynn\AppData\Local\{ED1147D2-5FD1-48DA-9C7B-E85ED849F6FB} deleted successfully C:\Users\Lynn\AppData\Local\{F23FEA3D-C5E9-40F6-9E0C-632E6BE91D04} deleted successfully C:\Users\Martine\AppData\Local\{04F024E9-EF9A-4BC4-B71B-7468EEE2123E} deleted successfully C:\Users\Martine\AppData\Local\{0DCC5F59-D4DE-45BD-99A9-F7C3E7DAAD76} deleted successfully C:\Users\Martine\AppData\Local\{3994D6A0-CE3E-4641-9272-1E5361822EDC} deleted successfully C:\Users\Martine\AppData\Local\{624444B1-7126-49C6-B339-9A5FCE52B968} deleted successfully C:\Users\Martine\AppData\Local\{67489733-534D-419E-9809-C088519A7C78} deleted successfully C:\Users\Martine\AppData\Local\{6A9216AF-D18F-42E9-AA88-02F3B8297502} deleted successfully C:\Users\Martine\AppData\Local\{6B1F6283-A8A3-4E45-8532-48AF92FB8A40} deleted successfully C:\Users\Martine\AppData\Local\{6E62B732-83F0-4463-8D40-B2E08BEBF520} deleted successfully C:\Users\Martine\AppData\Local\{854C01F9-438C-4811-8492-38768544F7EE} deleted successfully C:\Users\Martine\AppData\Local\{B3E174DC-7201-4801-9FCD-EBC300C56724} deleted successfully C:\Users\Martine\AppData\Local\{BA0240AD-BBFA-40FE-A18A-FCCE1447D972} deleted successfully C:\Users\Martine\AppData\Local\{D7799DE7-4FEC-4396-BB8A-D6EEDF3A6028} deleted successfully C:\Users\Martine\AppData\Local\{DDC99DBA-12D3-40AC-8BC6-00DC735F4057} deleted successfully C:\Users\Xenia\AppData\Local\{00200925-5FD3-4692-8126-B630A9BF833F} deleted successfully C:\Users\Xenia\AppData\Local\{06897684-C4BA-486F-BD5F-6CCCAFDC7C01} deleted successfully C:\Users\Xenia\AppData\Local\{117B2C21-7866-49FB-9F42-B5503EFB42B4} deleted successfully C:\Users\Xenia\AppData\Local\{12D5128C-8C08-4A70-B331-3359C690D4F0} deleted successfully C:\Users\Xenia\AppData\Local\{1DBC6E65-BFFF-429C-B8E9-B924F84B72F9} deleted successfully C:\Users\Xenia\AppData\Local\{1E15169B-0487-4F04-A94C-42637F1617F9} deleted successfully C:\Users\Xenia\AppData\Local\{1FCCEBF7-5C69-42AF-9BB2-9F4A789AC7E0} deleted successfully C:\Users\Xenia\AppData\Local\{2B2A8A4C-4614-4038-91EE-0DB57C607D0A} deleted successfully C:\Users\Xenia\AppData\Local\{2C2978F5-DBF9-4226-990E-B833C7909D01} deleted successfully C:\Users\Xenia\AppData\Local\{38D19EA1-DF47-4EE9-86F0-846984347EF3} deleted successfully C:\Users\Xenia\AppData\Local\{3900FAA8-B30B-47A1-BAD1-B6BDEDBC28D3} deleted successfully C:\Users\Xenia\AppData\Local\{39FE7DD3-3EBF-4CF3-9479-A66FE1813247} deleted successfully C:\Users\Xenia\AppData\Local\{3AB720D3-D8C1-4959-9A5D-F4E1B142374C} deleted successfully C:\Users\Xenia\AppData\Local\{3B6F70ED-DBDB-4627-8068-1B147DBBE922} deleted successfully C:\Users\Xenia\AppData\Local\{441599A3-2E5B-4E12-AA18-376F488A5507} deleted successfully C:\Users\Xenia\AppData\Local\{46405211-3258-447F-9C8D-2A3F639473AC} deleted successfully C:\Users\Xenia\AppData\Local\{4C34F6DC-39E8-43FC-8B12-13B3332CF2B9} deleted successfully C:\Users\Xenia\AppData\Local\{4D6FE723-B95B-4284-9378-0C1296CF8104} deleted successfully C:\Users\Xenia\AppData\Local\{4F8D21DD-2600-43C7-9EC8-F47160D15302} deleted successfully C:\Users\Xenia\AppData\Local\{5A5B1C06-6126-476A-959D-5E70640A6E86} deleted successfully C:\Users\Xenia\AppData\Local\{618573B2-98D9-495A-9B64-D93C9026E2F1} deleted successfully C:\Users\Xenia\AppData\Local\{6983AD7D-2936-496F-A0E1-185B66F70B62} deleted successfully C:\Users\Xenia\AppData\Local\{77568273-ABF1-489E-8C8E-D3D1C9380820} deleted successfully C:\Users\Xenia\AppData\Local\{79B17BA0-E4EA-4DB4-9511-D90C7CEB8DB6} deleted successfully C:\Users\Xenia\AppData\Local\{7C7EFB3D-D7E3-4741-AE8F-27FCD7079A21} deleted successfully C:\Users\Xenia\AppData\Local\{7E53264D-6028-4607-A16F-A3836CC32D78} deleted successfully C:\Users\Xenia\AppData\Local\{887DFC14-E4F1-4015-AB16-D27C4B9D0D15} deleted successfully C:\Users\Xenia\AppData\Local\{8E4A2426-CF62-4793-9E0A-1B72E6A3E678} deleted successfully C:\Users\Xenia\AppData\Local\{8EA8B70D-FAA1-4756-BA7F-061E81B18016} deleted successfully C:\Users\Xenia\AppData\Local\{A54B6B26-6B33-404F-A4A4-6823FA8BC387} deleted successfully C:\Users\Xenia\AppData\Local\{A8A16C28-C86B-4130-84DD-0FA2BDAAEE7D} deleted successfully C:\Users\Xenia\AppData\Local\{AF75E515-7C35-4B7F-83A2-23802D00160F} deleted successfully C:\Users\Xenia\AppData\Local\{AFEF5DFB-58D1-4D86-90C1-B26D65B41C64} deleted successfully C:\Users\Xenia\AppData\Local\{B39E2B2C-095D-496A-8FA6-C5BD22FAC523} deleted successfully C:\Users\Xenia\AppData\Local\{B493465A-4731-4098-B5F4-874A1148A851} deleted successfully C:\Users\Xenia\AppData\Local\{BCEE68EE-A02B-4809-901A-341D123FCA7C} deleted successfully C:\Users\Xenia\AppData\Local\{BF1EF8C4-63E5-4C64-AC8E-B76FFF2B71F1} deleted successfully C:\Users\Xenia\AppData\Local\{C7695B12-5153-4ED8-9F82-49569C8BB310} deleted successfully C:\Users\Xenia\AppData\Local\{CA817C57-E5BD-4E6F-896F-7CB7942A8DA9} deleted successfully C:\Users\Xenia\AppData\Local\{CF1E0658-AF90-4784-81D6-3963067C762F} deleted successfully C:\Users\Xenia\AppData\Local\{D7A869EF-F5E1-4FA1-8FB5-F3D589DD8AFB} deleted successfully C:\Users\Xenia\AppData\Local\{DB550728-3F64-420B-865B-D27CD481BD68} deleted successfully C:\Users\Xenia\AppData\Local\{DB6EB7AC-499A-4131-B364-D18092FC81E7} deleted successfully C:\Users\Xenia\AppData\Local\{E2BBAA2C-A7C9-438F-83D5-F0FF95C7AA78} deleted successfully C:\Users\Xenia\AppData\Local\{E4195850-DA66-4BD9-81AC-18060E360AEA} deleted successfully C:\Users\Xenia\AppData\Local\{E4F89B5D-F1E1-4AF0-B922-2A5A7C4302CA} deleted successfully C:\Users\Xenia\AppData\Local\{E80929C1-89A3-4E7A-A1F8-988797420D48} deleted successfully C:\Users\Xenia\AppData\Local\{EB5770E3-AA17-43F3-92F6-0BC8E4F984D5} deleted successfully C:\Users\Xenia\AppData\Local\{F928F5DB-D985-4A34-94BE-897B6E8E7905} deleted successfully C:\Users\Xenia\AppData\Local\{F9FB8EBE-1383-4129-A39D-6B826E4C4A42} deleted successfully C:\Users\Xenia\AppData\Local\{FB7E8CAC-8A72-4206-8330-A64292FE95D1} deleted successfully C:\Users\Xenia\AppData\Local\{FCCF80F8-CD48-458C-96C2-9D8224BC9626} deleted successfully ==== Creating Sample_20131211_1645.zip ====================== Copied file C:\Users\Guy\AdbeRdr910_nl_NL.exe to sample\AdbeRdr910_nl_NL.exe Copied file C:\Users\Guy\Google_Updater.exe to sample\Google_Updater.exe Copied file C:\Users\Guy\install_flash_player_ax.exe to sample\install_flash_player_ax.exe sample\AdbeRdr910_nl_NL.exe renamed to F58D547754357A3A22B0FE1A75DE3AC3 sample\Google_Updater.exe renamed to 75617A9BD170FB69BE58C1239C0A9CC3 sample\install_flash_player_ax.exe renamed to C41B29F0FEE117CED47248CC7FECAD11 C:\Users\Public\Desktop\sample_20131211_1645.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D644BBD-0FF3-B0EE-B876-72FB72C7AE6E} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D644BBD-0FF3-B0EE-B876-72FB72C7AE6E} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{13CEFB25-DCA3-4283-9928-70465A7BFB38} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8D644BBD-0FF3-B0EE-B876-72FB72C7AE6E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D644BBD-0FF3-B0EE-B876-72FB72C7AE6E} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater14.2.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater14.2.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20131211_1648_.backup ProfilePath: C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20131211_1648_.backup ==== Deleting Files \ Folders ====================== C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 not found C:\Program Files\TornTV.com deleted C:\ProgramData\SaveAs deleted C:\Program Files\Mozilla Firefox\user.js deleted C:\Program Files\Bandoo deleted C:\Program Files\BearShare Applications\MEDIABAR deleted C:\Program Files\1ClickDownload deleted C:\Program Files\Toolbar Cleaner deleted C:\Program Files\adawaretb deleted C:\Program Files\Ask.com deleted C:\Program Files\AVG Secure Search deleted C:\Program Files\Common Files\AVG Secure Search deleted C:\extensions deleted C:\found.000 deleted C:\Users\Guy\AppData\Roaming\Uniblue deleted C:\Users\Guy\AppData\Roaming\ExpressFiles deleted C:\Users\Guy\AppData\Roaming\Babylon deleted C:\Users\Guy\AppData\Roaming\pdfforge deleted C:\ProgramData\UpdaterLog.txt deleted C:\ProgramData\904wlr4.fvv deleted C:\ProgramData\904wlr4.bxx deleted C:\ProgramData\hpothb07.dat deleted C:\ProgramData\CloudSoft deleted C:\ProgramData\AVG Secure Search deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Tarma Installer deleted C:\ProgramData\Premium deleted C:\Users\Guy\AppData\Local\AVG Secure Search deleted C:\Users\Guy\AppData\Local\BearShare deleted C:\Users\Guy\AppData\Local\SwvUpdater deleted C:\Users\Lynn\AppData\Local\AVG Secure Search deleted C:\Users\Lynn\AppData\Local\BearShare deleted C:\Users\Martine\AppData\Local\AVG Secure Search deleted C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\bprotector web data deleted C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\Users\Martine & Guy\AppData\Local\AVG Secure Search deleted C:\Users\Xenia\AppData\Local\AVG Secure Search deleted C:\Users\Xenia\AppData\Local\BearShare deleted C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\bprotector web data deleted C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs deleted C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Users\Guy\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\Guy\AppData\LocalLow\AVG Secure Search deleted C:\Users\Guy\AppData\LocalLow\adawaretb deleted C:\Users\Guy\AppData\LocalLow\uTorrentBar_NL deleted C:\Users\Guy\AppData\LocalLow\PriceGong deleted C:\Users\Guy\AppData\LocalLow\Conduit deleted C:\Users\Lynn\AppData\LocalLow\adawaretb deleted C:\Users\Lynn\AppData\LocalLow\pdfforge deleted C:\Users\Lynn\AppData\LocalLow\Search Settings deleted C:\Users\Lynn\AppData\LocalLow\AskToolbar deleted C:\Users\Martine\AppData\LocalLow\AVG Secure Search deleted C:\Users\Martine\AppData\LocalLow\adawaretb deleted C:\Users\Martine\AppData\LocalLow\pdfforge deleted C:\Users\Martine\AppData\LocalLow\Search Settings deleted C:\Users\Martine\AppData\LocalLow\AskToolbar deleted C:\Users\Martine & Guy\AppData\LocalLow\adawaretb deleted C:\Users\Xenia\AppData\LocalLow\AVG Secure Search deleted C:\Users\Xenia\AppData\LocalLow\adawaretb deleted C:\Users\Xenia\AppData\LocalLow\pdfforge deleted C:\Users\Xenia\AppData\LocalLow\Search Settings deleted C:\Users\Xenia\AppData\LocalLow\AskToolbar deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\adawaretb deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\tasks\AmiUpdXp.job deleted C:\Windows\tasks\OptimizerProUpdaterTask{72D0B7FF-A92E-4306-BA03-CA5435E98357}.job deleted C:\Windows\system32\Tasks\Express FilesUpdate deleted C:\user.js deleted C:\Windows\System32\AI_RecycleBin deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\Guy\Desktop\Youtube Downloader.lnk deleted C:\Users\Guy\AdbeRdr910_nl_NL.exe deleted C:\Users\Guy\Google_Updater.exe deleted C:\Users\Guy\install_flash_player_ax.exe deleted C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com deleted "C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\torntv@torntv.com.xpi" deleted "C:\ProgramData\4rlw409.dss" deleted ==== Registry Exports ====================== [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers] [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem] @="{217FC9C0-3AEA-1069-A2DB-08002B30309D}" [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing] @="{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\SmartFTPCopyHook] @="{B8323370-FF27-11D2-97B6-204C4F4F5020}" ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Guy\AppData\Local\Temp ==== 2013-11-09 12:46:22 D8CD00991233C5CE1A1B74CB6382C1B6 65024 ----a-w- C:\Users\Martine & Guy\AppData\Local\Temp\nsjB55.tmp\DropboxNSISTools.dll 2013-11-09 12:46:21 FC38D5993EC3C029E2A9D9068D3EB146 30208 ----a-w- C:\Users\Martine & Guy\AppData\Local\Temp\nsjB55.tmp\UAC.dll 2013-11-09 11:27:15 0679D39A697632EBD50DD438AB633214 45665360 ----a-w- C:\Users\Guy\AppData\Local\Temp\SHSetup.exe 2013-11-08 10:12:02 FB2807BAF7D44CDDECD043852F00AAB2 206336 ----a-w- C:\Users\Guy\AppData\Local\Temp\~tmf8425811511012658658.dll ====== Java Cache ===== 2013-11-08 10:11:59 160577D390963DBE8B90C2ADC08CF412 14131 ----a-w- C:\Users\Guy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7f8307cf-429e35f8 ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2013-11-09 11:31:47 0A5FCBC9E5690B9A6B266EB9F039A1C1 3322 ----a-w- C:\Windows\system32\Tasks\SpyHunter4Startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-09 12:48:09 -------- d-----w- C:\Program Files\Dropbox 2013-11-09 11:30:45 -------- d-----w- C:\Program Files\Enigma Software Group 2013-11-09 11:27:42 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard ======= ===== ====== C:\Users\Guy\AppData\Roaming ====== 2013-11-12 12:31:26 -------- d-----w- C:\Users\Martine & Guy\AppData\Roaming\Skype 2013-11-09 12:51:39 -------- d-----w- C:\Users\Martine & Guy\AppData\Locallow\Adobe 2013-11-09 12:48:09 -------- d-----w- C:\Users\Guy\AppData\Roaming\Dropbox 2013-11-09 12:47:44 -------- d-----w- C:\Users\Martine & Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-11-09 12:46:17 -------- d-----w- C:\Users\Martine & Guy\AppData\Roaming\Dropbox 2013-11-09 12:40:21 -------- d-----w- C:\Users\Martine & Guy\AppData\Roaming\AVG2014 2013-11-09 12:39:20 -------- d-----w- C:\Users\Martine & Guy\AppData\Local\Avg2014 2013-11-09 11:30:47 -------- d-----w- C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-11-08 10:45:12 -------- d-----w- C:\Users\Lynn\AppData\Roaming\AVG2014 2013-11-08 10:44:46 -------- d-----w- C:\Users\Lynn\AppData\Local\Avg2014 2013-11-03 14:09:40 -------- d-----w- C:\Users\Xenia\AppData\Roaming\AVG2014 2013-11-03 14:08:34 -------- d-----w- C:\Users\Xenia\AppData\Local\Avg2014 2013-10-31 00:42:11 BF5D9497B55280768EAF444261AA3074 8430504 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2013-10-29 22:44:29 9725AB411E2DBFD31889DA006DF8EA3E 500712 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WPFFontCache_v0400-S-1-5-21-3117790893-1602038182-4091485983-1000-8192.dat ====== C:\Users\Guy ====== 2013-11-09 12:51:27 -------- d-----r- C:\Users\Martine & Guy\Dropbox 2013-11-08 10:12:03 FB2807BAF7D44CDDECD043852F00AAB2 206336 ----a-w- C:\ProgramData\4rlw409.dssearch ====== C: exe-files == 2013-11-09 12:48:09 273653EE7F9201F31834A9E6C5CDCF62 29769432 ----a-w- C:\Program Files\Dropbox\DropboxProxy.exe 2013-11-09 11:31:17 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Guy\AppData\Roaming\Microsoft\Installer\{220FB035-4744-483A-9A0B-41DF77061583}\IconF7A21AF7.exe 2013-11-09 11:31:17 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Guy\AppData\Roaming\Microsoft\Installer\{220FB035-4744-483A-9A0B-41DF77061583}\IconD7F16134.exe 2013-11-09 11:31:17 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Guy\AppData\Roaming\Microsoft\Installer\{220FB035-4744-483A-9A0B-41DF77061583}\IconCF33A0CE.exe 2013-11-09 11:27:15 0679D39A697632EBD50DD438AB633214 45665360 ----a-w- C:\Users\Guy\AppData\Local\Temp\SHSetup.exe 2013-11-09 11:11:12 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_c6736839-9f41-4039-847f-32e69da4d13c\PCGAppControlPluginLoader.exe 2013-11-09 11:11:06 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_e6605825-b7dc-4d2a-b5ed-c0978e76347e\PCGAppControlPluginLoader.exe 2013-11-08 11:58:41 CC801DD540558D6F1570683BCFEDC81D 90282768 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXPM59H\msert (1).exe 2013-11-08 11:58:29 CC801DD540558D6F1570683BCFEDC81D 90282768 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXPM59H\msert.exe 2013-11-08 11:10:22 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_2fea4e08-8a87-4ff2-b607-961a91a70740\PCGAppControlPluginLoader.exe 2013-11-08 11:10:04 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_bcb6d12b-ec02-48e0-aa39-4d5c66507374\PCGAppControlPluginLoader.exe 2013-11-07 10:44:14 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_c7627f59-693c-45d3-b38c-d90582aa5795\PCGAppControlPluginLoader.exe 2013-11-07 10:44:03 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_63c19102-7846-4413-b02c-12a002e3b5e1\PCGAppControlPluginLoader.exe 2013-11-06 07:48:26 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_56e5ddfd-dd44-4262-b747-3d9fe75d89cf\PCGAppControlPluginLoader.exe 2013-11-06 07:48:15 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_cde5833f-8dda-4def-860b-b747fb3dd139\PCGAppControlPluginLoader.exe === C: other files == 2013-11-12 15:45:10 EE16F27F6D5FF57779D00644C3449A94 29589259 ----a-w- C:\Users\Public\Desktop\sample_20131211_1645.zip 2013-11-12 15:41:42 E0F76F911DF0D2B65D0B2CF687381B54 7768 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112153221-l[1].zip 2013-11-12 15:41:42 9E59746D262A39A1F5F0824182B05CF0 404 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112153221-m[1].zip 2013-11-12 14:40:31 D67D7245FC6427B1B9A9A972E0C9C28B 381 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112142948-m[1].zip 2013-11-12 14:40:31 4672D16D9FEC04079D88A62DD848671F 694 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112142948-l[1].zip 2013-11-12 13:41:51 85B1E37415F3AB29C494A3A687A0C481 1314 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112132702-l[1].zip 2013-11-12 13:41:51 1A614C2F42DE1F3BD0DED5A4845F1B97 1831 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112132702-m[1].zip 2013-11-12 12:42:28 021B938A0CD64C65EE326ECF5241511F 428 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112122416-m[1].zip 2013-11-12 12:42:27 4DF12C1DE469B737021165548BD632C2 676 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112112130-l[1].zip 2013-11-12 12:42:27 294385CEEBBB9BCD3B8674B9ADE7AD6A 164 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112112130-m[1].zip 2013-11-12 12:42:27 2108B8D234DB1E9A04EBBD1413616F79 1030 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112122416-l[1].zip 2013-11-12 12:42:26 F2908B1781423A29F2C1942A3530788A 10419 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112091619-m[1].zip 2013-11-12 12:42:26 839F983C552C941FB6AC45E516F92384 376 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112101856-m[1].zip 2013-11-12 12:42:26 41074D986207CBFA0D291DDDA029ED22 983 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112101856-l[1].zip 2013-11-12 12:42:26 1659408F0A1872197F8849225ED331D7 1455 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112091619-l[1].zip 2013-11-12 12:42:16 7324B6C08B5D10757F9A5A3514CC4F72 3162 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112081341-m[1].zip 2013-11-12 12:42:16 539C08062ACEA155A1544ED12DABFADD 3849 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112070944-m[1].zip 2013-11-12 12:42:16 4659C9ECE200903D00C3B7A04A76DA77 1747 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112081341-l[1].zip 2013-11-12 12:42:15 F0F64294045A83D1CA2CFF7D72CD1A1B 1719 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112060708-l[1].zip 2013-11-12 12:42:15 CE81880529429599F24A862810DE2CA1 1634 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112070944-l[1].zip 2013-11-12 12:42:15 C502D55E78EB0C1F0A5DE0B83FEC2CBE 8253 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112050429-m[1].zip 2013-11-12 12:42:15 472BF938A3E40F1F1713F1F7D2A14BD7 3730 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112060708-m[1].zip 2013-11-12 12:42:14 9BD54AE8DFD3B7F5F404CA2983D91F5F 2884 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112050429-l[1].zip 2013-11-12 12:42:14 9B818491DFCB231A21294C4471349E3A 822 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112043249-m[1].zip 2013-11-12 12:42:14 558318C9C1C760F4B9970E8A8D8C8C63 1202 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112043249-l[1].zip 2013-11-12 12:42:13 3BA18ED13BD0BFBD4315329F420DF72E 10920 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112040127-m[1].zip 2013-11-12 12:42:10 E71C38EC0B12C04D37DD17331E4E1F4F 2814 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112033000-m[1].zip 2013-11-12 12:42:10 D3C0F2909B7C2133582337586B11ACCD 2157 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112040127-l[1].zip 2013-11-12 12:42:07 A6F3E026D3A51CBF66BAA649829D0D7C 1268 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112033000-l[1].zip 2013-11-12 12:42:06 E9AB963B79463280706CD10125E07B16 316 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112025839-m[1].zip 2013-11-12 12:42:06 B87BED1C21D9F9320BF4BC8A13D41F63 1825 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112025839-l[1].zip 2013-11-12 12:42:06 A684DCF5E5990F732F6AB850A1403BCE 219 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112022712-m[1].zip 2013-11-12 12:42:05 C834752D9611E6B9AD45F3B24CE4C02B 308 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112015545-l[1].zip 2013-11-12 12:42:05 82CF768DABF221226FFBC7D6329326A0 17510 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112015545-m[1].zip 2013-11-12 12:42:05 10384CD073DFD7FA74313305EB936D22 1600 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112022712-l[1].zip 2013-11-12 12:42:05 09FB6E349E6E9999C7AC29DD466CD388 734 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112012408-m[1].zip 2013-11-12 12:42:04 F76A22822CED57607D8F351EBEAC7C7F 1519 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112012408-l[1].zip 2013-11-12 12:42:04 E3B258E26640BB8EDEE2FDDF910E95CF 479 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131112005246-l[1].zip 2013-11-12 12:42:04 09120AF44AB029023244BEB313FCBDF0 703 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131112005246-m[1].zip 2013-11-12 12:42:03 AAD731B326FA418BDA2BDC5E7B76BEB4 366 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131112002110-m[1].zip 2013-11-12 12:42:03 471A203C82F6C8B8DE72C8634F7E39CE 164 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131111234950-m[1].zip 2013-11-12 12:42:03 0E546421A36A16DCD7221EF75AE83CC5 1585 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131112002110-l[1].zip 2013-11-12 12:42:02 DF83BB850FFB28D9992CB3A702835E51 530 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131111234950-l[1].zip 2013-11-12 12:42:02 CDB635A146219EC6896DFFFD91E1A7AA 1717 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131111231714-l[1].zip 2013-11-12 12:42:02 6CFFA939F037505BCE4482B9D493298F 3706 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131111231714-m[1].zip 2013-11-12 12:42:01 FFE8B07C7964BEA6481C60F2D5F8EF95 10527 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131111224553-m[1].zip 2013-11-12 12:42:01 DD92E813C2DD565D08A010C46E8DD8BE 4634 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131111224553-l[1].zip 2013-11-12 12:42:01 5163FE6F6C62177A84F9CBC8A8A2F01D 671 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131111221427-m[1].zip 2013-11-12 12:42:00 E54EB82D90444D306FB47FB931615988 485 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131111211149-m[1].zip 2013-11-12 12:42:00 93A3A88697CC68ADCB3EB55D39F950F3 1230 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131111221427-l[1].zip 2013-11-12 12:42:00 5F9074ED7F3B0BB174C5F1C666602326 713 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131111214306-l[1].zip 2013-11-12 12:42:00 0FCDC077C6746AFC00EB9C36C3A7E6F3 14051 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131111214306-m[1].zip 2013-11-12 12:41:59 EF347C045A7EEBE8B979BD8248BB229D 374 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L\131111204022-l[1].zip 2013-11-12 12:41:59 805799DD516E1D2FCB30760A5E809F5F 1770 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131111211149-l[1].zip 2013-11-12 12:41:59 4209A8187B23281F193260C969E7F3D4 12038 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\131111204022-m[1].zip 2013-11-12 12:41:58 D2A8B5ACD929FCEA8E032A9D13F0541F 1914 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSVW33V3\131111200856-m[1].zip 2013-11-12 12:41:58 A18AF6DD2F1C01BF37126432D666D9A2 1711 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131111200856-l[1].zip 2013-11-11 19:12:46 9D004A9963C585ECD54EE74D2229671E 192 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIWQ3KWL\131110200258-m[1].zip 2013-11-11 19:12:45 BDDDF3D968F1B893255A3997935ED5DA 392 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTXWKX71\131110193138-m[1].zip 2013-11-11 19:12:45 AD7ED4142023537A367C8A63DDD18820 214 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80VVP6H0\131110200258-l[1].zip 2013-11-11 19:12:44 E87CB9712666C9B63E720E5A728E574D 1002 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RM8ZDHK1\131110193138-l[1].zip 2013-11-11 19:12:44 8B0A8254A4D40560DB618CCE9962527F 806 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIWQ3KWL\131110182858-m[1].zip 2013-11-11 19:12:43 F17FDBBE6DDBE07C0E96ABE40ABD11D1 1092 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80VVP6H0\131110182858-l[1].zip 2013-11-11 19:12:43 73B5CD9744F84ADA3C47C32F02D4661B 466 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CIWQ3KWL\131110172406-m[1].zip 2013-11-10 22:13:01 9E59746D262A39A1F5F0824182B05CF0 404 ----a-w- C:\Users\Martine & Guy\AppData\Local\adaware\data\temp.zip 2013-11-09 15:39:18 2D2CFC0C2CBC983B6CD6F7C5BE13ACAF 755 ----a-w- C:\Users\Martine\AppData\Local\adaware\data\temp.zip 2013-11-09 14:59:42 459A6CEA4EAAA9100BAB80DE5D29B627 3225 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2PINDF\131109141734-m[1].zip 2013-11-09 14:59:41 5C76BBE25255C07B3ACF3F6EF85F7639 3909 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMQ8QLV1\131109131512-m[1].zip 2013-11-09 14:59:40 E1E511E9A200015C5861F4F6EF07F64E 980 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D24ZLW1E\131109121256-m[1].zip 2013-11-09 14:59:40 7D2D4FFB7892465709C138AAAB50C20A 2861 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ORJNL2X\131109131512-l[1].zip 2013-11-09 14:59:39 93775F0D5A0A5CE6E6FAE218D6F7149F 3177 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZHKQY9I\131109121256-l[1].zip 2013-11-09 14:59:39 3FED63A8F4879F9A8246C340C7C340D8 3734 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2PINDF\131109111034-m[1].zip 2013-11-09 14:59:38 EE443EF0049AF3319F15EC03844C5EE1 1338 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ORJNL2X\131109100816-l[1].zip 2013-11-09 14:59:38 C8AA5C090301AFD3420340CBAD37647C 338 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2PINDF\131109093650-l[1].zip 2013-11-09 14:59:38 B1B1CCB664D1B6676F504C06DAB10A3A 5035 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMQ8QLV1\131109100816-m[1].zip 2013-11-09 14:59:38 65E9542339D1747DB023A2E069221546 164 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZHKQY9I\131109093650-m[1].zip 2013-11-09 14:59:37 844A0E37DBE5EF3D3A948F066F91EED4 6235 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ORJNL2X\131109090540-l[1].zip 2013-11-09 14:59:37 3B324BA0D7BA8E725EAAEA40854A4B45 576 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZHKQY9I\131109083422-m[1].zip 2013-11-09 14:59:36 EC6A849822285FA59F60C33BFA6CD1B2 1271 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ORJNL2X\131109080315-l[1].zip 2013-11-09 14:59:36 55DF2B1C79DA472DE410D166CCB4BD56 1752 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2PINDF\131109083422-l[1].zip 2013-11-09 14:59:35 AB7EB48CE208C3EB9304B878A3CFC165 164 ----a-w- C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2PINDF\131109073200-m[1].zip 2013-11-09 14:52:40 459A6CEA4EAAA9100BAB80DE5D29B627 3225 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131109141734-m[1].zip 2013-11-09 14:52:39 B4671925DE12CC5430141FCC8F01F6DE 3602 ----a-w- C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR\131109141734-l[1].zip 2013-11-09 14:48:48 459A6CEA4EAAA9100BAB80DE5D29B627 3225 ----a-w- C:\Users\Martine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMVUPE0Y\131109141734-m[1].zip 2013-11-09 14:48:40 B4671925DE12CC5430141FCC8F01F6DE 3602 ----a-w- C:\Users\Martine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZ8VW5TQ\131109141734-l[1].zip 2013-11-09 11:32:00 68D4C35CAF6A46C2DA0A7A849296A936 6430080 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4.com 2013-11-08 22:20:47 64243F58246A9747E5377D89FE5C522D 164 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXPM59H\131108220543-m[1].zip 2013-11-08 22:20:46 84EA52017C67CD158F01C6556074D817 4639 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO45N0XM\131108213427-l[1].zip 2013-11-08 22:20:46 651470BF8350964717565AFB5C59E84D 1852 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNY3YUZ8\131108220543-l[1].zip 2013-11-08 22:20:46 2E08C17DD87B2A85BB262F8C33D57092 5111 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S8MZLT8\131108213427-m[1].zip 2013-11-08 21:20:44 F0466CC026D8BAE5371B4289885EDD54 1683 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXPM59H\131108203149-m[1].zip 2013-11-08 21:20:44 EBBEECBEA090F98B4E305631EFE03BED 2201 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNY3YUZ8\131108203149-l[1].zip 2013-11-08 20:20:41 4BAC7872522210BBD8D715B70785F05B 1739 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S8MZLT8\131108192927-l[1].zip 2013-11-08 20:20:41 2BED33EC6791E0870E440713DCC54A64 3848 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S8MZLT8\131108192927-m[1].zip 2013-11-08 19:20:36 9AA9F4F894303DFF59AEE34EDE2FDF59 3012 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXPM59H\131108182659-m[1].zip 2013-11-08 19:20:36 55D4A8FC953E70B1F0FF585292769D0E 1903 ----a-w- C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNY3YUZ8\131108182659-l[1].zip ==== Folders in C:\ProgramData 0-6 Months Old ====================== 2013-07-12 05:20:33 -------- d-----w- C:\ProgramData\Google 2013-07-21 14:46:10 -------- d-----w- C:\ProgramData\WorldWindData 2013-08-26 13:15:28 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-28 15:07:20 -------- d-----w- C:\ProgramData\AVG2014 ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid.xpi ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aobehlibfaccnkhjlpopfnlommbkghno - C:\ProgramData\SaveAs\aobehlibfaccnkhjlpopfnlommbkghno.crx[] dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[] jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files\TornTV.com\torn11.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[22/11/2012 10:30] pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files\1ClickDownload\oneclickdownloader10.crx[] SaveAs - Guy - Default\Extensions\aobehlibfaccnkhjlpopfnlommbkghno Torntv - Guy - Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf Skype for Chromium - Guy - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl OneClickDownload - Guy - Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco SaveAs - Martine - Default\Extensions\aobehlibfaccnkhjlpopfnlommbkghno Torntv - Martine - Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf Skype for Chromium - Martine - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Card number - Martine - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda OneClickDownload - Martine - Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco SaveAs - Xenia - Default\Extensions\aobehlibfaccnkhjlpopfnlommbkghno Google Docs - Xenia - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Xenia - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Xenia - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Xenia - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Xenia - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Torntv - Xenia - Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf Skype for Chromium - Xenia - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Gmail - Xenia - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia OneClickDownload - Xenia - Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ==== Chrome Fix ====================== C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.incredibar.com_0.localstorage-journal deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_s2e.scorecardresearch.com_0.localstorage deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_s2e.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobehlibfaccnkhjlpopfnlommbkghno deleted successfully C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobehlibfaccnkhjlpopfnlommbkghno deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobehlibfaccnkhjlpopfnlommbkghno deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aobehlibfaccnkhjlpopfnlommbkghno_0.localstorage deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aobehlibfaccnkhjlpopfnlommbkghno_0.localstorage-journal deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmlghpafmmnmmkjdhacccolfgnkiboco_0.localstorage deleted successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmlghpafmmnmmkjdhacccolfgnkiboco_0.localstorage-journal deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmlghpafmmnmmkjdhacccolfgnkiboco_0.localstorage deleted successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmlghpafmmnmmkjdhacccolfgnkiboco_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.sintsixtus.be/bierverkoopactueel.htm/" "Search Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Start Page"="http://www.sintsixtus.be/bierverkoopactueel.htm/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_USERS\S-1-5-21-3117790893-1602038182-4091485983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B0B42FC4-4CA2-9472-7699-04806B570D32} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aobehlibfaccnkhjlpopfnlommbkghno deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Lynn\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Xenia\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L will be deleted at reboot C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX will be deleted at reboot C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR will be deleted at reboot C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Xenia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Guy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\811G3Z1L" not found "C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX" not found "C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5K133GR" not found ==== EOF on di 12/11/2013 at 17:50:55,19 ====================== het is een hele boterham, sorry, khoop dat het juist is, Grtz, en alvast bedankt, Guy
- 12 november 2013
- 8 antwoorden
FCCU-virus verwijderen

Guy R plaatste een topic in Archief Bestrijding malware & virussen

Beste, via dit forum heb ik gelezen hoe je een FCCU-virus kan verwijderen, als ik goed begrepen heb plaats ik nu het resultaat van de HijackThis-scan hieronder en kan er iemand mij met verder helpen. ; Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14:56:02, on 12/11/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16514) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Dell V310-V510 Series\dleamon.exe C:\Program Files\Dell V310-V510 Series\ezprint.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\Microsoft Lync\communicator.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Users\Martine & Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Encarta\Encarta Naslagbibliotheek Winkler Prins\EDICT.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIILE.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Martine & Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXMHKDEX\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Kies uw taal - Choisissez votre langue: KMI - IRM R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit O1 - Hosts: ::1 localhost O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll O2 - BHO: HappyQuickPop - {8D644BBD-0FF3-B0EE-B876-72FB72C7AE6E} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [dleamon.exe] "C:\Program Files\Dell V310-V510 Series\dleamon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Dell V310-V510 Series\ezprint.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Guy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIILE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-205 207 Series" /EF "HKCU" O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"Koyle" O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [] (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [Google Update] "C:\Users\Guy\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIILE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-205 207 Series" /EF "HKCU" (User '?') O4 - HKUS\S-1-5-21-3117790893-1602038182-4091485983-1005\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"Koyle" (User '?') O4 - S-1-5-21-3117790893-1602038182-4091485983-1005 Startup: Dropbox.lnk = C:\Users\Martine & Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?') O4 - Startup: Dropbox.lnk = C:\Users\Martine & Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Invoegtoepassing voor Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra 'Tools' menuitem: Invoegtoepassing voor Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.aww.be O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - MSN Games - Free Online Games O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.google.com/s/v/e/37.09/HboD-mApHAo/uploader2.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - MSN Games - Free Online Games O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.extrafilm.be/ImageUploader5.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - MSN Games - Free Online Games O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - Beschermde Blog ? Inloggen O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://webcam-pcroom.econ.kuleuven.ac.be/activex/AxisCamControl.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - MSN Games - Free Online Games O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - http://grobet24u.be.photo-online.com/ImageUploader4.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - MSN Games - Free Online Games O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- End of file - 19169 bytes hopelijk valt de oplossing mee alvast bedankt, Grtz, Guy
- 12 november 2013
- 8 antwoorden

Inloggen

Guy R

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door Guy R

gebruiker kan niet aanmelden

FCCU-virus verwijderen

FCCU-virus verwijderen

FCCU-virus verwijderen

FCCU-virus verwijderen

FCCU-virus verwijderen

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie