WheeledWarrior

17 maart 2013

Gebruikte tools opgeruimd. Alles draait weer netjes.

16 maart 2013

Na het uitvoeren van AdwCleaner is dit het logfile:

# AdwCleaner v2.114 - Verslag gemaakt op 16/03/2013 om 10:33:50

# Geactualiseerd op 05/03/2013 door Xplode

# Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits)

# Gebruiker : Joost - PC_VAN_JOOST

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Joost\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\Conduit

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

***** [browsers] *****

-\\ Internet Explorer v8.0.6001.19400

[OK] Het register bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[s1].txt - [1261 octets] - [16/03/2013 10:33:50]

########## EOF - C:\AdwCleaner[s1].txt - [1321 octets] ##########

15 maart 2013

Voor zover ik kan zien enkel nog een directory 'Disk Antivirus' in de programmalijst onder het Startmenu. Geen pop-ups meer en icoon op bureablad/programmabalk is verdwenen.

15 maart 2013

Dank kape, inmiddels is het toch gelukt met de nieuwe Java, ik draaide in veilige modus en het werkte eerst niet. Inmiddels is oude Java verwijderd en nieuwe geinstalleerd. Stap ccCleaner kan ik nu overslaan denk ik?

15 maart 2013

Bij het trachten verwijderen van de Oude Java software geeft hij melding 'kan geen toegang krijgen tot de windows installer service'. Mogelijk gevolg van eerdere systeemcrashes? Kan ik nu de nieuwe Java wel installeren of gaat dit niet?

14 maart 2013

Dankjewel Smeenk! Dit is het logje:

Zoek.exe Version 4.0.0.2 Updated 14-March-2013

Tool run by Joost on do 14-03-2013 at 20:09:55,53.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Safe Mode NETWORK Internet Access Detected

==== Deleting Files \ Folders ======================

"C:\Users\Joost\AppData\Local\Temp\4a8771fd448e2dfd.exe" not found

"C:\ProgramData\14CB5A805DC420F8000014CB45BC2808" deleted

==== HijackThis Entries ======================

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [sBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://kantoor.boom.nl/CSHELL/extender.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kbp.nl,mediasys,boom-it.nl,boom-pers.nl

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

14 maart 2013

Welke options zal ik aanvinken? Of moet ik er juist geen aanvinken deze keer?

14 maart 2013

Zoek.exe gedraaid, dit is het logje:

Zoek.exe Version 4.0.0.2 Updated 01-March-2013

Tool run by Joost on do 14-03-2013 at 17:19:17,78.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Safe Mode MINIMAL No Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Joost\Desktop\zoek.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== Possible Rootkit Infection ======================

C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L

C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@

==== Creating Sample_14-03-2013_1721.zip ======================

Copied file C:\Users\Joost\FCleaner_tcm7-83068.exe to sample

sample\FCleaner_tcm7-83068.exe renamed to D09EA01B4E345DF70E103A1A6E9EC838

C:\Users\Public\Desktop\sample_14-03-2013_1721.zip created successfully

==== Reset Hosts File ======================

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

==== FireFox Fix ======================

==== Deleting Files \ Folders ======================

"C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888" not found

"C:\END" deleted

"C:\Users\Joost\FCleaner_tcm7-83068.exe" deleted

"C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\@" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U\00000001.@" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U\80000000.@" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U\800000cb.@" deleted

"C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888" deleted

"C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L" deleted

"C:\Users\Joost\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\L" deleted

"C:\$RECYCLE.BIN\S-1-5-21-2485572980-404986265-3530035989-1000\$ff24043d55f85ce9a20a8337d9b4b888\U" deleted

"C:\ProgramData\boost_interprocess" deleted

==== Registry Search Results for "$ff24043d55f85ce9a20a8337d9b4b888" ======================

No instances of string "$ff24043d55f85ce9a20a8337d9b4b888" found.

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-03-14 14:17:39 B68770B9ED42428A11DE53796EC46BB0 710504 ----a-w- C:\Windows\is-HKR65.exe

2013-03-14 14:17:39 1AAEEBED79940A3591061B241A4F70EF 12513 ----a-w- C:\Windows\is-HKR65.msg

2013-03-14 14:17:39 14DADCC580758287CA7D5620A28182E6 379 ----a-w- C:\Windows\is-HKR65.lst

====== C:\Users\Joost\AppData\Local\Temp ====

2013-03-13 17:14:51 9B303C23333FD96285FC8AFB5274BBB1 270 ----a-w- C:\Users\Joost\AppData\Local\Temp\4a8771fd448e2dfd.exe

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2013-03-14 15:49:16 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys

2013-02-18 20:00:15 687AF6BB383885FF6A64071B189A7F3E 242240 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-02-13 21:40:11 74E2D020C47BB2B2FCCBA29A518A7EB4 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-01 17:56:55 -------- d-----w- C:\Program Files\DOSBox-0.74

2013-02-18 20:29:58 -------- d-----w- C:\Program Files\Common Files\Control Panels

2013-02-18 20:27:56 -------- d-----w- C:\Program Files\Bonjour

2013-02-18 20:17:20 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2013-02-18 20:00:06 -------- d-----w- C:\Program Files\DAEMON Tools Lite

2013-02-16 10:53:46 -------- d-----w- C:\Program Files\Vuze

======= C: =====

====== C:\Users\Joost\AppData\Roaming ======

2013-03-01 17:57:16 -------- d-----w- C:\users\Joost\AppData\Local\DOSBox

2013-02-18 20:00:09 -------- d-----w- C:\users\Joost\AppData\Roaming\DAEMON Tools Lite

2013-02-16 10:53:48 -------- d-----w- C:\users\Joost\AppData\Roaming\Azureus

====== C:\Users\Joost ======

2013-03-13 17:16:00 -------- d-----w- C:\ProgramData\14CB5A805DC420F8000014CB45BC2808

2013-02-18 19:58:12 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2013-02-18 19:41:44 -------- d-----w- C:\Users\Public\CyberLink

2013-02-16 10:54:22 -------- d-----w- C:\Users\Joost\.swt

====== C: exe-files ==

2013-03-13 17:14:51 9B303C23333FD96285FC8AFB5274BBB1 270 ----a-w- C:\Users\Joost\AppData\Local\temp\4a8771fd448e2dfd.exe

=== C: other files ==

2013-03-14 16:21:17 1BBD75664657F11173E24AD513F8E6CE 1747001 ----a-w- C:\Users\Public\Desktop\sample_14-03-2013_1721.zip

2013-03-14 15:49:16 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys

2013-03-13 17:09:37 F2D85BD2370172C5CA73A17F2173D294 1489 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313170245-l[1].zip

2013-03-13 17:09:37 012D8F70C5A85CA3D6F3E7FA48F9DA88 1118 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313170245-m[1].zip

2013-03-13 16:57:28 EEF78CBC8A44B7F07B9818D95BE2293B 787 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313163157-l[1].zip

2013-03-13 16:57:28 06865F44709510A61987877E1910D420 3619 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313163157-m[1].zip

2013-03-13 16:57:28 03B63EF00F36F6C7855AB545FE46E566 1235 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313160108-m[1].zip

2013-03-13 16:57:26 FF83415FE778B06ECDF092DA6D9C4EF9 2233 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313160108-l[1].zip

2013-03-13 16:57:26 E59A7E13128099F6AD5FF1450D8223C2 473 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313153021-l[1].zip

2013-03-13 16:57:26 B73B33500FC7EAE9DF9CF212448357AA 275 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313153021-m[1].zip

2013-03-13 16:57:25 E1DC85F0ADDD40D0EC5E0E07FFF8D70C 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313142844-m[1].zip

2013-03-13 16:57:25 B39FB195564F3D5FB85EE96B73B68A8A 497 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313135756-m[1].zip

2013-03-13 16:57:25 A7B30EEC40947BF53450743E3B3C9B49 5450 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313145933-m[1].zip

2013-03-13 16:57:25 9E3833D6472BED9691C82748E2B81B69 709 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313142844-l[1].zip

2013-03-13 16:57:25 970E62D3BF25C0BE8C752F6EC5E01284 1166 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313135756-l[1].zip

2013-03-13 16:57:25 682516DA628B891B99059D9138C2BAA2 481 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313132706-m[1].zip

2013-03-13 16:57:25 51A136F7F2C4F4761F65061C227ED9C5 220 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313145933-l[1].zip

2013-03-13 16:57:25 4E068F5097AC8F10FA96968BB69AF031 1037 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313132706-l[1].zip

2013-03-13 16:57:24 EB744F0F9465FBD2D2EB7A772FD562B3 349 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313112356-m[1].zip

2013-03-13 16:57:24 CA8E50BC586A9C24B302DC635A44953D 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313115443-m[1].zip

2013-03-13 16:57:24 BBCE4DE733459C3F77227334ED21D23C 224 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313115443-l[1].zip

2013-03-13 16:57:24 B088758CDB7EEB581ED3218CCBBF49D1 500 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313122532-l[1].zip

2013-03-13 16:57:24 87D26C52366C18550C56E68AB9C8565B 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313125619-m[1].zip

2013-03-13 16:57:24 7C2203E9A56F0C4D56A7C51F403EEEDD 476 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313122532-m[1].zip

2013-03-13 16:57:24 6F837B2C2049C9672F7520B48D492EDF 768 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313112356-l[1].zip

2013-03-13 16:57:24 5E779B6F0F45EB1B7075A705283ED1DA 657 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313125619-l[1].zip

2013-03-13 16:57:23 E7AC3E18C770FB6E0465211EABE74021 238 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313102220-m[1].zip

2013-03-13 16:57:23 E17E0F15880FC5907179F172BD00535B 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313105308-m[1].zip

2013-03-13 16:57:23 C75F23CCF8E91E445578E60866833D68 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313095132-l[1].zip

2013-03-13 16:57:23 98C12E6D7C86913546BF47EFE71D45C0 866 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313105308-l[1].zip

2013-03-13 16:57:23 5534DF727A986E77ADA25EDBD8AFE615 972 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313095132-m[1].zip

2013-03-13 16:57:23 1ED07A4A481308BBF0CEED4532552591 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313092043-m[1].zip

2013-03-13 16:57:23 1C36E40927EF17A76878F8900FBA9766 1222 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313102220-l[1].zip

2013-03-13 16:57:22 C5F74FC5E53A0AB4712B3088E5BD8232 2171 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313081906-m[1].zip

2013-03-13 16:57:22 C0AC62DCE9143D6BBD94A0E964FBAAE1 216 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313084955-l[1].zip

2013-03-13 16:57:22 93A80705822F8DB883D75E4ECD04A148 277 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313084955-m[1].zip

2013-03-13 16:57:22 590105DA862C24FF9A114C620C2A9BF7 845 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313071730-m[1].zip

2013-03-13 16:57:22 3B0B283CC50F79547FCA91A92E17337E 994 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313074817-l[1].zip

2013-03-13 16:57:22 28C8C73C919FBB3CF335D98112DC7ABF 380 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313074817-m[1].zip

2013-03-13 16:57:22 22D18915B989B3943D57446C22EA6719 993 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313081906-l[1].zip

2013-03-13 16:57:22 0664E54B5BC71A8C8BAC73DAA42C440B 897 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313092043-l[1].zip

2013-03-13 16:57:21 EEC925F7B85821E2E05DF58D51A9123B 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313064454-m[1].zip

2013-03-13 16:57:21 D20E3D6A43FA087DBB31A5F8F339C87E 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313054318-m[1].zip

2013-03-13 16:57:21 BCB0FF028C1608CD053E92B76A98819D 917 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313061405-l[1].zip

2013-03-13 16:57:21 7B82B826AAFBAFF6AE5C5F00BB5EB557 287 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313061405-m[1].zip

2013-03-13 16:57:21 768C04BE09B5BABC230E39A08AAE1D46 563 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313064454-l[1].zip

2013-03-13 16:57:21 4C64D99FA8250AC274F463B482204ECB 1033 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313071730-l[1].zip

2013-03-13 16:57:21 0A5E58CD0A0AF3FE2B7CD09FD1F52E70 228 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313054318-l[1].zip

2013-03-13 16:57:20 CD1CB55B77621BF5EF4DDDEE635462CE 257 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313041054-m[1].zip

2013-03-13 16:57:20 ACC2ED24E4E3E3FDC20B30EE19A5FC7E 432 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313044142-m[1].zip

2013-03-13 16:57:20 9C869D8CB30B969CDDD5FD87CA4BB3BC 737 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313034000-m[1].zip

2013-03-13 16:57:20 6E0C203829503E42BF23B59955A0DE94 1070 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313041054-l[1].zip

2013-03-13 16:57:20 618A5C1AB0CC2C4859E6E0992B87B08C 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313051231-m[1].zip

2013-03-13 16:57:20 596863F5C7B31E5FBE1FDC27A928FE5C 1550 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313034000-l[1].zip

2013-03-13 16:57:20 3475ADAEB94757D528DC3660ABC53FC7 1613 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313044142-l[1].zip

2013-03-13 16:57:20 22057FC305A3D7BE50456663CD99BBC6 767 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313051231-l[1].zip

2013-03-13 16:57:19 E186AFAB62C31B020B4FF7421B589A54 309 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313023821-l[1].zip

2013-03-13 16:57:19 952003F343265C91ABDF5D2BCBBCB1B1 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313023821-m[1].zip

2013-03-13 16:57:19 5D83804467E339F3F23A211AED63EDFA 3584 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313020733-m[1].zip

2013-03-13 16:57:19 4E58A186F37502ABE450CC6499FCCAEC 2167 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130313030911-m[1].zip

2013-03-13 16:57:19 3158C44ABA40F0E1D89A754D941C4F0C 473 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313030911-l[1].zip

2013-03-13 16:57:19 1EB396A410CEC8589C2A0969840BD565 679 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313020733-l[1].zip

2013-03-13 16:57:18 F3F6B363699315E77CADB2D5D9ED0862 1911 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313010546-m[1].zip

2013-03-13 16:57:18 D05096D8579D01983C2DB9BCED3BEA55 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313013641-m[1].zip

2013-03-13 16:57:18 C0DAD5CE5FD14D11F0B687DF27E19A3A 2166 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313000408-m[1].zip

2013-03-13 16:57:18 9802686FFE07B28C64CACFB115B2844C 264 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130313003457-m[1].zip

2013-03-13 16:57:18 7902C2E0F81B9166B57AA66AD548C30F 1896 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313003457-l[1].zip

2013-03-13 16:57:18 6D0D565B47A9ADECAE8FC36CF654BA3E 2778 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWU3YNM4\130313013641-l[1].zip

2013-03-13 16:57:18 36353C4F17E1E721E07AAB75CA010077 1065 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313010546-l[1].zip

2013-03-13 16:57:17 DD7CD998482FC43D13262E10385924F5 3155 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130312233320-l[1].zip

2013-03-13 16:57:17 BCEA7D998ACA06474DD8361BFDB4AB46 272 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130312230232-m[1].zip

2013-03-13 16:57:17 79CA234C3D5FB94352BD82218B158A9E 998 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130312233320-m[1].zip

2013-03-13 16:57:17 3122AA8722F5D6A302F90BC91E911ED1 1661 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7RPQ7K0\130313000408-l[1].zip

2013-03-13 16:57:16 F034B3DBA7DEF0EA37D73E48C7ADEFB4 1797 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130312223145-m[1].zip

2013-03-13 16:57:16 B94FEF16CDC033B516EE89D0A2F232F2 164 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B40LQD20\130312230232-l[1].zip

2013-03-13 16:57:08 AB13EAA30F8EBC2DBFB312BAD8577013 3514 ----a-w- C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IILWHENH\130312223145-l[1].zip

2013-03-13 16:56:43 012D8F70C5A85CA3D6F3E7FA48F9DA88 1118 ----a-w- C:\Users\Joost\AppData\Local\adaware\data\temp.zip

2013-03-12 22:09:06 DF24089554CB69DFA3F2BDDC79CA4C04 1013 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312220055-m[1].zip

2013-03-12 22:09:06 92B6A27C05BC3819AE5F71EF7558D720 293 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312220055-l[1].zip

2013-03-12 21:44:25 70DEC0CFE1FEC4B7D73E3E218FCE86EC 430 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\G3VVJCNL\130312213000-m[1].zip

2013-03-12 21:44:25 226D3E7EA4BE8CA295C2A55ABA5D4C71 1526 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\B9HBHQ5O\130312213000-l[1].zip

2013-03-12 20:34:05 88FC0F45A0184007510A223EBBB24EA3 3021 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\B9HBHQ5O\130312202800-l[1].zip

2013-03-12 20:34:05 58175122715291EAB832639353332645 17176 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312202800-m[1].zip

2013-03-12 19:40:12 F90887B5FC6847FAE4C996E438B93CC0 1846 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312192626-l[1].zip

2013-03-12 19:40:12 D7B207A163769A9C4411BD26A09D423A 6730 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312182453-m[1].zip

2013-03-12 19:40:12 7F9BE994FD22727ABD8D0F2EC0048B2A 4122 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\G3VVJCNL\130312192626-m[1].zip

2013-03-12 19:40:11 ADD3F274FF2B2E2DC4A631A26C08C5A5 1596 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312162157-l[1].zip

2013-03-12 19:40:11 8C64BD8E37CF955D3C5CDD074783F56D 2960 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HGLVEDPX\130312172326-l[1].zip

2013-03-12 19:40:11 353990FC485A969C28489188B56F5696 5521 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\HIW7TEYQ\130312162157-m[1].zip

2013-03-12 19:40:11 1C1739F5A195C46F3154031942B569A3 956 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\B9HBHQ5O\130312182453-l[1].zip

2013-03-12 19:40:11 0091340007F13D6B752F9E6816DC3B96 2491 ----a-w- C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5\G3VVJCNL\130312172326-m[1].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript"

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

"ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup"

"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

"SBRegRebootCleaner"="C:\Program Files\Ad-Aware Antivirus\SBRC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"

"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"

"InnoSetupRegFile.0000000001"="C:\Windows\is-HKR65.exe /REG /REGSVRMODE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Folders ======================

2011-05-10 13:15:35 1972 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job --a------ C:\PROGRA1\AD-AWA1\AdAwareLauncher.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04-10-2009 20:10]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04-10-2009 20:10]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6CE87B1C-AE5D-4B37-BF39-7031264C1BAC}"

{054868BB-0020-4F15-B478-E9463401FAD2} Yahoo//nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{6CE87B1C-AE5D-4B37-BF39-7031264C1BAC} AOL Zoeken Url="{searchTerms} - AOL Search resultaten"

{83EF0119-82F1-402B-8960-89647F78448A} Kelkoo Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully

HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2485572980-404986265-3530035989-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Joost\Desktop\InDesign.lnk - C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk - C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe

C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\Public\Desktop\DOSBox 0.74.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -userconf

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Public\Desktop\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk - C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk - C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS3.lnk - C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk - C:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Ad-Aware Antivirus.lnk - C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\Uninstall Ad-Aware Antivirus.lnk - C:\Windows\System32\msiexec.exe /x {fc8208f2-b1c1-4253-9e89-d518e983b7bb} /qf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Program Files\DAEMON Tools Lite\DT.gadget

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\DOSBox 0.74 Manual.lnk - C:\Program Files\DOSBox-0.74\Documentation\README.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\DOSBox 0.74.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -userconf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\DOSBox 0.74 (noconsole).lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -noconsole -userconf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Screenshots & Recordings.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -opencaptures explorer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Uninstall.lnk - C:\Program Files\DOSBox-0.74\uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Video\Install movie codec.lnk - C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\DOSBox-0.74\Video Codec\zmbv.inf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Extras\Video\Video instructions.lnk - C:\Program Files\DOSBox-0.74\Video Codec\Video Instructions.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\DOSBox 0.74 Options.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -editconf notepad.exe -editconf "C:\Windows\system32\notepad.exe" -editconf "C:\Windows\notepad.exe"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset KeyMapper.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -erasemapper

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74\Options\Reset Options.lnk - C:\Program Files\DOSBox-0.74\DOSBox.exe -eraseconf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

==== shortcuts in Quick Launch ======================

C:\Users\Joost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Joost\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Joost\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Joost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

14 maart 2013

MBAM geupdate en gedraaid, echter bij het verwijderen van de besmette bestanden (11 stuks) loopt deze vast, waardoor deze geen log opslaat. Wel een nieuw Hijackthis logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:40:51, on 14-3-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19400)

Boot mode: Safe mode

Running processes:

C:\Windows\Explorer.EXE

C:\Users\Joost\Desktop\HijackThis.exe