Yvontje82

Hallo Asus, Bedankt voor je snelle reactie. Helaas krijg ik een foutmelding bij het uitvoeren van RSIT. Zie bijgevoegde printscreen. Groetjes Yvonne

Beste, Na het opschonen van de PC van mijn oma, mag ik nu ook mijn vader helpen met het opschonen van de zijne. Inmiddels heb ik al MBAM, adwcleaner en CCcleaner laten draaien. Zou iemand even kunnen kijken naar de logjes? Alvast bedankt. Groetjes Yvonne [ATTACH]34960[/ATTACH] [ATTACH]34961[/ATTACH] - - - Updated - - - Nu de juiste mbam logjes [ATTACH]34962[/ATTACH] [ATTACH]34963[/ATTACH] mbamlog 21-08-2014.txt AdwCleaner[S0].txt mbamlog3.txt mbamlog2.txt

Oh, nouja. Dat is dan zo. Nu heeft ze weer wat extra ruimte om nieuwe liedjes op te slaan Zijn er nog wat andere dingen die we nu nog moeten doen? Groetjes

Poeh, daar vraag je me wat. Ik kan het alleen omschrijven als de bestanden van liedjes en films die ze heeft gedownload via spotnet. Alles wat ze na de schoning van de PC heeft gedownload werkt wel gewoon. Hopelijk kun je hier iets mee? Kun je me anders uitleggen wat je verder nog aan informatie nodig hebt? Met vriendelijke groet, Yvonne

Hallo Kape, Hierbij het logje van Adwcleaner. Mijn oma had alleen een vraagje over haar downloads van spotnet. Al haar downloads zijn verdwenen. Staan die mogelijk nu ergens anders of waren die besmet waardoor ze zijn verwijderd? Ze waren verwijderd na de acties van zoek.exe. Weet niet of het de eerste of tweede is. Groetjes Yvonne [ATTACH]34552[/ATTACH] AdwCleaner[S0].txt

Hoi Kape, Hier het logje. Groetjes [ATTACH]34349[/ATTACH] zoek-results.txt

Hallo Kape, Om de een of andere reden heeft mijn oma nu ineens weer internet. Waarschijnlijk is er toevallig rond dezelfde periode een storing geweest oid. Ik ben nu dus bij mijn oma en heb het logje voor je bij dit bericht gevoegd. PC is gelukkig al een heel stuk sneller nu. Alleen al het opstarten Groetjes Yvonne [ATTACH]34346[/ATTACH] zoek-results.txt

Ja, die heeft wel gelopen. Ik beschikte helaas niet ovr een USB stick om de log meer te nemen. Ik zag een deze dagen terug gaan met USB stick. Dan plaats ik het logje alsnog hier op het forum.

Hallo iEscape, Ik had iets duidelijker moeten zijn in het vorige bericht, maar we kunnen het internet niet op komen. Ik benader dit forum nu via mijn mobiel. Ik heb nog even iets anders geprobeerd, maar het lukt mij niet om plaatjes te uploaden met mijn telefoon.... Ik zit nu nog bij mijn oma. Ik zal als ik straks this ben de foto uploaden vanaf mijn pc. Groetjes Yvonne

Hallo Kape, Ik had eindelijk tijd om bij mijn om langs te gaan en heb gedaan wat je zei, maar......krijg nu bij het opstarten van de internetbrowser de melding : "De proxyserver reageert niet". Ik heb inmiddels alle mogelijkheden doorlopen met behulp van KPN, maar zij komen er ook niet uit. Ik had graag een foto erbij gedaan, maar die is blijkbaar te zwaar.... Kun jij ons misschien hiermee helpen? Groetjes Yvonne

Hallo Kape, Dank je voor je berichtje. Hier was ik al bang voor, hihi. Ik zal zorgen dat ik een van deze dagen weer bij mijn oma ben en zal dan je opdracht uitvoeren. Groetjes en fijne avond nog. Yvonne

hallo Asus, Ik had voor dat ik je berichtje had gelezen MBAM al laten draaien. Heb nu inmiddels al een paar keer geprobeerd om de log in te voegen, maar het verwerken blijkt langer te duren van 30 sec en dan verschijnt een fatal error melding. Ik was even weg gegaan voor een kleine boodschap, maar toen ik weg ging had MBAM al 154 dingen gedetecteerd.... Als het nodig is dan wil ik straks nog wel een keer kijken of het me lukt om de log te laden en anders mail ik het naar mijn mail en dan post ik het vanavond vanaf mijn eigen PC eventjes. Ik zal nu gaan doen wat jij hierboven hebt beschreven. Groetjes Yvonne - - - Updated - - - [ATTACH]34043[/ATTACH] - - - Updated - - - [ATTACH]34044[/ATTACH] En dan hierbij het MBAM logje log rst.txt log mbam.txt

hjhdhdhs

Hallo, Mijn oma van 80+ heeft inmiddels al enkele jaren een PC. Maar om de zoveel tijd krijgen we van haar een telefoontje met de vraag of we haar kunnen helpen, want.... - haar PC is erg langzaam...of - ze heeft weer iets gedownload wat ze er niet af krijgt, of - ze heeft weer een nieuw programma gekocht dat haar moet helpen om de PC op te schonen, maar het lukt niet - en meer van dat soort telefoontjes.... Mijn oma heeft een paar jaar terug een cursus engels gedaan (zodat ze haar soaps beter kon begrijpen ), maar het technische digi-engels is voor haar natuurlijk veels te lastig (met alle respect hoor). Ze geeft ook toe dat als ze het niet begrijpt toch maar gewoon op "OK" klikt... (oh, nee!))) Nu zit ik bij haar thuis en haar PC is inderdaad nu inderdaad traag. Hij doet er nu al bijna 10 tot 15 minuten over om een google toolbar te verwijderen en nog is die bezig. Kunnen jullie mij (en de rest van de familie) misschien helpen om mijn oma's PC weer een beetje op te schonen? Niet alleen vanwege de waarschijnlijk ontzettende vele virussen oid die erop zitten, maar ook gewoon de echt overbodige programma's eraf te halen. Er zijn inmiddels zoveel programma's beschikbaar op het internet en ik moet eerlijk zeggen dat ik ook echt geen idee heb welke programma's echt goed werken en nuttig zijn (natuurlijk eea in samenspraak met mijn oma). Een heleboel programma's heeft mijn oma erop staan, want "ach wat kan het voor kwaad en ik dacht dat het me zou helpen...". Pfff. Ik hoor graag van van jullie.... Het zou ons iig heel erg helpen.... Groetjes Yvonne

Helemaal TOP! Dank je wel, wederom ;-)

Hoi Jion, Hieronder het JRT-logje. Ik had voordat ik je bericht had gelezen ook al CCCleaner laten draaien. ;-) Groetjes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by Yvonne on zo 09-03-2014 at 20:33:21,17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Yvonne\AppData\LocalLow\FCTB000062781 ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on zo 09-03-2014 at 20:43:59,06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.020 - Report created 09/03/2014 at 20:12:31 # Updated 27/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Yvonne - YVONNE-HP # Running from : C:\Users\Yvonne\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File Deleted : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKCU\Software\Classes\iLivid.torrent Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_safari_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_safari_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_web-creator_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_web-creator_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Web Assistant Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v24.0 (nl) [ File : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\prefs.js ] Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=amonetizetest1-ff&s_qt=sb&tb_uuid=6E325D1C86524114B0FFD3C020A22E18&tb_oid=01-05-2013&tb_mrud=02-05-2013[...] -\\ Google Chrome v33.0.1750.146 [ File : C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6740 octets] - [09/03/2014 20:11:21] AdwCleaner[s0].txt - [6299 octets] - [09/03/2014 20:12:31] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6359 octets] ##########

Hierbij het HJT-logje: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 21:32:39, on 23-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) FIREFOX: 24.0 (nl) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Yvonne\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe C:\Users\Yvonne\Desktop\HijackThis.exe C:\Users\Yvonne\AppData\Local\Temp\MSI2EE0.tmp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11224 bytes

Beste, Na een melding van PC-veilig dat er een trojan is verwijderd heb ik MBAM er even overheen laten gaan en toch nog een paar virussen gevonden. Hieronder het logje. Ik ga mijn PC nu herstarten en Hijackthis laten draaien. Daarna post ik ook het logje daarvan. Zouden jullie kunnen kijken wat ik er nog meer vanaf zou moeten halen...? Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2014.02.23.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Yvonne :: YVONNE-HP [administrator] 23-2-2014 21:08:08 mbam-log-2014-02-23 (21-08-08).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 261902 Verstreken tijd: 10 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 3 C:\$RECYCLE.BIN\S-1-5-21-2155248324-3539292037-1374523505-1000\$RCHOMNB.exe (PUP.Optional.4Shared) -> Succesvol in quarantaine geplaatst en verwijderd. C:\$RECYCLE.BIN\S-1-5-21-2155248324-3539292037-1374523505-1000\$RG0G067.exe (PUP.Optional.4Shared) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\9EDCJC03\SoftonicDownloader_voor_website-x5.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

Hoi Jion. Dat politievirus was met het uitvoeren van het script in zoek.exe al opgelost. Ik zat zelf niet achter de PC toen het virus verscheen en we hebben nadien de PC ook niet meer uitgezet (met het idee dat opstarten dan mogelijk niet meer mogelijk was), maar het virus uitte zich in de browser van IE versie 9. Verder heb ik alle handelingen zoals beschreven uitgevoerd. Alleen bij het installeren van Java kreeg ik niet het bestand jxpiinstall.exe aangeboden, maar JavaSetup7u45. Met vriendelijke groet, Yvonne

Ik had met rechtermuisklik niet de mogelijkheid om "als administrator" te kiezen. DDS (Ver_2012-11-05.02) - NTFS_AMD64 Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2 Run by Yvonne at 17:51:47 on 2013-12-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2305 [GMT 1:00] . AV: PC Veilig 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: PC Veilig 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: PC Veilig 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k apphost C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE C:\Program Files (x86)\PC Veilig\Anti-Virus\FSGK32.EXE C:\Windows\system32\svchost.exe -k ftpsvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\PC Veilig\Anti-Virus\fssm32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\PC Veilig\Common\FSLAUNCH.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.nl/ uSearch Bar = Preserve mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup uRun: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup mRun: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash mRun: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Yvonne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: HideFastUserSwitching = dword:0 IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: C:\Program Files (x86)\PC Veilig\FSPS\program\FSLSP.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab TCP: NameServer = 192.168.2.254 TCP: Interfaces\{00FD4177-C23D-46E3-88DF-567CE2664FE7} : DHCPNameServer = 192.168.2.254 TCP: Interfaces\{FE0C91F8-4195-459F-B0D9-1B29F873801A} : DHCPNameServer = 192.168.42.129 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=amonetizetest1-ff&s_qt=sb&tb_uuid=6E325D1C86524114B0FFD3C020A22E18&tb_oid=01-05-2013&tb_mrud=02-05-2013 FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-10-09 22:33; {53A03D43-5363-4669-8190-99061B2DEBA5}; C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-5-11 56016] R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\PC Veilig\HIPS\drivers\fshs.sys [2013-5-11 59784] R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2013-5-11 94024] R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [2013-5-11 16768] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-2 203264] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe [2013-5-11 221608] R2 ftpsvc;Microsoft FTP-service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-2-2 1128952] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-2-2 116240] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2013-5-11 202176] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-2-2 1002848] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2013-5-11 50384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe [2013-5-11 60352] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392] S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-21 1255736] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsfilter.sys [2013-5-11 41640] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsrec.sys [2013-5-11 27048] . =============== Created Last 30 ================ . 2013-12-04 21:26:47 -------- d-sh--w- C:\$RECYCLE.BIN 2013-12-04 21:21:27 24064 ----a-w- C:\Windows\zoek-delete.exe 2013-12-04 21:21:26 -------- d-----w- C:\Users\Yvonne\AppData\Local\Temp 2013-12-03 09:15:30 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A36D5BD-8E9B-461C-92B8-1FB28E8CDBD8}\mpengine.dll 2013-11-22 10:50:50 -------- d-----w- C:\Program Files (x86)\Steam 2013-11-21 23:03:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-21 23:03:36 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-21 23:03:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-21 23:03:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-21 23:03:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-21 23:03:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-21 23:03:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-20 10:11:11 306688 ----a-w- C:\Windows\IsUninst.exe 2013-11-19 00:25:56 45056 ----a-r- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe 2013-11-19 00:25:56 45056 ----a-r- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe 2013-11-19 00:25:56 45056 ----a-r- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe 2013-11-19 00:25:51 -------- d-----w- C:\Program Files (x86)\GameShadow 2013-11-19 00:16:28 -------- d-----w- C:\Program Files (x86)\Firefly Studios 2013-11-19 00:15:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2013-11-19 00:15:28 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2013-11-19 00:15:28 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2013-11-19 00:15:28 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2013-11-19 00:15:27 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2013-11-19 00:15:21 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2013-11-19 00:15:20 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2013-11-18 18:24:06 -------- d-----w- C:\Users\Yvonne\AppData\Local\PDFC 2013-11-18 17:40:13 -------- d-----w- C:\zoek_backup 2013-11-13 22:13:36 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-13 22:13:35 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-11-13 22:13:21 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-13 22:13:08 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-11-13 22:13:06 197120 ----a-w- C:\Windows\System32\credui.dll 2013-11-13 22:13:06 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-11-13 22:13:06 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-11-13 22:13:05 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-11-13 22:13:05 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll . ==================== Find3M ==================== . 2013-11-11 04:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-09 01:29:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 01:29:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-08 05:51:05 873384 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-10-08 05:51:00 796072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-10-08 05:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll . ============= FINISH: 17:52:36,54 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-05.02) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 20-5-2011 20:48:20 System Uptime: 5-12-2013 17:42:58 (0 hours ago) . Motherboard: PEGATRON CORPORATION | | 2A99 Processor: AMD Athlon II X4 640 Processor | CPU 1 | 1800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 918 GiB total, 825,744 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1,639 GiB free. E: is CDROM (CDFS) F: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: F-Secure Email Scanning Driver Device ID: ROOT\LEGACY_FSES\0000 Manufacturer: Name: F-Secure Email Scanning Driver PNP Device ID: ROOT\LEGACY_FSES\0000 Service: FSES . ==== System Restore Points =================== . RP299: 22-11-2013 3:00:14 - Windows Update RP300: 22-11-2013 11:50:01 - Installed Steam RP301: 26-11-2013 7:46:10 - Windows Update RP302: 29-11-2013 14:54:58 - Windows Update RP303: 3-12-2013 10:14:29 - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Agatha Christie - Peril at End House ATI Catalyst Install Manager ATI Stream SDK v2 Developer AVG Security Toolbar Bejeweled 2 Deluxe Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Bounce Symphony Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chuzzle Deluxe CyberLink DVD Suite Deluxe Dora's World Adventure DVD Menu Pack for HP MediaSmart Video Farm Frenzy FATE Final Drive Nitro Free Audio CD Burner version 1.4.8 Free YouTube Download version 3.1.35.903 Free YouTube to MP3 Converter version 3.11.22.508 GameShadow Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Customer Experience Enhancements HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP Odometer HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update HP Vision Hardware Diagnostics HTC BMP USB Driver HTC Driver Installer HTC Sync HydraVision Java 2 Runtime Environment, SE v1.4.2_05 Java 2 SDK, SE v1.4.2_05 Java 7 Update 45 Java Auto Updater Java 6 Update 25 (64-bit) JCreator LE 3.10 KPN Draadloos Netwerk Assistent LabelPrint LightScribe System Software LMSOFT Web Creator Pro 6 Magic Desktop Malwarebytes Anti-Malware versie 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Starter 2010 - Nederlands Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 24.0 (x86 nl) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) MusicStation Mystery P.I. - The London Caper NVIDIA Drivers NVIDIA ForceWare Network Access Manager PC Veilig PDF Complete Special Edition Penguins! PhotoNow! PictureMover Pizza Chef 2 Plants vs. Zombies PlayReady PC Runtime amd64 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector QuickTime Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Skype™ 6.9 Spotify Steam Stronghold Legends Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Virtual Villagers 4 - The Tree of Life Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables World Cup Cricket 20-20 World of Tanks Zuma Deluxe . ==== End Of File ===========================

Zoek.exe Version 4.0.0.5 Updated 30-November-2013 Tool run by Yvonne on wo 04-12-2013 at 21:54:22,53. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Yvonne\Downloads\Zoek.zip\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results2013-04-03-190126.log 32611 bytes C:\zoek-results2013-11-18-182353.log 30991 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Yahoo not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-11-20 10:11:11 515E4684008E955DE0C81E6A7AEA1C2A 306688 ----a-w- C:\Windows\IsUninst.exe ====== C:\Users\Yvonne\AppData\Local\Temp ==== 2013-11-25 04:20:17 316BC1B77C9753CBCD49B3990DF56A8C 35095200 ----a-w- C:\Users\Yvonne\AppData\Local\Temp\SkypeSetup.exe 2013-11-24 15:50:43 C12AA09AA5947BD28EDF2F94C341BFDE 465920 ----a-w- C:\Users\Yvonne\AppData\Local\Temp\COMAP.EXE ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-11-21 23:03:36 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2013-11-21 23:03:36 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2013-11-21 23:03:36 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2013-11-21 23:03:36 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2013-11-21 23:03:36 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2013-11-21 23:03:35 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2013-11-21 23:03:35 9406D801042FAF859CF81B2C886413DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2013-11-18 18:24:11 C322FF035DF8C05214F40D2DEAE3C31A 522 ----a-w- C:\Windows\Tasks\Scheduled scanning task.job 2013-11-18 18:24:11 60BD9C3643BA94647DCAAA0E5BD19507 3298 ----a-w- C:\Windows\Sysnative\Tasks\Scheduled scanning task 2013-11-18 17:06:24 8E88250AA0DF4DB801BEC75F38F44829 3272 ----a-w- C:\Windows\Sysnative\Tasks\{FA80624A-0168-492C-9323-D6B2765CDCF5} 2013-11-12 21:55:28 50122F2242E5CC7628A0D34B4FB8B241 3094 ----a-w- C:\Windows\Sysnative\Tasks\{88A11318-C758-4CB3-961A-78A3829777C7} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2013-11-22 10:50:50 -------- d-----w- C:\PROGRA~2\Steam 2013-11-19 00:25:51 -------- d-----w- C:\PROGRA~2\GameShadow 2013-11-19 00:16:28 -------- d-----w- C:\PROGRA~2\Firefly Studios ======= C: ===== ====== C:\Users\Yvonne\AppData\Roaming ====== 2013-11-24 15:50:40 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\CyberLink 2013-11-19 00:25:56 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow 2013-11-18 18:24:06 -------- d-----w- C:\Users\Yvonne\AppData\Local\PDFC 2013-11-18 18:01:45 -------- d-----w- C:\Users\Yvonne\AppData\Local\Temp ====== C:\Users\Yvonne ====== 2013-11-22 10:50:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2013-11-19 00:23:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios ====== C: exe-files == 2068-06-03 20:05:14 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jusched.exe 2068-06-03 20:05:14 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jucheck.exe 2068-06-03 20:05:12 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jusched.exe 2068-06-03 20:05:12 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jucheck.exe 2013-11-30 06:03:32 C6CA25804A7F161D3D9986DF5A305EBD 29400 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BeforeUpgradingToWin81.exe 2013-11-30 06:03:32 9DDACC673C7EE9F8C8FFE66E0EA1AA5A 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_AfterUpgradingToWin81.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" "Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "F-Secure Manager"="C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE /splash" "F-Secure TNB"="C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" "Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2012-01-22 10:21:25 1316 ----a-w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2012-03-01 15:50:33 2029 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35] C:\Windows\tasks\HPCeeScheduleForYVONNE-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15] C:\Windows\tasks\HPCeeScheduleForYvonne.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15] C:\Windows\tasks\Scheduled scanning task.job --a------ C:\PROGRA2\PCVEIL1\ANTI-V1\fsav.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForYvonne" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForYVONNE-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe] "C:\Windows\SysNative\tasks\Scheduled scanning task" [C:\PROGRA~2\PCVEIL~1\ANTI-V~1\fsav.exe] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{38DF59D7-67EE-4B6C-B405-FBB323BC92E6}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading] "C:\Windows\SysNative\tasks\{82AE7F7E-0A46-4FA9-9B61-83F712DAD24C}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading] "C:\Windows\SysNative\tasks\{88A11318-C758-4CB3-961A-78A3829777C7}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\{B8920AB9-3F4C-4BF0-BD57-65B099240783}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\{CEF387AE-FE17-4327-AE07-38934CF7FB9A}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "litmus-ff@f-secure.com"="C:\Program Files (x86)\PC Veilig\NRS\litmus-ff@f-secure.com" [03-12-2013 12:15] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} - ScrapBook Plus - %ProfilePath%\extensions\scrapbookplus@addons.mozilla.org.xpi - ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi - Pinterest Pin Button - %ProfilePath%\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi - Search By Image by Google - %ProfilePath%\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.450.18 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {443789B7-F39C-4b5c-9287-DA72D38F4FE6} AOL Search Url="AOL Search" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yvonne\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0D5H89SD will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12C0O2F1 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1H77R58Y will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FN3JC16 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6N1WZAJP will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ONE59RI will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YI0DQFO will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HJLI4R2R will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QH34C23S will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RUE42NJT will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD3M1F73 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XN168W6U will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Yvonne\AppData\Local\Mozilla\Firefox\Profiles\6hgtzfhm.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Yvonne\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0D5H89SD" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12C0O2F1" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1H77R58Y" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FN3JC16" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6N1WZAJP" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ONE59RI" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YI0DQFO" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HJLI4R2R" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QH34C23S" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RUE42NJT" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD3M1F73" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XN168W6U" not found ==== EOF on wo 04-12-2013 at 22:26:35,51 ======================

Hallo jion, Helaas was ik vergeten om de handelingen uit je laatste bericht nog te doen, dus.....ben weer gepakt door dat virus. Kan ik dan weer dat script uitvoeren dat je eerder had geplaatst of is dat toch steeds net anders...? Hierbij het MBAM log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.12.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 4-12-2013 16:50:16 mbam-log-2013-12-04 (16-50-16).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 251069 Verstreken tijd: 10 minuut/minuten, 17 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Hierbij het HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:51:43, on 4-12-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16520) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Yvonne\Downloads\HijackThis(1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11469 bytes

Zoek.exe Version 4.0.0.5 Updated 14-November-2013 Tool run by Yvonne on ma 18-11-2013 at 18:40:33,01. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Yvonne\Downloads\Zoek.zip\zoek\zoek.exe [script inserted] ==== Older Logs ====================== C:\zoek-results2013-04-03-190126.log 32611 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\Cossacks - Back To War deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\Symantec deleted successfully C:\Program Files\Common Files\Symantec Shared deleted successfully C:\ProgramData\Babylon deleted successfully C:\ProgramData\Hitman Pro deleted successfully C:\ProgramData\Oracle deleted successfully C:\ProgramData\vpywv deleted successfully C:\Users\Yvonne\AppData\Roaming\8723ED43 deleted successfully C:\Users\Yvonne\AppData\Roaming\Dava deleted successfully C:\Users\Yvonne\AppData\Roaming\Opewn deleted successfully C:\Users\Yvonne\AppData\Roaming\TP deleted successfully C:\Users\Yvonne\AppData\Roaming\Yzroy deleted successfully C:\Users\Yvonne\AppData\Local\PDFC deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\PROGRA~2\COMMON~1\Plasmoo deleted C:\Users\Yvonne\AppData\Roaming\LimeWirePlus deleted C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\ProgramData\R8BL8vf.dat deleted C:\ProgramData\boost_interprocess deleted C:\Users\Yvonne\AppData\Local\SwvUpdater deleted C:\Users\Yvonne\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\SCHEDU~1.JOB deleted C:\Windows\Syswow64\shoB9BF.tmp deleted C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\searchplugins\aol-search.xml deleted "C:\Users\Yvonne\AppData\Local\1499ebd4" deleted "C:\ProgramData\24849327-4c0f-4727-b46a-8e2b07995d37" deleted "C:\ProgramData\jmqosobgtlodwgp" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\52660738-6950-4a85-8b59-3b5d5459e59d" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\52cd583f-f0fd-4ebb-b360-7279ec06fd67" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\75d73252-abef-4bae-b9ce-7256ed841a8b" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\9105e910-27c2-44cb-a738-ad5c1f70e28e" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\98b62fc2-4a32-47a3-8a5c-d3ed45d98fa3" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\d6271337-d0d9-4e06-8fc3-f22d9190fa80" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\e633c52d-378d-402f-b4c3-8ed1586c6d44" deleted "C:\Users\Yvonne\AppData\Roaming\CACHE\~.~" deleted "C:\Users\Yvonne\AppData\Roaming\Neyny\cixi.tmp" deleted "C:\Programdata\Windows\sysprep.exe" deleted "C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391" deleted "C:\Users\Yvonne\AppData\Roaming\CACHE" deleted "C:\Users\Yvonne\AppData\Roaming\Neyny" deleted "C:\Programdata\Windows" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Yvonne\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-14 02:06:39 B798365F54AF889BFD7D04ED75C016B7 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-11-14 02:06:39 677857FAC307E46E44F710B6C6F84607 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2013-11-14 02:06:39 3CC9655434741363AF977498A2B5E425 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2013-11-14 02:06:38 E2E9F49C84C49C2DB5ADAF85D8CD8F1C 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-11-14 02:06:38 E26C86DE3AC36D09D201691B9D482D5B 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-11-14 02:06:38 C36E38AD3C7FAFF0E30C4CBCB28CE7FB 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-11-14 02:06:38 26ED02FA7B11FBFD87D4FF304EFFFFBF 231936 ----a-w- C:\Windows\SysWOW64\url.dll 2013-11-14 02:06:37 E1092FB18A2D53DFC20D2EA8AC158E4B 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-11-14 02:06:37 B8D440F705D52D9167C572ECF6522E89 1104896 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-11-14 02:06:37 AB3F4974C87DC6DE7E427CF713E88B28 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-11-14 02:06:36 FFA200640B887CBB737DA74C299BCE62 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-11-14 02:06:36 D36137E26569D22B6C395EB68CBE0018 1806848 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-11-14 02:06:36 58C300DB5ED80A46A778DECB9D02DA57 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-11-14 02:06:36 375652E4B01E421683437896DA8D76C4 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-11-14 02:06:35 AC986A1AD35CDBF07B0E5D1AC9D527B5 12344832 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-11-14 02:06:32 048FF8515CE100990423E96678112CDF 9739264 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-11-13 22:13:35 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-11-13 22:13:06 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-11-13 22:13:05 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll 2013-11-13 22:13:05 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 22:12:41 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-11-13 22:12:39 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 22:12:39 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-11-13 22:12:39 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-11-13 22:12:30 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2013-11-13 22:12:25 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 22:12:25 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-14 02:06:39 714E9503AC7048E0212F79D8C1D6C3A7 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-11-14 02:06:39 3A4DB794F4B7FC36690A0A937A30B18B 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2013-11-14 02:06:38 C4AA30C01694001B8374CC62BF9AE6FF 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-11-14 02:06:38 88C40415EEB19F947E2105D48E87D1D2 248320 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-11-14 02:06:38 794F7FCD48CCB49BB1970904EA8E57C4 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-11-14 02:06:38 4971D89BD84E2F01DA004E4FAC202EED 237056 ----a-w- C:\Windows\Sysnative\url.dll 2013-11-14 02:06:37 E14025BFE959C7CFA495021AB93DB8ED 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-11-14 02:06:37 CDACE6BF6B7ECD8463430AF5318B4A38 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-11-14 02:06:37 979ADB9662E543212D786AADB6964E15 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-11-14 02:06:37 7873D45AA2C725D95A016898940FFB75 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-11-14 02:06:36 D914949662B98FAAEEBF37D0DC036BE6 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-11-14 02:06:36 BE18E52826AC6253F4BF2A814C9362D7 2334720 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-11-14 02:06:36 9A2FD60081F2B77C86C6A0D1A86B0170 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-11-14 02:06:36 4FBFB5A1DFFC744C352A03DCE1D41DDC 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll 2013-11-14 02:06:33 26088C2096E08A85816AD4B37D7E03E5 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-11-14 02:06:33 1CFBE5D5844FDB11E1589BC74260FBB4 17847296 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-11-13 22:13:36 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-11-13 22:13:08 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll 2013-11-13 22:13:06 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll 2013-11-13 22:13:06 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll 2013-11-13 22:12:42 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-11-13 22:12:40 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-11-13 22:12:39 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-11-13 22:12:39 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-11-13 22:12:39 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-11-13 22:12:38 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-11-13 22:12:38 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-11-13 22:12:30 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2013-11-13 22:12:26 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2013-11-13 22:12:26 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2013-11-13 22:12:25 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll ====== C:\Windows\Sysnative\drivers ===== 2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2013-11-18 17:06:24 8E88250AA0DF4DB801BEC75F38F44829 3272 ----a-w- C:\Windows\Sysnative\Tasks\{FA80624A-0168-492C-9323-D6B2765CDCF5} 2013-11-12 21:55:28 50122F2242E5CC7628A0D34B4FB8B241 3094 ----a-w- C:\Windows\Sysnative\Tasks\{88A11318-C758-4CB3-961A-78A3829777C7} 2013-10-21 13:27:12 C824E66D39EC8B63A00FBC2A28733843 3140 ----a-w- C:\Windows\Sysnative\Tasks\{C4E488D4-D9B1-4590-8E64-68B6D6FDB3B7} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2013-10-21 13:15:42 -------- d-----w- C:\PROGRA~2\LMSOFT ======= C: ===== ====== C:\Users\Yvonne\AppData\Roaming ====== 2013-10-21 14:48:52 -------- d-----w- C:\Users\Yvonne\AppData\Local\IsolatedStorage 2013-10-21 14:28:53 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LMSOFT 2013-10-21 13:39:55 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\CoffeeCup Software 2013-10-21 13:22:38 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\LMSOFT ====== C:\Users\Yvonne ====== 2013-10-27 23:27:02 -------- d-----w- C:\ProgramData\Protexis 2013-10-24 22:50:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2013-10-24 22:50:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2068-06-03 20:05:14 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jusched.exe 2068-06-03 20:05:14 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jucheck.exe 2068-06-03 20:05:12 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jusched.exe 2068-06-03 20:05:12 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jucheck.exe 2013-11-14 21:55:48 F06EE764FF00B7A049862C8D50D4215D 730976 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_31.0.1650.48_chrome_updater.exe 2013-11-14 02:06:38 E2E9F49C84C49C2DB5ADAF85D8CD8F1C 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-11-14 02:06:38 794F7FCD48CCB49BB1970904EA8E57C4 173056 ----a-w- C:\Windows\system64\ieUnatt.exe 2013-11-14 02:06:38 794F7FCD48CCB49BB1970904EA8E57C4 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-14 02:06:38 27DC2B3A141BE4566A0B45A5E5F4668A 763632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-11-14 02:06:38 06085B62BC7E0C8E2605CEA38774D956 757488 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-11-13 22:12:39 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\system64\lsass.exe 2013-11-13 22:12:39 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe === C: other files == 2013-11-17 13:54:39 B6D0C63FF10E6794C61ADCD10A4BDA30 31034 ----a-w- C:\Users\Yvonne\Documents\Huishoud\Portfolio Yvonne\sollicitiatiebobinfobeheerderanalist.zip 2013-11-17 13:54:09 3B865679B8C5E2327F8820AEC3AA11B3 977616 ----a-w- C:\Users\Yvonne\Documents\Huishoud\Portfolio Yvonne\bijlagen.zip 2013-11-15 16:08:09 ED3EC4C99E4B90DF9A9BF59132455599 852258 ----a-w- C:\Users\Yvonne\Documents\Cursussen cq studie\Polariteitmassage\bijlagen.zip 2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\system64\drivers\afd.sys 2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\system64\drivers\cng.sys 2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\system64\drivers\ksecpkg.sys 2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\system64\drivers\ksecdd.sys 2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" "Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "F-Secure Manager"="C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE /splash" "F-Secure TNB"="C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup" "Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2012-01-22 10:21:25 1316 ----a-w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2012-03-01 15:50:33 2029 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35] C:\Windows\tasks\HPCeeScheduleForYVONNE-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15] C:\Windows\tasks\HPCeeScheduleForYvonne.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForYvonne" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForYVONNE-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{38DF59D7-67EE-4B6C-B405-FBB323BC92E6}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading] "C:\Windows\SysNative\tasks\{82AE7F7E-0A46-4FA9-9B61-83F712DAD24C}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading] "C:\Windows\SysNative\tasks\{88A11318-C758-4CB3-961A-78A3829777C7}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\{B8920AB9-3F4C-4BF0-BD57-65B099240783}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\{CEF387AE-FE17-4327-AE07-38934CF7FB9A}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox" [] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "litmus-ff@f-secure.com"="C:\Program Files (x86)\PC Veilig\NRS\litmus-ff@f-secure.com" [29-10-2013 03:29] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} - ScrapBook Plus - %ProfilePath%\extensions\scrapbookplus@addons.mozilla.org.xpi - ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi - Pinterest Pin Button - %ProfilePath%\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi - Search By Image by Google - %ProfilePath%\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.450.18 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {443789B7-F39C-4b5c-9287-DA72D38F4FE6} AOL Search Url="AOL Search" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Unknown Url="Not_Found" {d944bb61-2e34-4dbf-a683-47e505c587dc} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} deleted successfully HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yvonne\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yvonne\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yvonne\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\725411SO will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2FC4FCGB will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57W2RGB4 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8Y1CDT1H will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQDN1GP1 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BKV32VCS will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D07G179B will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DD897VIJ will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EPCO261U will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6ZF3YL6 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FSLB6GJP will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IAN0DOF2 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KI15ZWG4 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ5J8PHL will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UM05VZXU will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UYIT7X1L will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUS2DVB9 will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Yvonne\AppData\Local\Mozilla\Firefox\Profiles\6hgtzfhm.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Yvonne\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\725411SO" deleted "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2FC4FCGB" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57W2RGB4" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8Y1CDT1H" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQDN1GP1" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BKV32VCS" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D07G179B" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DD897VIJ" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EPCO261U" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6ZF3YL6" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FSLB6GJP" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IAN0DOF2" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KI15ZWG4" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ5J8PHL" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UM05VZXU" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UYIT7X1L" not found "C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUS2DVB9" not found ==== EOF on ma 18-11-2013 at 19:23:53,44 ======================

Hallo, Vandaag werd ik weer verrast door een politie-virus. Ik heb al MBAM laten draaien en een infectie verwijderd, maar het politie-virus staat er nog steeds op. Zie hieronder het log-bestand van MBAM en HJT. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.11.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-HP [administrator] 18-11-2013 8:28:06 mbam-log-2013-11-18 (08-28-06).txt Scan type: Volledige scan (C:\|D:\|E:\|F:\|H:\|Q:\|) Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 495034 Verstreken tijd: 1 uur/uren, 57 minuut/minuten, 22 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 18:06:53, on 18-11-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16520) FIREFOX: 24.0 (nl) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\725411SO\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11303 bytes