Yvontje82
-
Items
165 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Yvontje82
-
-
Beste,
Na het opschonen van de PC van mijn oma, mag ik nu ook mijn vader helpen met het opschonen van de zijne.
Inmiddels heb ik al MBAM, adwcleaner en CCcleaner laten draaien.
Zou iemand even kunnen kijken naar de logjes?
Alvast bedankt.
Groetjes Yvonne
[ATTACH]34960[/ATTACH]
[ATTACH]34961[/ATTACH]
- - - Updated - - -
Nu de juiste mbam logjes
[ATTACH]34962[/ATTACH]
[ATTACH]34963[/ATTACH]
-
Oh, nouja. Dat is dan zo.
Nu heeft ze weer wat extra ruimte om nieuwe liedjes op te slaan
Zijn er nog wat andere dingen die we nu nog moeten doen?
Groetjes
-
Poeh, daar vraag je me wat. Ik kan het alleen omschrijven als de bestanden van liedjes en films die ze heeft gedownload via spotnet.
Alles wat ze na de schoning van de PC heeft gedownload werkt wel gewoon.
Hopelijk kun je hier iets mee?
Kun je me anders uitleggen wat je verder nog aan informatie nodig hebt?
Met vriendelijke groet,
Yvonne
-
Hallo Kape,
Hierbij het logje van Adwcleaner.
Mijn oma had alleen een vraagje over haar downloads van spotnet.
Al haar downloads zijn verdwenen. Staan die mogelijk nu ergens anders of waren die besmet waardoor ze zijn verwijderd?
Ze waren verwijderd na de acties van zoek.exe. Weet niet of het de eerste of tweede is.
Groetjes Yvonne
[ATTACH]34552[/ATTACH]
-
-
Hallo Kape,
Om de een of andere reden heeft mijn oma nu ineens weer internet. Waarschijnlijk is er toevallig rond dezelfde periode een storing geweest oid.
Ik ben nu dus bij mijn oma en heb het logje voor je bij dit bericht gevoegd.
PC is gelukkig al een heel stuk sneller nu. Alleen al het opstarten
Groetjes Yvonne
[ATTACH]34346[/ATTACH]
-
Ja, die heeft wel gelopen.
Ik beschikte helaas niet ovr een USB stick om de log meer te nemen. Ik zag een deze dagen terug gaan met USB stick. Dan plaats ik het logje alsnog hier op het forum.
-
Hallo iEscape,
Ik had iets duidelijker moeten zijn in het vorige bericht, maar we kunnen het internet niet op komen. Ik benader dit forum nu via mijn mobiel.
Ik heb nog even iets anders geprobeerd, maar het lukt mij niet om plaatjes te uploaden met mijn telefoon....
Ik zit nu nog bij mijn oma. Ik zal als ik straks this ben de foto uploaden vanaf mijn pc.
Groetjes Yvonne
-
Hallo Kape,
Ik had eindelijk tijd om bij mijn om langs te gaan en heb gedaan wat je zei, maar......krijg nu bij het opstarten van de internetbrowser de melding : "De proxyserver reageert niet".
Ik heb inmiddels alle mogelijkheden doorlopen met behulp van KPN, maar zij komen er ook niet uit.
Ik had graag een foto erbij gedaan, maar die is blijkbaar te zwaar....
Kun jij ons misschien hiermee helpen?
Groetjes Yvonne
-
Hallo Kape,
Dank je voor je berichtje.
Hier was ik al bang voor, hihi.
Ik zal zorgen dat ik een van deze dagen weer bij mijn oma ben en zal dan je opdracht uitvoeren.
Groetjes en fijne avond nog.
Yvonne
-
hallo Asus,
Ik had voor dat ik je berichtje had gelezen MBAM al laten draaien.
Heb nu inmiddels al een paar keer geprobeerd om de log in te voegen, maar het verwerken blijkt langer te duren van 30 sec en dan verschijnt een fatal error melding.
Ik was even weg gegaan voor een kleine boodschap, maar toen ik weg ging had MBAM al 154 dingen gedetecteerd....
Als het nodig is dan wil ik straks nog wel een keer kijken of het me lukt om de log te laden en anders mail ik het naar mijn mail en dan post ik het vanavond vanaf mijn eigen PC eventjes.
Ik zal nu gaan doen wat jij hierboven hebt beschreven.
Groetjes Yvonne
- - - Updated - - -
[ATTACH]34043[/ATTACH]
- - - Updated - - -
[ATTACH]34044[/ATTACH]
En dan hierbij het MBAM logje
-
-
Hallo,
Mijn oma van 80+ heeft inmiddels al enkele jaren een PC.
Maar om de zoveel tijd krijgen we van haar een telefoontje met de vraag of we haar kunnen helpen, want....
- haar PC is erg langzaam...of
- ze heeft weer iets gedownload wat ze er niet af krijgt, of
- ze heeft weer een nieuw programma gekocht dat haar moet helpen om de PC op te schonen, maar het lukt niet
- en meer van dat soort telefoontjes....
Mijn oma heeft een paar jaar terug een cursus engels gedaan (zodat ze haar soaps beter kon begrijpen ), maar het technische digi-engels is voor haar natuurlijk veels te lastig (met alle respect hoor). Ze geeft ook toe dat als ze het niet begrijpt toch maar gewoon op "OK" klikt... (oh, nee!)))
Nu zit ik bij haar thuis en haar PC is inderdaad nu inderdaad traag. Hij doet er nu al bijna 10 tot 15 minuten over om een google toolbar te verwijderen en nog is die bezig.
Kunnen jullie mij (en de rest van de familie) misschien helpen om mijn oma's PC weer een beetje op te schonen? Niet alleen vanwege de waarschijnlijk ontzettende vele virussen oid die erop zitten, maar ook gewoon de echt overbodige programma's eraf te halen. Er zijn inmiddels zoveel programma's beschikbaar op het internet en ik moet eerlijk zeggen dat ik ook echt geen idee heb welke programma's echt goed werken en nuttig zijn (natuurlijk eea in samenspraak met mijn oma). Een heleboel programma's heeft mijn oma erop staan, want "ach wat kan het voor kwaad en ik dacht dat het me zou helpen...". Pfff.
Ik hoor graag van van jullie....
Het zou ons iig heel erg helpen....
Groetjes Yvonne
-
Helemaal TOP!
Dank je wel, wederom ;-)
-
Hoi Jion,
Hieronder het JRT-logje.
Ik had voordat ik je bericht had gelezen ook al CCCleaner laten draaien. ;-)
Groetjes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Yvonne on zo 09-03-2014 at 20:33:21,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\Yvonne\AppData\LocalLow\FCTB000062781
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 09-03-2014 at 20:43:59,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
# AdwCleaner v3.020 - Report created 09/03/2014 at 20:12:31
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Yvonne - YVONNE-HP
# Running from : C:\Users\Yvonne\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File Deleted : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_safari_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_safari_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_web-creator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_web-creator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v24.0 (nl)
[ File : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=amonetizetest1-ff&s_qt=sb&tb_uuid=6E325D1C86524114B0FFD3C020A22E18&tb_oid=01-05-2013&tb_mrud=02-05-2013[...]
-\\ Google Chrome v33.0.1750.146
[ File : C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6740 octets] - [09/03/2014 20:11:21]
AdwCleaner[s0].txt - [6299 octets] - [09/03/2014 20:12:31]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6359 octets] ##########
-
Hierbij het HJT-logje:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:32:39, on 23-2-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
FIREFOX: 24.0 (nl)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Yvonne\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Users\Yvonne\Desktop\HijackThis.exe
C:\Users\Yvonne\AppData\Local\Temp\MSI2EE0.tmp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11224 bytes
-
Beste,
Na een melding van PC-veilig dat er een trojan is verwijderd heb ik MBAM er even overheen laten gaan en toch nog een paar virussen gevonden.
Hieronder het logje.
Ik ga mijn PC nu herstarten en Hijackthis laten draaien.
Daarna post ik ook het logje daarvan.
Zouden jullie kunnen kijken wat ik er nog meer vanaf zou moeten halen...?
Malwarebytes Anti-Malware 1.75.0.1300
Databaseversie: v2014.02.23.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Yvonne :: YVONNE-HP [administrator]
23-2-2014 21:08:08
mbam-log-2014-02-23 (21-08-08).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 261902
Verstreken tijd: 10 minuut/minuten, 48 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 3
C:\$RECYCLE.BIN\S-1-5-21-2155248324-3539292037-1374523505-1000\$RCHOMNB.exe (PUP.Optional.4Shared) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$RECYCLE.BIN\S-1-5-21-2155248324-3539292037-1374523505-1000\$RG0G067.exe (PUP.Optional.4Shared) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\9EDCJC03\SoftonicDownloader_voor_website-x5.exe (PUP.Optional.Softonic.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
-
Hoi Jion.
Dat politievirus was met het uitvoeren van het script in zoek.exe al opgelost. Ik zat zelf niet achter de PC toen het virus verscheen en we hebben nadien de PC ook niet meer uitgezet (met het idee dat opstarten dan mogelijk niet meer mogelijk was), maar het virus uitte zich in de browser van IE versie 9.
Verder heb ik alle handelingen zoals beschreven uitgevoerd. Alleen bij het installeren van Java kreeg ik niet het bestand jxpiinstall.exe aangeboden, maar JavaSetup7u45.
Met vriendelijke groet,
Yvonne
-
Ik had met rechtermuisklik niet de mogelijkheid om "als administrator" te kiezen.
DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.45.2
Run by Yvonne at 17:51:47 on 2013-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2305 [GMT 1:00]
.
AV: PC Veilig 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: PC Veilig 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Veilig 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
C:\Program Files (x86)\PC Veilig\Anti-Virus\FSGK32.EXE
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PC Veilig\Anti-Virus\fssm32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\PC Veilig\Common\FSLAUNCH.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.nl/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
uRun: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Yvonne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\PC Veilig\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{00FD4177-C23D-46E3-88DF-567CE2664FE7} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{FE0C91F8-4195-459F-B0D9-1B29F873801A} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=amonetizetest1-ff&s_qt=sb&tb_uuid=6E325D1C86524114B0FFD3C020A22E18&tb_oid=01-05-2013&tb_mrud=02-05-2013
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-09 22:33; {53A03D43-5363-4669-8190-99061B2DEBA5}; C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-5-11 56016]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\PC Veilig\HIPS\drivers\fshs.sys [2013-5-11 59784]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2013-5-11 94024]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [2013-5-11 16768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-2 203264]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe [2013-5-11 221608]
R2 ftpsvc;Microsoft FTP-service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-2-2 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-2-2 116240]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2013-5-11 202176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-2-2 1002848]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2013-5-11 50384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe [2013-5-11 60352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-21 1255736]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsfilter.sys [2013-5-11 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\PC Veilig\Anti-Virus\win2k\fsrec.sys [2013-5-11 27048]
.
=============== Created Last 30 ================
.
2013-12-04 21:26:47 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-04 21:21:27 24064 ----a-w- C:\Windows\zoek-delete.exe
2013-12-04 21:21:26 -------- d-----w- C:\Users\Yvonne\AppData\Local\Temp
2013-12-03 09:15:30 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A36D5BD-8E9B-461C-92B8-1FB28E8CDBD8}\mpengine.dll
2013-11-22 10:50:50 -------- d-----w- C:\Program Files (x86)\Steam
2013-11-21 23:03:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-21 23:03:36 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-21 23:03:36 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-21 23:03:36 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-21 23:03:36 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-21 23:03:35 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-21 23:03:35 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-20 10:11:11 306688 ----a-w- C:\Windows\IsUninst.exe
2013-11-19 00:25:56 45056 ----a-r- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2013-11-19 00:25:56 45056 ----a-r- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2013-11-19 00:25:56 45056 ----a-r- C:\Users\Yvonne\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2013-11-19 00:25:51 -------- d-----w- C:\Program Files (x86)\GameShadow
2013-11-19 00:16:28 -------- d-----w- C:\Program Files (x86)\Firefly Studios
2013-11-19 00:15:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-11-19 00:15:28 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-11-19 00:15:28 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-11-19 00:15:28 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-11-19 00:15:27 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-11-19 00:15:21 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-11-19 00:15:20 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-11-18 18:24:06 -------- d-----w- C:\Users\Yvonne\AppData\Local\PDFC
2013-11-18 17:40:13 -------- d-----w- C:\zoek_backup
2013-11-13 22:13:36 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 22:13:35 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 22:13:21 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 22:13:08 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-13 22:13:06 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-13 22:13:06 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 22:13:06 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-13 22:13:05 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-13 22:13:05 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
.
==================== Find3M ====================
.
2013-11-11 04:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 01:29:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:29:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-08 05:51:05 873384 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-10-08 05:51:00 796072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-10-08 05:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 17:52:36,54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-05.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20-5-2011 20:48:20
System Uptime: 5-12-2013 17:42:58 (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2A99
Processor: AMD Athlon II X4 640 Processor | CPU 1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 825,744 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1,639 GiB free.
E: is CDROM (CDFS)
F: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: F-Secure Email Scanning Driver
Device ID: ROOT\LEGACY_FSES\0000
Manufacturer:
Name: F-Secure Email Scanning Driver
PNP Device ID: ROOT\LEGACY_FSES\0000
Service: FSES
.
==== System Restore Points ===================
.
RP299: 22-11-2013 3:00:14 - Windows Update
RP300: 22-11-2013 11:50:01 - Installed Steam
RP301: 26-11-2013 7:46:10 - Windows Update
RP302: 29-11-2013 14:54:58 - Windows Update
RP303: 3-12-2013 10:14:29 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Agatha Christie - Peril at End House
ATI Catalyst Install Manager
ATI Stream SDK v2 Developer
AVG Security Toolbar
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CyberLink DVD Suite Deluxe
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Farm Frenzy
FATE
Final Drive Nitro
Free Audio CD Burner version 1.4.8
Free YouTube Download version 3.1.35.903
Free YouTube to MP3 Converter version 3.11.22.508
GameShadow
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
HydraVision
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 SDK, SE v1.4.2_05
Java 7 Update 45
Java Auto Updater
Java 6 Update 25 (64-bit)
JCreator LE 3.10
KPN Draadloos Netwerk Assistent
LabelPrint
LightScribe System Software
LMSOFT Web Creator Pro 6
Magic Desktop
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Klik-en-Klaar 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Starter 2010 - Nederlands
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 24.0 (x86 nl)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MusicStation
Mystery P.I. - The London Caper
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PC Veilig
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Pizza Chef 2
Plants vs. Zombies
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Skype™ 6.9
Spotify
Steam
Stronghold Legends
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
World Cup Cricket 20-20
World of Tanks
Zuma Deluxe
.
==== End Of File ===========================
-
Zoek.exe Version 4.0.0.5 Updated 30-November-2013
Tool run by Yvonne on wo 04-12-2013 at 21:54:22,53.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Yvonne\Downloads\Zoek.zip\zoek.exe [script inserted]
==== Older Logs ======================
C:\zoek-results2013-04-03-190126.log 32611 bytes
C:\zoek-results2013-11-18-182353.log 30991 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Yahoo not found
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-11-20 10:11:11 515E4684008E955DE0C81E6A7AEA1C2A 306688 ----a-w- C:\Windows\IsUninst.exe
====== C:\Users\Yvonne\AppData\Local\Temp ====
2013-11-25 04:20:17 316BC1B77C9753CBCD49B3990DF56A8C 35095200 ----a-w- C:\Users\Yvonne\AppData\Local\Temp\SkypeSetup.exe
2013-11-24 15:50:43 C12AA09AA5947BD28EDF2F94C341BFDE 465920 ----a-w- C:\Users\Yvonne\AppData\Local\Temp\COMAP.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-11-21 23:03:36 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2013-11-21 23:03:36 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2013-11-21 23:03:36 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2013-11-21 23:03:36 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2013-11-21 23:03:36 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2013-11-21 23:03:35 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2013-11-21 23:03:35 9406D801042FAF859CF81B2C886413DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
2013-11-18 18:24:11 C322FF035DF8C05214F40D2DEAE3C31A 522 ----a-w- C:\Windows\Tasks\Scheduled scanning task.job
2013-11-18 18:24:11 60BD9C3643BA94647DCAAA0E5BD19507 3298 ----a-w- C:\Windows\Sysnative\Tasks\Scheduled scanning task
2013-11-18 17:06:24 8E88250AA0DF4DB801BEC75F38F44829 3272 ----a-w- C:\Windows\Sysnative\Tasks\{FA80624A-0168-492C-9323-D6B2765CDCF5}
2013-11-12 21:55:28 50122F2242E5CC7628A0D34B4FB8B241 3094 ----a-w- C:\Windows\Sysnative\Tasks\{88A11318-C758-4CB3-961A-78A3829777C7}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-11-22 10:50:50 -------- d-----w- C:\PROGRA~2\Steam
2013-11-19 00:25:51 -------- d-----w- C:\PROGRA~2\GameShadow
2013-11-19 00:16:28 -------- d-----w- C:\PROGRA~2\Firefly Studios
======= C: =====
====== C:\Users\Yvonne\AppData\Roaming ======
2013-11-24 15:50:40 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\CyberLink
2013-11-19 00:25:56 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2013-11-18 18:24:06 -------- d-----w- C:\Users\Yvonne\AppData\Local\PDFC
2013-11-18 18:01:45 -------- d-----w- C:\Users\Yvonne\AppData\Local\Temp
====== C:\Users\Yvonne ======
2013-11-22 10:50:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-19 00:23:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
====== C: exe-files ==
2068-06-03 20:05:14 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jusched.exe
2068-06-03 20:05:14 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jucheck.exe
2068-06-03 20:05:12 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jusched.exe
2068-06-03 20:05:12 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jucheck.exe
2013-11-30 06:03:32 C6CA25804A7F161D3D9986DF5A305EBD 29400 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BeforeUpgradingToWin81.exe
2013-11-30 06:03:32 9DDACC673C7EE9F8C8FFE66E0EA1AA5A 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_AfterUpgradingToWin81.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"
"Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup"
"F-Secure Manager"="C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE /splash"
"F-Secure TNB"="C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"
"Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Startup Folders ======================
2012-01-22 10:21:25 1316 ----a-w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2012-03-01 15:50:33 2029 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35]
C:\Windows\tasks\HPCeeScheduleForYVONNE-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15]
C:\Windows\tasks\HPCeeScheduleForYvonne.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15]
C:\Windows\tasks\Scheduled scanning task.job --a------ C:\PROGRA2\PCVEIL1\ANTI-V1\fsav.exe []
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForYvonne" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForYVONNE-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe]
"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]
"C:\Windows\SysNative\tasks\Scheduled scanning task" [C:\PROGRA~2\PCVEIL~1\ANTI-V~1\fsav.exe]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{38DF59D7-67EE-4B6C-B405-FBB323BC92E6}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading]
"C:\Windows\SysNative\tasks\{82AE7F7E-0A46-4FA9-9B61-83F712DAD24C}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading]
"C:\Windows\SysNative\tasks\{88A11318-C758-4CB3-961A-78A3829777C7}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]
"C:\Windows\SysNative\tasks\{B8920AB9-3F4C-4BF0-BD57-65B099240783}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]
"C:\Windows\SysNative\tasks\{CEF387AE-FE17-4327-AE07-38934CF7FB9A}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"litmus-ff@f-secure.com"="C:\Program Files (x86)\PC Veilig\NRS\litmus-ff@f-secure.com" [03-12-2013 12:15]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- ScrapBook Plus - %ProfilePath%\extensions\scrapbookplus@addons.mozilla.org.xpi
- ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
- Pinterest Pin Button - %ProfilePath%\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
- Search By Image by Google - %ProfilePath%\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.450.18
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{443789B7-F39C-4b5c-9287-DA72D38F4FE6} AOL Search Url="AOL Search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yvonne\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0D5H89SD will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12C0O2F1 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1H77R58Y will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FN3JC16 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6N1WZAJP will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ONE59RI will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YI0DQFO will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HJLI4R2R will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QH34C23S will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RUE42NJT will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD3M1F73 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XN168W6U will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Yvonne\AppData\Local\Mozilla\Firefox\Profiles\6hgtzfhm.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Yvonne\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0D5H89SD" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12C0O2F1" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1H77R58Y" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FN3JC16" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6N1WZAJP" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ONE59RI" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YI0DQFO" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HJLI4R2R" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QH34C23S" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RUE42NJT" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD3M1F73" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XN168W6U" not found
==== EOF on wo 04-12-2013 at 22:26:35,51 ======================
-
Hallo jion,
Helaas was ik vergeten om de handelingen uit je laatste bericht nog te doen, dus.....ben weer gepakt door dat virus.
Kan ik dan weer dat script uitvoeren dat je eerder had geplaatst of is dat toch steeds net anders...?
Hierbij het MBAM log:
Malwarebytes Anti-Malware 1.75.0.1300
Databaseversie: v2013.12.02.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yvonne :: YVONNE-HP [administrator]
4-12-2013 16:50:16
mbam-log-2013-12-04 (16-50-16).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 251069
Verstreken tijd: 10 minuut/minuten, 17 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Hierbij het HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:43, on 4-12-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Yvonne\Downloads\HijackThis(1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11469 bytes
-
Zoek.exe Version 4.0.0.5 Updated 14-November-2013
Tool run by Yvonne on ma 18-11-2013 at 18:40:33,01.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Yvonne\Downloads\Zoek.zip\zoek\zoek.exe [script inserted]
==== Older Logs ======================
C:\zoek-results2013-04-03-190126.log 32611 bytes
==== Empty Folders Check ======================
C:\PROGRA~2\Cossacks - Back To War deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\Symantec deleted successfully
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\ProgramData\Babylon deleted successfully
C:\ProgramData\Hitman Pro deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\ProgramData\vpywv deleted successfully
C:\Users\Yvonne\AppData\Roaming\8723ED43 deleted successfully
C:\Users\Yvonne\AppData\Roaming\Dava deleted successfully
C:\Users\Yvonne\AppData\Roaming\Opewn deleted successfully
C:\Users\Yvonne\AppData\Roaming\TP deleted successfully
C:\Users\Yvonne\AppData\Roaming\Yzroy deleted successfully
C:\Users\Yvonne\AppData\Local\PDFC deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\PROGRA~2\COMMON~1\Plasmoo deleted
C:\Users\Yvonne\AppData\Roaming\LimeWirePlus deleted
C:\Users\Yvonne\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\ProgramData\R8BL8vf.dat deleted
C:\ProgramData\boost_interprocess deleted
C:\Users\Yvonne\AppData\Local\SwvUpdater deleted
C:\Users\Yvonne\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\SCHEDU~1.JOB deleted
C:\Windows\Syswow64\shoB9BF.tmp deleted
C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default\searchplugins\aol-search.xml deleted
"C:\Users\Yvonne\AppData\Local\1499ebd4" deleted
"C:\ProgramData\24849327-4c0f-4727-b46a-8e2b07995d37" deleted
"C:\ProgramData\jmqosobgtlodwgp" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\52660738-6950-4a85-8b59-3b5d5459e59d" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\52cd583f-f0fd-4ebb-b360-7279ec06fd67" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\75d73252-abef-4bae-b9ce-7256ed841a8b" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\9105e910-27c2-44cb-a738-ad5c1f70e28e" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\98b62fc2-4a32-47a3-8a5c-d3ed45d98fa3" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\d6271337-d0d9-4e06-8fc3-f22d9190fa80" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391\e633c52d-378d-402f-b4c3-8ed1586c6d44" deleted
"C:\Users\Yvonne\AppData\Roaming\CACHE\~.~" deleted
"C:\Users\Yvonne\AppData\Roaming\Neyny\cixi.tmp" deleted
"C:\Programdata\Windows\sysprep.exe" deleted
"C:\ProgramData\b809c733-2806-4685-9860-19d56f0ed391" deleted
"C:\Users\Yvonne\AppData\Roaming\CACHE" deleted
"C:\Users\Yvonne\AppData\Roaming\Neyny" deleted
"C:\Programdata\Windows" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Yvonne\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2013-11-14 02:06:39 B798365F54AF889BFD7D04ED75C016B7 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 02:06:39 677857FAC307E46E44F710B6C6F84607 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-11-14 02:06:39 3CC9655434741363AF977498A2B5E425 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 02:06:38 E2E9F49C84C49C2DB5ADAF85D8CD8F1C 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 02:06:38 E26C86DE3AC36D09D201691B9D482D5B 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-11-14 02:06:38 C36E38AD3C7FAFF0E30C4CBCB28CE7FB 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-11-14 02:06:38 26ED02FA7B11FBFD87D4FF304EFFFFBF 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-11-14 02:06:37 E1092FB18A2D53DFC20D2EA8AC158E4B 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 02:06:37 B8D440F705D52D9167C572ECF6522E89 1104896 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-11-14 02:06:37 AB3F4974C87DC6DE7E427CF713E88B28 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 02:06:36 FFA200640B887CBB737DA74C299BCE62 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-11-14 02:06:36 D36137E26569D22B6C395EB68CBE0018 1806848 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-11-14 02:06:36 58C300DB5ED80A46A778DECB9D02DA57 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-11-14 02:06:36 375652E4B01E421683437896DA8D76C4 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 02:06:35 AC986A1AD35CDBF07B0E5D1AC9D527B5 12344832 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-11-14 02:06:32 048FF8515CE100990423E96678112CDF 9739264 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-11-13 22:13:35 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2013-11-13 22:13:06 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-11-13 22:13:05 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll
2013-11-13 22:13:05 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 22:12:41 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-11-13 22:12:39 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 22:12:39 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2013-11-13 22:12:39 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-11-13 22:12:30 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2013-11-13 22:12:25 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 22:12:25 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-11-14 02:06:39 714E9503AC7048E0212F79D8C1D6C3A7 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-11-14 02:06:39 3A4DB794F4B7FC36690A0A937A30B18B 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-11-14 02:06:38 C4AA30C01694001B8374CC62BF9AE6FF 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-11-14 02:06:38 88C40415EEB19F947E2105D48E87D1D2 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-11-14 02:06:38 794F7FCD48CCB49BB1970904EA8E57C4 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-11-14 02:06:38 4971D89BD84E2F01DA004E4FAC202EED 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-11-14 02:06:37 E14025BFE959C7CFA495021AB93DB8ED 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-11-14 02:06:37 CDACE6BF6B7ECD8463430AF5318B4A38 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-11-14 02:06:37 979ADB9662E543212D786AADB6964E15 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-11-14 02:06:37 7873D45AA2C725D95A016898940FFB75 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-11-14 02:06:36 D914949662B98FAAEEBF37D0DC036BE6 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-11-14 02:06:36 BE18E52826AC6253F4BF2A814C9362D7 2334720 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-11-14 02:06:36 9A2FD60081F2B77C86C6A0D1A86B0170 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-11-14 02:06:36 4FBFB5A1DFFC744C352A03DCE1D41DDC 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-11-14 02:06:33 26088C2096E08A85816AD4B37D7E03E5 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-11-14 02:06:33 1CFBE5D5844FDB11E1589BC74260FBB4 17847296 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-11-13 22:13:36 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll
2013-11-13 22:13:08 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll
2013-11-13 22:13:06 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll
2013-11-13 22:13:06 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll
2013-11-13 22:12:42 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2013-11-13 22:12:40 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2013-11-13 22:12:39 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll
2013-11-13 22:12:39 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2013-11-13 22:12:39 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe
2013-11-13 22:12:38 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2013-11-13 22:12:38 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2013-11-13 22:12:30 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2013-11-13 22:12:26 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL
2013-11-13 22:12:26 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL
2013-11-13 22:12:25 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll
====== C:\Windows\Sysnative\drivers =====
2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
2013-11-18 17:06:24 8E88250AA0DF4DB801BEC75F38F44829 3272 ----a-w- C:\Windows\Sysnative\Tasks\{FA80624A-0168-492C-9323-D6B2765CDCF5}
2013-11-12 21:55:28 50122F2242E5CC7628A0D34B4FB8B241 3094 ----a-w- C:\Windows\Sysnative\Tasks\{88A11318-C758-4CB3-961A-78A3829777C7}
2013-10-21 13:27:12 C824E66D39EC8B63A00FBC2A28733843 3140 ----a-w- C:\Windows\Sysnative\Tasks\{C4E488D4-D9B1-4590-8E64-68B6D6FDB3B7}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-10-21 13:15:42 -------- d-----w- C:\PROGRA~2\LMSOFT
======= C: =====
====== C:\Users\Yvonne\AppData\Roaming ======
2013-10-21 14:48:52 -------- d-----w- C:\Users\Yvonne\AppData\Local\IsolatedStorage
2013-10-21 14:28:53 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LMSOFT
2013-10-21 13:39:55 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\CoffeeCup Software
2013-10-21 13:22:38 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\LMSOFT
====== C:\Users\Yvonne ======
2013-10-27 23:27:02 -------- d-----w- C:\ProgramData\Protexis
2013-10-24 22:50:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2013-10-24 22:50:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2068-06-03 20:05:14 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jusched.exe
2068-06-03 20:05:14 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\j2sdk1.4.2_05\jre\bin\jucheck.exe
2068-06-03 20:05:12 BED6EDDBF28DB980AA8D3A42D4A05586 32881 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jusched.exe
2068-06-03 20:05:12 260586772C36D427B364E0F8E9815450 241777 ----a-w- C:\Program Files (x86)\Java\j2re1.4.2_05\bin\jucheck.exe
2013-11-14 21:55:48 F06EE764FF00B7A049862C8D50D4215D 730976 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_31.0.1650.48_chrome_updater.exe
2013-11-14 02:06:38 E2E9F49C84C49C2DB5ADAF85D8CD8F1C 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 02:06:38 794F7FCD48CCB49BB1970904EA8E57C4 173056 ----a-w- C:\Windows\system64\ieUnatt.exe
2013-11-14 02:06:38 794F7FCD48CCB49BB1970904EA8E57C4 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-14 02:06:38 27DC2B3A141BE4566A0B45A5E5F4668A 763632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-11-14 02:06:38 06085B62BC7E0C8E2605CEA38774D956 757488 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-11-13 22:12:39 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\system64\lsass.exe
2013-11-13 22:12:39 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe
=== C: other files ==
2013-11-17 13:54:39 B6D0C63FF10E6794C61ADCD10A4BDA30 31034 ----a-w- C:\Users\Yvonne\Documents\Huishoud\Portfolio Yvonne\sollicitiatiebobinfobeheerderanalist.zip
2013-11-17 13:54:09 3B865679B8C5E2327F8820AEC3AA11B3 977616 ----a-w- C:\Users\Yvonne\Documents\Huishoud\Portfolio Yvonne\bijlagen.zip
2013-11-15 16:08:09 ED3EC4C99E4B90DF9A9BF59132455599 852258 ----a-w- C:\Users\Yvonne\Documents\Cursussen cq studie\Polariteitmassage\bijlagen.zip
2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\system64\drivers\afd.sys
2013-11-13 22:13:21 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\system64\drivers\cng.sys
2013-11-13 22:12:41 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\system64\drivers\ksecpkg.sys
2013-11-13 22:12:41 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\system64\drivers\ksecdd.sys
2013-11-13 22:12:40 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"
"Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup"
"F-Secure Manager"="C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE /splash"
"F-Secure TNB"="C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"
"Spotify Web Helper"="C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Startup Folders ======================
2012-01-22 10:21:25 1316 ----a-w- C:\Users\Yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2012-03-01 15:50:33 2029 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2013 13:35]
C:\Windows\tasks\HPCeeScheduleForYVONNE-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15]
C:\Windows\tasks\HPCeeScheduleForYvonne.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14-09-2010 07:15]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForYvonne" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForYVONNE-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe]
"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{38DF59D7-67EE-4B6C-B405-FBB323BC92E6}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading]
"C:\Windows\SysNative\tasks\{82AE7F7E-0A46-4FA9-9B61-83F712DAD24C}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" Downloading]
"C:\Windows\SysNative\tasks\{88A11318-C758-4CB3-961A-78A3829777C7}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]
"C:\Windows\SysNative\tasks\{B8920AB9-3F4C-4BF0-BD57-65B099240783}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]
"C:\Windows\SysNative\tasks\{CEF387AE-FE17-4327-AE07-38934CF7FB9A}" ["c:\program files (x86)\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"litmus-ff@f-secure.com"="C:\Program Files (x86)\PC Veilig\NRS\litmus-ff@f-secure.com" [29-10-2013 03:29]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default
- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- ScrapBook Plus - %ProfilePath%\extensions\scrapbookplus@addons.mozilla.org.xpi
- ScrapBook - %ProfilePath%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
- Pinterest Pin Button - %ProfilePath%\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
- Search By Image by Google - %ProfilePath%\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\6hgtzfhm.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.450.18
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{443789B7-F39C-4b5c-9287-DA72D38F4FE6} AOL Search Url="AOL Search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Unknown Url="Not_Found"
{d944bb61-2e34-4dbf-a683-47e505c587dc} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} deleted successfully
HKEY_USERS\S-1-5-21-2155248324-3539292037-1374523505-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yvonne\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yvonne\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yvonne\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\725411SO will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2FC4FCGB will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57W2RGB4 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8Y1CDT1H will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQDN1GP1 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BKV32VCS will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D07G179B will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DD897VIJ will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EPCO261U will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6ZF3YL6 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FSLB6GJP will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IAN0DOF2 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KI15ZWG4 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ5J8PHL will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UM05VZXU will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UYIT7X1L will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUS2DVB9 will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Yvonne\AppData\Local\Mozilla\Firefox\Profiles\6hgtzfhm.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Yvonne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Yvonne\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\725411SO" deleted
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2FC4FCGB" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57W2RGB4" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8Y1CDT1H" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQDN1GP1" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BKV32VCS" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D07G179B" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DD897VIJ" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EPCO261U" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6ZF3YL6" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FSLB6GJP" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IAN0DOF2" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KI15ZWG4" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SJ5J8PHL" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UM05VZXU" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UYIT7X1L" not found
"C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XUS2DVB9" not found
==== EOF on ma 18-11-2013 at 19:23:53,44 ======================
-
Hallo,
Vandaag werd ik weer verrast door een politie-virus.
Ik heb al MBAM laten draaien en een infectie verwijderd, maar het politie-virus staat er nog steeds op.
Zie hieronder het log-bestand van MBAM en HJT.
Malwarebytes Anti-Malware 1.75.0.1300
Databaseversie: v2013.11.18.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yvonne :: YVONNE-HP [administrator]
18-11-2013 8:28:06
mbam-log-2013-11-18 (08-28-06).txt
Scan type: Volledige scan (C:\|D:\|E:\|F:\|H:\|Q:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 495034
Verstreken tijd: 1 uur/uren, 57 minuut/minuten, 22 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:06:53, on 18-11-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
FIREFOX: 24.0 (nl)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Users\Yvonne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\725411SO\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Yvonne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11303 bytes
Help! Ook mijn vader heeft een PC :-)
in Archief Bestrijding malware & virussen
Geplaatst:
Hallo Asus,
Bedankt voor je snelle reactie.
Helaas krijg ik een foutmelding bij het uitvoeren van RSIT. Zie bijgevoegde printscreen.
Groetjes Yvonne