Ik had eerst nog een scan met Malwarebytes gedaan, waarmee ik weer geïnfecteerde bestanden vond. Hierbij de log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.11.25.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Joyce :: PC_VAN_JOYCE [administrator]
26-11-2013 5:19:59
mbam-log-2013-11-26 (05-19-59).txt
Scan type: Volledige scan (C:\|D:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 557690
Verstreken tijd: 5 uur/uren, 39 minuut/minuten, 44 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 1
C:\Users\Joyce\AppData\Local\temp\ct2504091 (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 3
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\user\mism.exe.vir (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Joyce\AppData\Local\temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Hier de log van Zoek:
Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by Joyce on di 26-11-2013 at 15:48:12,55.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Joyce\Desktop\zoek\zoek.exe [script inserted] [Checkboxes used]
==== Older Logs ======================
C:\zoek-results2013-11-23-132719.log 25815 bytes
C:\zoek-results2013-11-23-214420.log 31918 bytes
C:\zoek-results2013-11-24-154044.log 5532 bytes
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2101717001-3418350084-2231240781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{35651EE7-5AB8-44B2-9C31-8DC52C5DEE4E} deleted successfully
HKEY_USERS\S-1-5-21-2101717001-3418350084-2231240781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{654BA83E-FA5A-4022-83BD-C7713448FF40} deleted successfully
HKEY_USERS\S-1-5-21-2101717001-3418350084-2231240781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{84B93BE4-7605-4C78-900E-C2D50C39F337} deleted successfully
HKEY_USERS\S-1-5-21-2101717001-3418350084-2231240781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BC69120F-1308-4496-BF16-6C22847C5AFC} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
Added to C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "Google");
user_pref("browser.search.defaulturl", "Google=");
user_pref("browser.newtab.url", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "Google=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_23-11-2013_2154_.backup
prefs_26-11-2013_1709_.backup
==== Deleting Files \ Folders ======================
C:\Users\Joyce\daemonprocess.txt deleted
C:\Program Files\Mobogenie deleted
C:\Program Files\BearShare Applications\MediaBar deleted
C:\Program Files\tanzuki deleted
C:\extensions deleted
C:\Users\Joyce\AppData\Roaming\Alawar Entertainment deleted
C:\Users\Joyce\AppData\Roaming\AlawarEntertainment deleted
C:\Users\Joyce\AppData\Roaming\LimeWirePlus deleted
C:\Users\Joyce\AppData\Local\Mobogenie deleted
C:\Users\Joyce\AppData\LocalLow\uTorrentBar_NL deleted
C:\Windows\system32\tasks\YourFile DownloaderUpdate deleted
C:\user.js deleted
C:\prefs.js deleted
C:\END deleted
C:\Users\Joyce\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-11-16 13:43:17 47D2D836EDC4D62C47A05DAED90F1AB9 305736031 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\Joyce\AppData\Local\Temp ====
2013-11-25 22:22:44 7E89844169E755775F09AA4724680281 24489269 ----a-w- C:\Users\Joyce\AppData\Local\Temp\vlc-2.1.1-win32.exe
2013-11-25 21:51:58 FBBE666FFDA9DADF43EF083F9CA78F19 104137 ----a-w- C:\Users\Joyce\AppData\Local\Temp\Uninstall.exe
2013-11-25 09:28:16 EFA14B8099DD1CC2F93213745A5AB4E6 4220936 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\HPDiagnosticCoreUI.exe
2013-11-25 09:28:15 F83D8C0CD50B825DE2976E3C54B43309 2278920 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\DeviceManager\DeviceManager.exe
2013-11-25 09:28:15 F4D5352EF00CC2B97B150AF6B36F10ED 1695752 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\FileExtractor.exe
2013-11-25 09:28:15 B12842B441FD6E76EC814A6DA5455132 58176 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\OESISCore.dll
2013-11-25 09:28:15 98ABCBD70CDA02B76E1A1E46C16192FA 35176 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\hpodss01.dll
2013-11-25 09:28:15 67EC459E42D3081DD8FD34356F7CAFC1 770384 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\msvcr100.dll
2013-11-25 09:28:15 4D144541EE2E6FB2C26653C22BC419C7 77120 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\Impl_SoftwareProductLib.dll
2013-11-25 09:28:15 38F548B446636444C00CA64D4BB8B3D0 60224 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\Impl_FirewallLib.dll
2013-11-25 09:28:15 03E9314004F504A14A61C3D364B62F66 421200 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\msvcp100.dll
2013-11-25 09:28:14 960A1D195A77D873810A9CBD71DA1E93 3129864 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\HPDiagnosticCore.dll
2013-11-25 09:28:13 D671C7CC1308576B31EA69BE2D180D17 217408 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\FWManager.dll
2013-11-25 09:28:13 D199B1ADFFB14070E8C4DA9E879EDBEE 309760 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\DIFxAPI.dll
2013-11-25 09:28:13 585D2EB9FBED6B7B9D0107BFB5C94043 531512 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\DeviceManager\DIFxAPI.dll
2013-11-25 09:28:13 4046243A482465070E8336034D2BB2F6 495424 ----a-w- C:\Users\Joyce\AppData\Local\Temp\7zS6353\CoreUtils.dll
2013-11-22 17:33:17 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\Joyce\AppData\Local\Temp\e4j6B11.tmp_dir1385141596\i4jdel.exe
2013-11-16 15:36:32 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\Joyce\AppData\Local\Temp\e4j8601.tmp_dir1384616192\i4jdel.exe
2013-11-15 17:53:57 0E771375445E13429E68CAE720A48B72 35224 ----a-w- C:\Users\Joyce\AppData\Local\Temp\e4j2AC7.tmp_dir1384538037\i4jdel.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2013-11-17 02:04:41 B798365F54AF889BFD7D04ED75C016B7 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-17 02:04:41 3CC9655434741363AF977498A2B5E425 73216 ----a-w- C:\Windows\System32\mshtmled.dll
2013-11-17 02:04:40 677857FAC307E46E44F710B6C6F84607 420864 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-17 02:04:38 E26C86DE3AC36D09D201691B9D482D5B 176640 ----a-w- C:\Windows\System32\ieui.dll
2013-11-17 02:04:38 375652E4B01E421683437896DA8D76C4 65024 ----a-w- C:\Windows\System32\jsproxy.dll
2013-11-17 02:04:36 E2E9F49C84C49C2DB5ADAF85D8CD8F1C 142848 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-17 02:04:35 E1092FB18A2D53DFC20D2EA8AC158E4B 607744 ----a-w- C:\Windows\System32\msfeeds.dll
2013-11-17 02:04:35 C36E38AD3C7FAFF0E30C4CBCB28CE7FB 1129472 ----a-w- C:\Windows\System32\wininet.dll
2013-11-17 02:04:34 FFA200640B887CBB737DA74C299BCE62 717824 ----a-w- C:\Windows\System32\jscript.dll
2013-11-17 02:04:32 D36137E26569D22B6C395EB68CBE0018 1806848 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-17 02:04:32 26ED02FA7B11FBFD87D4FF304EFFFFBF 231936 ----a-w- C:\Windows\System32\url.dll
2013-11-17 02:04:31 58C300DB5ED80A46A778DECB9D02DA57 1796096 ----a-w- C:\Windows\System32\iertutil.dll
2013-11-17 02:04:29 B8D440F705D52D9167C572ECF6522E89 1104896 ----a-w- C:\Windows\System32\urlmon.dll
2013-11-17 02:04:29 AB3F4974C87DC6DE7E427CF713E88B28 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-17 02:04:27 048FF8515CE100990423E96678112CDF 9739264 ----a-w- C:\Windows\System32\ieframe.dll
2013-11-17 02:04:25 AC986A1AD35CDBF07B0E5D1AC9D527B5 12344832 ----a-w- C:\Windows\System32\mshtml.dll
2013-11-16 13:54:43 872363237F24BCB03D73E2A3B4FBF38D 297984 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-16 13:53:12 0317420D419E1885894B3ED9D375D245 993792 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-16 13:48:51 4687EE0C0DD2CE5F7AAA9C2E33C1DC78 444928 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-16 13:48:50 EE16F3E01C4A6C77383F1BBBD10AD6C2 596480 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-16 13:48:50 14D9A057A082E00116A7A4415051D07C 218228 ----a-w- C:\Windows\System32\WFP.TMF
====== C:\Windows\system32\drivers =====
2013-11-10 06:05:11 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-06 21:57:58 156765F692192EA9039A6C4A809312FD 147912 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-11-06 21:56:45 12F0F8D3F84FAB8F31D073286FE131CB 2641 ----a-w- C:\Windows\System32\drivers\mfencrk.inf
2013-11-06 21:56:43 4DC47CB74EBC1D92DD445FCC5DEAE76A 2951 ----a-w- C:\Windows\System32\drivers\mfencbdc.inf
====== C:\Windows\Tasks ======
2013-11-25 04:27:58 4FE3DFEFAE1C934C9C491946051D55E9 3150 ----a-w- C:\Windows\system32\Tasks\{14C43A3D-211D-44CE-83EB-4B01C666FE55}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-11-25 20:19:22 -------- d-----w- C:\Program Files\Vuze
2013-11-06 22:06:25 -------- d-----w- C:\Program Files\iPod
======= C: =====
====== C:\Users\Joyce\AppData\Roaming ======
2013-11-25 22:17:19 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Questerium - Sinister Trinity CE
2013-11-25 22:11:22 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cursery. The Crooked Man 1.0
2013-11-24 20:31:14 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-11-24 20:31:14 -------- d-----w- C:\Users\Joyce\AppData\Local\temp(86)
2013-11-24 20:31:14 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-11-24 20:31:14 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2013-11-24 06:52:07 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Digital Quarter
2013-11-11 12:26:02 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted House Mysteries
2013-11-10 04:31:52 AD20B43650D9760DA69255BB4B6939E2 5 ----a-w- C:\Users\Joyce\AppData\Roaming\mbam.context.scan
2013-11-07 00:18:41 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Witchs Green Amulet
2013-11-06 23:59:02 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Empress of the Deep III Legacy of the Phoenix CE
2013-11-06 23:03:12 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Hidden Objects TheHauntedHouse
2013-11-06 02:21:36 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Anvate Games
2013-11-06 02:19:05 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Silverback Games
2013-11-06 01:45:14 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Beast of Lycan Isle CE
2013-11-06 01:36:37 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Night Mysteries The Amphora Prisoner 1.0
2013-11-05 06:33:07 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Legacy Games
2013-11-05 06:16:07 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paranormal State - Poison Spring
2013-11-04 11:00:10 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Friendly Cactus
2013-11-03 21:35:32 -------- d-----w- C:\Users\Joyce\AppData\Roaming\TheMissingMonaLisa
2013-11-03 18:53:44 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Chronicles - The Missing Mona Lisa
2013-10-28 03:30:07 -------- d-----w- C:\Users\Joyce\AppData\Roaming\Mad Head Games
====== C:\Users\Joyce ======
2013-11-25 04:39:11 AFAFA655CC59872129A32CDE4F60F2DE 1091882 ----a-w- C:\Users\Joyce\Desktop\adwcleaner.exe
2013-11-06 22:08:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-11-06 22:06:11 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
====== C: exe-files ==
2013-11-25 22:13:08 30DD6C9D0BF2E0E2FF06E07D07ADBF79 1345024 ----a-w- C:\Program Files\Foxy Games\Questerium - Sinister Trinity CE\uninstall.exe
2013-11-25 09:28:17 CFBF037E1A6BB739D708D69768A56180 6110144 ----a-w- C:\Program Files\HP\Diagnostics\PSDR\HPPSDr.exe
2013-11-19 22:29:28 FFD052D0F464ADC243C24E71D15C9990 12344 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
2013-11-19 22:29:28 DD79A6B15C2F28DE98DF4852AAF6B13B 21720 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
2013-11-19 22:29:28 7B3E10D0AC50271E46A2ED00FE6C4B54 48440 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil7.exe
2013-11-19 22:29:28 3A6EB91CFADA8C4978E7EA79E3A2394B 57048 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\WarrantyObjectChecker.exe
2013-11-19 22:29:28 1C2AD4C01B0CC57094B7EF6803A1A597 151864 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe
2013-11-19 22:29:26 FEE46F832FE746EB600AC65CA6451D1F 27352 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_EMEA.exe
2013-11-19 22:29:26 F86275D16121F6591B69B801DE6ED394 21408 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_NetworkCheck.exe
2013-11-19 22:29:26 F3531CF1C8A643377641A6F9D516FED2 35544 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\OnlineBackupDetection.exe
2013-11-19 22:29:26 DF2AC1055C406AA66869C95C2FD84A21 17464 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSACIPDetection4.exe
2013-11-19 22:29:26 B26DFFF460A1F21A3DCD3529F3F61E14 33544 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\hpsacommander.exe
2013-11-19 22:29:26 A15FA916BD02FE910C2C3017C026FF80 49880 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_PostWarrantyAlert.exe
2013-11-19 22:29:26 99450E601834605668AE9E13BB26F09B 33264 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_CoolSense.exe
2013-11-19 22:29:26 87095CBDCC02AB8BB5ED4B124A70FC5B 27352 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_NSPOS.exe
2013-11-19 22:29:26 78BCA0FAD639A6877813F713FD2B2952 23256 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_RecoveryDisc.exe
2013-11-19 22:29:26 4E68E7D985D5F2EB68405CD246EBEDEB 18336 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_PremiumAlert.exe
2013-11-19 22:29:26 4E3643177241FE9097606FDE53E6298C 33496 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RevGenCountry.exe
2013-11-19 22:29:26 1D80ADF858D37526CDDAE21FA595319F 17312 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSACIPDetection.exe
2013-11-19 22:29:26 136D8804CB446BB88C19856B1DC75861 32472 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_Ex_US.exe
2013-11-19 22:29:26 0986D1E655F8C3014C514F322DD49250 33496 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_CountryCode.exe
2013-11-19 22:29:26 06D9888F172A8AC47959DA5DF68270DE 29400 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_US.exe
2013-11-19 22:29:24 E4F8F4F057E3164A52D9D206D1F99193 31544 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SmartFriendAwareness.exe
2013-11-19 22:29:24 4C5282B9AF02E930E85761395610DCA1 27864 ----a-w- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\SystemAgeOneYear.exe
=== C: other files ==
2013-11-25 04:38:35 DBFD867A512C3F9FA2C241EE3B566D46 1304128 ----a-w- C:\Users\Joyce\AppData\Local\temp\azlocprov_0.1.6.3.zip
2013-11-24 20:25:28 DF2626F81C91EF456738E5D81706729D 375 ----a-w- C:\Qoobox\Quarantine\H\av2.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ssqqnksys"="rundll32.exe ssqrrs.dll,s"
[HKEY_USERS\S-1-5-21-2101717001-3418350084-2231240781-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
"HP Photosmart 5510 series (NET)"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe -deviceID CN196091LK05NR:NW -scfn HP Photosmart 5510 series (NET) -AutoStart 1"
"Facebook Update"="C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"
@="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ssqqnksys"="rundll32.exe ssqrrs.dll,s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"UpdatePSTShortCut"="C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter"
"UpdatePDIRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerDirector UpdateWithCreateOnce SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdateP2GoShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
"UpdateLBPShortCut"="C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\YouCam UpdateWithCreateOnce Software\CyberLink\YouCam\2.0"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"mobilegeni daemon"="C:\Program Files\Mobogenie\DaemonProcess.exe"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
"HP Photosmart 5510 series (NET)"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe -deviceID CN196091LK05NR:NW -scfn HP Photosmart 5510 series (NET) -AutoStart 1"
"Facebook Update"="C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"
@="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
==== Startup Folders ======================
2012-05-30 03:12:59 1658 ----a-w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
2012-05-30 03:12:59 1115 ----a-w- C:\Users\Joyce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2101717001-3418350084-2231240781-1000Core.job --a------ C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe [17-03-2013 22:41]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2101717001-3418350084-2231240781-1000UA.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]
C:\Windows\tasks\HP Photo Creations Messager.job --a------ [undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\system32\tasks\4687" [wscript.exe C:\Users\Joyce\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2101717001-3418350084-2231240781-1000Core" [C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2101717001-3418350084-2231240781-1000UA" [C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\HP Photo Creations Messager" [C:\ProgramData\HP Photo Creations\MessageCheck.exe]
"C:\Windows\system32\tasks\HPCustParticipation HP Photosmart 5510 series" ["C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe"]
"C:\Windows\system32\tasks\SmartDefragUpdate" [C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe]
"C:\Windows\system32\tasks\SmartDefrag_Startup" [C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{CA4AB69E-3234-4131-BE49-AAEEAD1A9489}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\{4B682B6B-B23E-40CE-BC3A-FDDF583E17C0}" [C:\Program Files\Skype\Phone\Skype.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe]
"C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\SiteAdvisor" [04-10-2013 16:36]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"crossriderapp498@crossrider.com"="C:\Users\Joyce\AppData\Local\RewardsArcade\498\Firefox" []
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dcmagccbogebndpoodhhhafmofelpffh - C:\Users\Joyce\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx[]
fheleffhdiajkhjhebfibagnfkoelbdk - C:\Program Files\tanzuki\fheleffhdiajkhjhebfibagnfkoelbdk.crx[]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[02-10-2013 13:05]
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx[]
SiteAdvisor - Joyce - Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Star Gazing - Joyce - Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme
==== Chrome Fix ======================
C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhndocbepopiengmnalddpofmgddkfp deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
"Search Page"="Google"
"Search Bar"="Upgrade to Google Chrome"
"Default_Search_URL"="Google"
"Default_Page_URL"="Google"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
"Default_Page_URL"="Google"
"Default_Search_URL"="Google"
"Search Page"="Google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="%s - Google Search"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="Google"
"CustomizeSearch"="Google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="Upgrade to Google Chrome"
"Default_Search_URL"="Upgrade to Google Chrome"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="Bing"
"Search Bar"="Bing"
"Default_Search_URL"="Bing"
"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Start Page"="https://www.google.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="Bing"
"Search Page"="Bing"
"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="%s - Bing"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="Bing"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{273A0332-1B97-40E6-B3DF-8E3CEC101608}"
{273A0332-1B97-40E6-B3DF-8E3CEC101608} AOL Zoeken Url="{searchTerms} - AOL Search resultaten"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{C113F95F-E0F1-4A2E-AF9D-4788A9D49151} Kelkoo Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\crossriderapp498@crossrider.com deleted successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheleffhdiajkhjhebfibagnfkoelbdk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {4DB74D06-491C-440D-305E-012400990F3E} - C:\Windows\system32\d33dx10.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [NCPluginUpdater] "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN196091LK05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Joyce\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\Run: [ssqqnksys] rundll32.exe "ssqrrs.dll",s (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [ssqqnksys] rundll32.exe "ssqrrs.dll",s (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Updateservice (gupdate1cad429e4fae9f9) (gupdate1cad429e4fae9f9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
==== Empty IE Cache ======================
C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Joyce\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U73RZH2Q will be deleted at reboot
C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Joyce\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Joyce\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Joyce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U73RZH2Q" not found
==== EOF on di 26-11-2013 at 18:06:17,88 ======================
