USB-stick

Charlotte Deruyck · 15 februari 2014

Hallo,

Ik heb gisteren nog probleemloos met mijn stick op een laptop op school gewerkt. Ik stop die daarnet in mijn desktop thuis en al mijn mapjes zijn snelkoppelingen geworden... Als ik erop dubbelklik, kom ik niet bij de inhoud van dat mapje, maar soms bij 'mijn documenten' en soms krijg ik een foutmelding dat hij iets niet kan vinden...

Daarbij ook meldingen van '****.exe' waarbij men zegt: 'Er bevindt zich geen schijf in het station. Plaats een geschikt medium in station / Device / Harddisk1/DR1... Als ik dat annuleer, krijg ik een volgend dialoogvenster met dezelfde foutmelding met op het einde /DR2 en dat gaat zo verder tot en met /DR4...

Kan ik nog aan mijn bestanden geraken?!

Charlotte Deruyck · 15 februari 2014

Ondertussen geeft mijn McAfee melding van een Trojaans paard...

Hij vraagt om de PC af te sluiten, zodat het bestand kan worden hersteld... Ik heb dit reeds gedaan en dan krijg ik nog steeds die melding...

Gedetecteerd: Redyms-FDIR!194DAC34BEF5 (Trojaans paard)

In quarantaine geplaatst vanuit: C:\Users\Charlotte\AppData\Roaming\Adope\acupx217.dll

?

kape · 15 februari 2014

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

RSIT 32 bit (RSIT.exe)
RSIT 64 bit (RSITx64.exe)

Dubbelklik op RSIT.exe om de tool te starten.

Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
Plaats de inhoud hiervan in het volgende bericht.

Bekijk ook de instructievideo.

Charlotte Deruyck · 16 februari 2014

Dit zou het moeten zijn:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Charlotte at 2014-02-16 13:16:55

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 850 GB (91%) free of 939 GB

Total RAM: 6071 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:18:04, on 16/02/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\Charlotte.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN België: Hotmail, Skype, nieuws, entertainment, lifestyle en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O1 - Hosts: 79.142.66.242 Google Analytics Official Website ? Web Analytics & Reporting.

O1 - Hosts: 79.142.66.242 google-analytics.com.

O1 - Hosts: 79.142.66.242 connect.facebook.net.

O1 - Hosts: 79.142.66.242 bing.com.

O1 - Hosts: 79.142.66.242 Bing.

O1 - Hosts: 79.142.66.242 search.yahoo.com.

O1 - Hosts: 79.142.66.242 Yahoo Search - Web Search.

O1 - Hosts: 79.142.66.242 Google Analytics Official Website ? Web Analytics & Reporting.

O1 - Hosts: 79.142.66.242 google-analytics.com.

O1 - Hosts: 79.142.66.242 connect.facebook.net.

O1 - Hosts: 79.142.66.242 bing.com.

O1 - Hosts: 79.142.66.242 Bing.

O1 - Hosts: 79.142.66.242 search.yahoo.com.

O1 - Hosts: 79.142.66.242 Yahoo Search - Web Search.

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NetworkChecker] C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: EPUHelp.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{0349578F-0331-46A2-848A-C59E55B44D2B}: NameServer = 94.242.222.66,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{3383178C-C401-4A7D-806F-1C1C5083815F}: NameServer = 94.242.222.66,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{74AB470E-7830-4A49-9ED8-E40C203A19AD}: NameServer = 94.242.222.66,8.8.8.8

O17 - HKLM\System\CS1\Services\Tcpip\..\{0349578F-0331-46A2-848A-C59E55B44D2B}: NameServer = 94.242.222.66,8.8.8.8

O17 - HKLM\System\CS2\Services\Tcpip\..\{0349578F-0331-46A2-848A-C59E55B44D2B}: NameServer = 94.242.222.66,8.8.8.8

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16292 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

atieclxx

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\SysWOW64\ezSharedSvcHost.exe

"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"

"C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc

"C:\Windows\system32\mfevtps.exe"

"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait

"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files\McAfee\MSC\McAPExe.exe"

"C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe"

"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"

WLIDSvcM.exe 1692

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\servicing\TrustedInstaller.exe

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c4460dde-dc19-48a6-86a8-4acc61243343 -SystemEventPortName:HostProcess-cc4a273b-9dfb-439a-8487-a9a8b3f94289 -IoCancelEventPortName:HostProcess-384e66cb-5613-4dc4-9bb5-bce12d8b889f -NonStateChangingEventPortName:HostProcess-80fb9599-5e31-4c02-823b-5b5e77bc86ac -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d4055683-0ffb-4791-81a0-f126c54fc3ad -DeviceGroupId:WpdFsGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"

"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background

"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

"C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"

"C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe"

"C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe"

"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3988.0.84537155\112488845" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=0x1002 --gpu-device-id=0x68d9 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.740.0.0 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3988.1.1601938256\1213147292" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3988.2.6349862\955592726" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3988.3.1413956024\1591611853" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3988.5.1261729270\898069447" /prefetch:673131151

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe" --parent-window=128170176 chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/ < \\.\pipe\chrome.nativeMessaging.in.5c87a19ec0bbc51d > \\.\pipe\chrome.nativeMessaging.out.5c87a19ec0bbc51d

\??\C:\Windows\system32\conhost.exe "-9154191961973164234-310756826-1895543759-1461026395-1206166269-1375569591-1967131390

"C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe" --parent-window=128170176 chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/

"c:\PROGRA~2\mcafee\SITEAD~1\saui.exe" -Embedding

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"

"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group5 pct:10e stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3988.8.1046564585\45349420" /prefetch:673131151

"C:\Users\Charlotte\Desktop\RSITx64.exe"

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\HPCeeScheduleForCharlotte.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 12.0.0.44 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]

"Description"=McAfee Mss Plugin

"Path"=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]

"Description"=McAfee Total Protection MIME Plugin

"Path"=c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.9.900.170 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]

"Description"=McAfee Total Protection MIME Plugin

"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\extensions\

{8F58782C-34D7-DD8D-B020-75C8F4D52146}

C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\searchplugins\

conduit-search.xml

Web Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-19 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-19 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

{ae07101b-46d4-4a98-af68-0333ea26e113}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]

"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2010-01-18 568888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-01-28 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-12-06 20203904]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2009-10-14 563736]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-18 98304]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]

"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

""= []

"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-04-25 61112]

"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

"mcpltui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2013-09-24 537512]

"mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"NetworkChecker"=C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe [2014-02-15 851984]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Imcyha"=C:\Users\Charlotte\AppData\Roaming\Ecbunau\qaloux.exe []

C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe

EPUHelp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-09-26 52920]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"EnableShellExecuteHooks"=1

"NoRun"=0

"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe]

"Debugger="lxdd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe]

"Debugger="rpeu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]

"Debugger="skskjbpjxc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-16 13:14:34 ----D---- C:\rsit

2014-02-16 13:14:34 ----D---- C:\Program Files\trend micro

2014-02-15 13:29:57 ----D---- C:\Users\Charlotte\AppData\Roaming\Ecbunau

2014-02-14 18:43:16 ----SHD---- C:\ProgramData\GoogleUpd

2014-02-13 18:06:51 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2014-02-13 18:06:51 ----A---- C:\Windows\system32\vbscript.dll

2014-02-13 18:06:22 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-02-13 18:06:22 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-02-13 18:06:22 ----A---- C:\Windows\system32\msrating.dll

2014-02-13 18:06:22 ----A---- C:\Windows\system32\ieui.dll

2014-02-13 18:06:21 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-02-13 18:06:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-02-13 18:06:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-02-13 18:06:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-02-13 18:06:21 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-02-13 18:06:21 ----A---- C:\Windows\system32\msfeeds.dll

2014-02-13 18:06:21 ----A---- C:\Windows\system32\jsproxy.dll

2014-02-13 18:06:21 ----A---- C:\Windows\system32\ieUnatt.exe

2014-02-13 18:06:21 ----A---- C:\Windows\system32\iesetup.dll

2014-02-13 18:06:21 ----A---- C:\Windows\system32\iernonce.dll

2014-02-13 18:06:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-02-13 18:06:21 ----A---- C:\Windows\system32\ie4uinit.exe

2014-02-13 18:06:20 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-02-13 18:06:20 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-02-13 18:06:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-02-13 18:06:20 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-02-13 18:06:20 ----A---- C:\Windows\system32\mshtml.dll

2014-02-13 18:06:20 ----A---- C:\Windows\system32\jscript9diag.dll

2014-02-13 18:06:20 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-02-13 18:06:20 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-02-13 18:06:20 ----A---- C:\Windows\system32\ieapfltr.dll

2014-02-13 18:06:19 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-02-13 18:06:19 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-02-13 18:06:19 ----A---- C:\Windows\system32\wininet.dll

2014-02-13 18:06:19 ----A---- C:\Windows\system32\urlmon.dll

2014-02-13 18:06:19 ----A---- C:\Windows\system32\iertutil.dll

2014-02-13 18:06:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-02-13 18:06:18 ----A---- C:\Windows\system32\ieframe.dll

2014-02-13 18:06:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-02-13 18:06:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-02-13 18:06:17 ----A---- C:\Windows\system32\jscript9.dll

2014-02-13 17:08:07 ----A---- C:\Windows\SYSWOW64\msxml3r.dll

2014-02-13 17:08:07 ----A---- C:\Windows\SYSWOW64\msxml3.dll

2014-02-13 17:08:07 ----A---- C:\Windows\system32\msxml3r.dll

2014-02-13 17:08:07 ----A---- C:\Windows\system32\msxml3.dll

2014-02-13 17:08:01 ----A---- C:\Windows\system32\RMActivate_isv.exe

2014-02-13 17:08:01 ----A---- C:\Windows\system32\RMActivate.exe

2014-02-13 17:08:00 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll

2014-02-13 17:08:00 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe

2014-02-13 17:08:00 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe

2014-02-13 17:08:00 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe

2014-02-13 17:08:00 ----A---- C:\Windows\SYSWOW64\RMActivate.exe

2014-02-13 17:08:00 ----A---- C:\Windows\system32\secproc_isv.dll

2014-02-13 17:08:00 ----A---- C:\Windows\system32\secproc.dll

2014-02-13 17:08:00 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-13 17:08:00 ----A---- C:\Windows\system32\RMActivate_ssp.exe

2014-02-13 17:08:00 ----A---- C:\Windows\system32\msdrm.dll

2014-02-13 17:07:59 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll

2014-02-13 17:07:59 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll

2014-02-13 17:07:59 ----A---- C:\Windows\SYSWOW64\secproc.dll

2014-02-13 17:07:59 ----A---- C:\Windows\SYSWOW64\msdrm.dll

2014-02-13 17:07:59 ----A---- C:\Windows\system32\secproc_ssp_isv.dll

2014-02-13 17:07:59 ----A---- C:\Windows\system32\secproc_ssp.dll

2014-02-13 17:07:56 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll

2014-02-13 17:07:56 ----A---- C:\Windows\SYSWOW64\d2d1.dll

2014-02-13 17:07:56 ----A---- C:\Windows\system32\d3d10warp.dll

2014-02-13 17:07:56 ----A---- C:\Windows\system32\d2d1.dll

2014-02-13 17:03:51 ----D---- C:\Program Files\McAfee Security Scan

2014-02-04 14:05:04 ----D---- C:\Program Files (x86)\Anvisoft

2014-01-29 11:37:12 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2014-01-29 11:35:45 ----D---- C:\Windows\Migration

2014-01-26 21:11:17 ----A---- C:\Windows\system32\drivers\HipShieldK.sys

2014-01-19 18:09:53 ----D---- C:\ProgramData\Oracle

2014-01-19 18:09:40 ----D---- C:\ProgramData\Sun

2014-01-19 18:09:35 ----A---- C:\Windows\SYSWOW64\javaws.exe

2014-01-19 18:09:22 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll

2014-01-19 18:09:22 ----A---- C:\Windows\SYSWOW64\javaw.exe

2014-01-19 18:09:22 ----A---- C:\Windows\SYSWOW64\java.exe

2014-01-19 18:09:11 ----D---- C:\Program Files (x86)\Java

======List of files/folders modified in the last 1 month======

2014-02-16 13:14:34 ----RD---- C:\Program Files

2014-02-16 13:14:12 ----D---- C:\Windows\System32

2014-02-16 13:14:12 ----D---- C:\Windows\inf

2014-02-16 13:14:12 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-02-16 13:08:37 ----D---- C:\Windows\Temp

2014-02-16 13:08:23 ----D---- C:\Users\Charlotte\AppData\Roaming\Dropbox

2014-02-16 13:07:05 ----D---- C:\Users\Charlotte\AppData\Roaming\Adobe

2014-02-16 13:06:03 ----D---- C:\Windows\system32\config

2014-02-16 13:05:53 ----A---- C:\Windows\SYSWOW64\log.txt

2014-02-15 17:09:23 ----D---- C:\Windows\Microsoft.NET

2014-02-15 17:09:10 ----RSD---- C:\Windows\assembly

2014-02-15 16:58:03 ----D---- C:\Program Files (x86)\EasyBits For Kids

2014-02-15 16:56:59 ----SHD---- C:\System Volume Information

2014-02-15 16:33:34 ----D---- C:\Windows\system32\Tasks

2014-02-15 16:18:52 ----D---- C:\Users\Charlotte\AppData\Roaming\newnext.me

2014-02-15 16:17:18 ----D---- C:\Users\Charlotte\AppData\Roaming\Canon

2014-02-15 15:20:31 ----D---- C:\Windows\system32\drivers\etc

2014-02-15 13:36:21 ----D---- C:\Windows\Tasks

2014-02-14 18:43:16 ----HD---- C:\ProgramData

2014-02-13 19:57:25 ----D---- C:\Windows\winsxs

2014-02-13 19:56:02 ----AD---- C:\Windows\SysWOW64

2014-02-13 19:55:57 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-02-13 19:55:57 ----D---- C:\Windows\system32\nl-NL

2014-02-13 19:55:56 ----D---- C:\Program Files\Internet Explorer

2014-02-13 19:55:56 ----D---- C:\Program Files (x86)\Internet Explorer

2014-02-13 18:12:04 ----SHD---- C:\Windows\Installer

2014-02-13 18:12:03 ----D---- C:\ProgramData\Microsoft Help

2014-02-13 18:07:57 ----D---- C:\Windows\system32\catroot2

2014-02-13 18:07:57 ----D---- C:\Windows\system32\catroot

2014-02-13 18:07:02 ----A---- C:\Windows\win.ini

2014-02-13 17:17:16 ----D---- C:\CHARLOTTE

2014-02-13 17:01:51 ----D---- C:\ProgramData\PDFC

2014-02-12 19:53:25 ----D---- C:\Users\Charlotte\AppData\Roaming\HpUpdate

2014-02-12 19:53:25 ----D---- C:\Users\Charlotte\AppData\Roaming\HP Support Assistant

2014-02-11 09:49:16 ----D---- C:\Program Files (x86)\McAfee

2014-02-07 19:28:11 ----D---- C:\Windows\LiveKernelReports

2014-02-05 14:11:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2014-02-04 14:05:04 ----D---- C:\Program Files (x86)

2014-01-30 17:53:23 ----SD---- C:\Users\Charlotte\AppData\Roaming\Microsoft

2014-01-29 11:35:51 ----D---- C:\Windows\SYSWOW64\en-US

2014-01-29 11:35:51 ----D---- C:\Windows\system32\en-US

2014-01-29 11:35:45 ----SD---- C:\ProgramData\Microsoft

2014-01-29 11:35:45 ----AD---- C:\Windows

2014-01-26 21:11:17 ----D---- C:\Windows\system32\drivers

2014-01-22 22:04:43 ----D---- C:\Windows\Prefetch

2014-01-21 15:39:45 ----D---- C:\Users\Charlotte\AppData\Roaming\CyberLink

2014-01-21 15:39:45 ----D---- C:\ProgramData\CyberLink

2014-01-19 18:09:40 ----D---- C:\Program Files (x86)\Common Files

2014-01-19 17:48:12 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2013-11-04 179792]

R2 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2013-11-04 311120]

R2 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2013-11-04 782360]

R2 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2013-11-04 343696]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-17 6853632]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-17 263680]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-08 2394216]

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2013-11-04 519576]

R3 mfencbdc;McAfee Inc. mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [2013-11-26 411944]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2013-11-04 70112]

S3 HipShieldK;McAfee Inc. HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [2013-09-23 197704]

S3 mfencrk;McAfee Inc. mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [2013-11-26 96112]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-17 203264]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]

R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-11 121344]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2009-10-01 268824]

R2 McAPExe;McAfee AP Service; C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-28 178048]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]

R2 mcpltsvc;McAfee Platform Services; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]

R2 mfecore;McAfee Anti-Malware Core; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-26 1025232]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-11-04 219272]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2013-11-04 182752]

R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07 116648]

S2 HomeNetSvc;McAfee Home Network; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]

S2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]

S2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 328928]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07 116648]

S3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-05-15 230968]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 289256]

S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2013-08-02 602944]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-26 119408]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-19 1255736]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Alvast bedankt!

kape · 16 februari 2014

Dubbelklik op Zoek.exe om de tool te starten.

Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {ae07101b-46d4-4a98-af68-0333ea26e113};c
 mobilegeni daemon;s
 C:\Program Files (x86)\Mobogenie;fs
 C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\extensions\{8F58782C-34D7-DD8D-B020-75C8F4D52146};fs
 C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\searchplugins\conduit-search.xml;f
 C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\searchplugins\Web Search.xml;f
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
""=-;r64
"mobilegeni daemon"=-;r64
resethosts;
[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64

 "Imcyha"=-;r64
 C:\Users\Charlotte\AppData\Roaming\Ecbunau;fs
 C:\Users\Charlotte\AppData\Roaming\newnext.me;fs

Klik op de knop "Options" en vink nu de onderstaande opties aan.
Do a Quick Scan
Auto Clean
De optie "Scan All Users" staat standaard aangevinkt.
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.

Charlotte Deruyck · 16 februari 2014

Dit is het logje:

Zoek.exe v5.0.0.0 Updated 15-February-2014

Tool run by Charlotte on zo 16/02/2014 at 16:46:37,05.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Charlotte\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

16/02/2014 16:50:27 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-697365305-3729413489-3807942375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully

HKEY_USERS\S-1-5-21-697365305-3729413489-3807942375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\CHARLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Web Search");

---- FireFox user.js and prefs.js backups ----

user_20141602_1707_.backup

prefs_20141602_1707_.backup

ProfilePath: C:\Users\Mounier\AppData\Roaming\Mozilla\Firefox\Profiles\ur1dpi4u.default

user.js not found

---- Lines snapdo removed from prefs.js ----

user_pref("browser.newtab.url", "http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&

user_pref("browser.startup.homepage", "http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b64158

user_pref("keyword.URL", "http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searcht

---- Lines Web Search removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Web Search");

user_pref("browser.search.selectedEngine", "Web Search");

---- FireFox user.js and prefs.js backups ----

prefs_20141602_1707_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""=-

"mobilegeni daemon"=-

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Imcyha"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Mobogenie not found

C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\extensions\{8F58782C-34D7-DD8D-B020-75C8F4D52146} deleted

C:\Users\Charlotte\AppData\Roaming\Ecbunau deleted

C:\Users\Charlotte\AppData\Roaming\newnext.me deleted

C:\Users\Charlotte\AppData\Local\genienext deleted

C:\Users\Charlotte\.android deleted

C:\Users\Mounier\AppData\Roaming\Solvusoft deleted

C:\Users\Charlotte\AppData\Local\Mobogenie deleted

C:\Users\Charlotte\AppData\Local\cache deleted

C:\windows\SysNative\tasks\Windows Update Check - 0x159F03DA deleted

C:\Users\CHARLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\searchplugins\conduit-search.xml deleted

C:\Users\CHARLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\searchplugins\Web Search.xml deleted

C:\Users\Mounier\AppData\Roaming\Mozilla\Firefox\Profiles\ur1dpi4u.default\searchplugins\Web Search.xml deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\CHARLO~1\AppData\Local\Temp ====

2014-02-15 15:33:21 AB44CCD0FA8E55EF88DB941EEF95560A 49152 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\vfind.exe

2014-02-15 15:33:21 92BD80F82FE8A28385B7D9D3F215E8B3 73728 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\pv.exe

2014-02-15 14:19:35 8C9BF11EDF0A9B3FC0DF749B8F3D6966 29712 ----a-w- C:\Users\Mounier\AppData\Local\Temp\xszuvidpeaj.exe

2014-02-15 12:29:56 A59BABFEA99B2D046E9B9AF8B22689CE 284204 --sha-w- C:\Users\Charlotte\AppData\Local\Temp\UpdateFlashPlayer_29e3c6c1.exe

2014-02-15 09:53:08 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe

2014-02-15 09:53:08 75DF33591256914A6BC2782E5C2042A4 50176 ----a-w- C:\Users\Mounier\AppData\Local\Temp\gkqvolpx.exe

2014-02-14 17:44:33 04FD350AF203F11CF7477C6BA2B9263C 93599 ----a-w- C:\Users\Mounier\AppData\Local\Temp\vpmsvptelmr.exe

2014-02-04 12:42:31 5FC1DF7FF1E2A4D3C521E6C8B783BF51 19212504 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\setupA9_.exe

2014-02-04 12:41:59 630AD1674149A392A97A7B10945960CD 5987944 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nso879B\SpSetup.exe

2014-02-04 12:41:50 EA3E3A130E364903B8D9CEDFC4D941C8 332288 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\setup__270.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nsyC5B7.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nstCA7A.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nstA76D.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nspCFA3.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nsjA55A.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nseC848.exe

2014-02-03 10:17:16 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nseA318.exe

====== Java Cache =====

2014-02-06 16:04:14 86E51F360DAF19AAE1785F70B952C4B1 77 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\469e3201-6.0.lap

2014-01-23 15:54:25 2D39752BE292A934E9CB9054A5385B4C 94 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4f038bca-6.0.lap

2014-01-23 15:54:27 FC594A1FD05A1E024227953C6FC03A96 8867 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5b890a02-46b91a3c

2014-01-19 17:11:19 C7BBD1B61589C06610932E97880EC5A3 45818 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3ef6df66-18fbfd91

2014-01-26 18:26:12 0735170FDF0F7EEFB120FC43D86D49FE 37 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4c35466a-6.0.lap

2014-01-19 17:11:09 C3CD87F4D53F35281C0F809D47B3BF77 88 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\2ade64f1-6.0.lap

2014-01-19 17:11:10 4D9B419B429D26BE6800CACE2749764D 201100 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6135dc36-7f99bab9

2014-01-19 17:11:14 701682356BA25C5FC1CB23CA5CD90C3D 63060 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\2fd8cbb9-2a30441f

2014-02-06 16:04:19 795D9229C20C4B83D0DABAEEDF4F7D65 2126280 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1ba8977c-5c749b76-0.2.3.4-

2014-01-20 18:45:22 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1f9029da

2014-01-20 18:45:21 86C47CA21A599230CA54E8F5EBDB6A07 124 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\7\6619ee07-71c03f47

2014-02-07 18:23:03 F9F296079FED40F3A527160449E54A2B 37 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\61174921-6.0.lap

2014-02-15 20:20:54 4FE46A3011265C7CEDF0598D0DE3900C 37 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3d3173e6-6.0.lap

2014-01-28 18:17:26 5D529BA461A8B327ECD694FE9E4BD65E 37 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1bd55833-6.0.lap

2014-02-15 20:08:35 9C385947116AB197430ECFE5A3ADFE0B 37 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6d468bf8-6.0.lap

2014-02-15 20:10:51 7CD5DAFD851632905E6D32F9FE333A9E 37 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4470effd-6.0.lap

2014-01-21 19:49:30 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e4d25de

2014-01-25 17:04:14 86C47CA21A599230CA54E8F5EBDB6A07 124 ----a-w- C:\Users\Mounier\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\7\6619ee07-5de442bf

====== C:\Windows\SysWOW64 =====

2014-02-13 17:06:51 3D485254E43EF4E4F707346B5731EA9A 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2014-02-13 17:06:22 B8F28AAC003060E3B125D2447CFC19E2 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll

2014-02-13 17:06:22 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-02-13 17:06:22 85AC8EB265EDCAD86D651D45C5E3AB83 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll

2014-02-13 17:06:21 C9D1131E2163CE932DF3EAAF0EEA3673 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-02-13 17:06:21 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-02-13 17:06:21 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2014-02-13 17:06:21 408805B8083896DC95E6340F4016BEBD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2014-02-13 17:06:21 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2014-02-13 17:06:20 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2014-02-13 17:06:20 34CBED7698D557DDB43F8732FBC2ACB9 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-02-13 17:06:20 260D6B421E5551E8BA75D16B5CA90D9A 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-13 17:06:20 0F739443669F3A48F1B2325995117BFE 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2014-02-13 17:06:19 9C89246184979A070B0C6CCF61C68136 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-02-13 17:06:19 5D9DC6332A4FC66388B09BBE7CF53750 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-02-13 17:06:19 40E68599FE3A10F816217D3789FCE74E 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2014-02-13 17:06:18 79FA7D8B488F90EDE325963379A6F738 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-02-13 17:06:17 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-02-13 17:06:17 99280392987A1A96C756A9F38C4CE396 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2014-02-13 16:08:08 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\SysWOW64\locale.nls

2014-02-13 16:08:07 E4561704CBFA193761743E5AF746C669 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll

2014-02-13 16:08:07 17B06F23237FCD731FA2E10ECD6EDFE1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll

2014-02-13 16:08:00 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-13 16:08:00 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\SysWOW64\secproc_isv.dll

2014-02-13 16:08:00 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\SysWOW64\RMActivate.exe

2014-02-13 16:08:00 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-13 16:08:00 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-13 16:07:59 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-13 16:07:59 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\SysWOW64\msdrm.dll

2014-02-13 16:07:59 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-13 16:07:59 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\SysWOW64\secproc.dll

2014-02-13 16:07:56 D96106CF60505734B14F6AE80AAA4B07 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll

2014-02-13 16:07:56 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-02-13 17:06:51 F67C7D80745379DC4C5332EFFE5AC696 548864 ----a-w- C:\Windows\Sysnative\vbscript.dll

2014-02-13 17:06:23 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-02-13 17:06:22 63B5E990896BA81D604032A48CC80A5C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll

2014-02-13 17:06:22 1D1D7F52EC84294859642A4309FE648E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll

2014-02-13 17:06:21 FD08F8BA2437A85F500EFFE3FD3158A6 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll

2014-02-13 17:06:21 E77092C38028EB0A5C461B3436E0A6D5 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2014-02-13 17:06:21 CDE728C8FB1D6E132CED44835FA44C87 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-02-13 17:06:21 C1E2C16D58D76323800C3EE5E2C5095A 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll

2014-02-13 17:06:21 99ED8FBAFD325550D07A32664D9E3CC8 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2014-02-13 17:06:21 338415F2E9A188875B6E43B5269620B0 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2014-02-13 17:06:21 27516B54E116D5EF8B0129B5C829A87C 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2014-02-13 17:06:20 FCFAEDF0AA1A78A1875FDB798598408B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2014-02-13 17:06:20 F348B2D0983C91392632B4291C517AA4 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2014-02-13 17:06:20 E129D34089E70215B65EA611F802FA9A 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2014-02-13 17:06:20 D016F5092E4FFC41147E8555A71D2DDE 23170048 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-02-13 17:06:20 3906C9640406FC0FC00A324947C74893 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2014-02-13 17:06:19 83296DE8CFFEADA636DCC1AB2E3BF643 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2014-02-13 17:06:19 6300AD525D639CECBB3D144B6D7B30F9 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-02-13 17:06:19 263B6E451526A90FF8B1CEC759F22956 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-02-13 17:06:19 22874047B810B5B174C68ACD7C0B6510 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-02-13 17:06:18 DB02F4D37E5F7F07A0D0F9FAA68249EE 13051392 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-02-13 17:06:17 5922EEA922D3AD686342F866CAEE851F 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2014-02-13 16:08:08 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\Sysnative\locale.nls

2014-02-13 16:08:07 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll

2014-02-13 16:08:07 0D298133C359AB8CB9EB4FA178BF3947 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll

2014-02-13 16:08:01 1B3741488AA7E237961A29D1E7A44C0A 626176 ----a-w- C:\Windows\Sysnative\RMActivate.exe

2014-02-13 16:08:01 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 ----a-w- C:\Windows\Sysnative\RMActivate_isv.exe

2014-02-13 16:08:00 C6AC2C91541D24F9E236A670C0CA793D 528384 ----a-w- C:\Windows\Sysnative\msdrm.dll

2014-02-13 16:08:00 5693212AB2EBCACBBE05EC3A642113E2 485888 ----a-w- C:\Windows\Sysnative\secproc_isv.dll

2014-02-13 16:08:00 399FC1B75790EE606A6FD9F2FB4C891C 488448 ----a-w- C:\Windows\Sysnative\secproc.dll

2014-02-13 16:08:00 297926B15AE5390409F1007EB28A8EFB 552960 ----a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe

2014-02-13 16:08:00 03F8F411F118CFDA508E77C747BB05EA 553984 ----a-w- C:\Windows\Sysnative\RMActivate_ssp.exe

2014-02-13 16:07:59 DC6DD779F35BB42E2E76FDFEC565C251 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll

2014-02-13 16:07:59 B41B1FEDEBBD955B4E25676B42087885 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp.dll

2014-02-13 16:07:56 E8710B5DDA963E6BA198DF5FB209E72A 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll

2014-02-13 16:07:56 C676E5EA388AF7C4C031F56F9B42E362 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll

====== C:\Windows\Sysnative\drivers =====

2014-01-26 20:11:17 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys

====== C:\Windows\Tasks ======

2014-02-15 15:33:34 E99D56F1F31F818674172F294C104047 3162 ----a-w- C:\Windows\Sysnative\Tasks\{CD68CA15-0DC3-4304-8349-4D5428227D58}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-02-16 12:14:34 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

2014-02-04 13:05:04 -------- d-----w- C:\PROGRA~2\Anvisoft

2014-01-19 17:09:40 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2014-01-19 17:09:11 -------- d-----w- C:\PROGRA~2\Java

======= C: =====

====== C:\Users\Charlotte\AppData\Roaming ======

2014-02-15 18:22:16 0C4B1ACB72943D8D024DABD9CDC37F85 7605 ----a-w- C:\Users\Mounier\AppData\Local\Resmon.ResmonCfg

2014-02-04 13:05:04 -------- d-----w- C:\Users\Charlotte\AppData\Local\Anvisoft

2014-01-28 18:12:37 -------- d-----w- C:\Users\Mounier\AppData\Local\Imsoft

2014-01-27 08:37:33 -------- d-----w- C:\Users\Mounier\AppData\Roaming\vlc

2014-01-21 19:48:52 -------- d-----w- C:\Users\Mounier\AppData\Locallow\Sun

2014-01-19 17:08:15 -------- d-----w- C:\Users\Charlotte\AppData\Locallow\Sun

====== C:\Users\Charlotte ======

2014-02-16 12:15:07 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Charlotte\Desktop\RSITx64.exe

2014-02-14 17:43:16 -------- d-sh--w- C:\ProgramData\GoogleUpd

2014-02-04 13:05:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2014-01-21 14:39:40 -------- d-----w- C:\Users\Public\CyberLink

2014-01-19 17:09:53 -------- d-----w- C:\ProgramData\Oracle

2014-01-19 17:09:40 -------- d-----w- C:\ProgramData\Sun

2014-01-19 17:09:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

====== C: exe-files ==

2014-02-16 15:50:43 FDC55EB56E7402C04828AFAEDCB0C681 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$I79Y1NI.exe

2014-02-16 15:50:43 BCCF32CEEBBFFF220260540BD0B478DA 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$IY6QR6E.exe

2014-02-16 15:50:43 BBB4AFA5FD11A59496586BCBC95962DD 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$IOAOF4M.exe

2014-02-16 15:50:43 AA8440CDD34D3F097871F4263871FAE1 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$IO2TPYH.exe

2014-02-16 15:50:43 7D47ED2D0476AC315118855FAE834E0B 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$IDSEBS5.exe

2014-02-16 15:50:43 5DC321B7CA477F2CE8C383D512274B42 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$IJDMZ5P.exe

2014-02-16 15:50:43 44696F505BA82E927DF7E214ADE84CA4 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$IRC1XRI.exe

2014-02-16 15:50:43 0D4BB06CA7FAD17CD4DC5EC2E36047EB 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$ILMAZ7D.exe

2014-02-16 15:47:01 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe

2014-02-16 15:47:01 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe

2014-02-16 15:47:00 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe

2014-02-16 15:46:52 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

2014-02-16 15:46:52 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe

2014-02-16 15:46:51 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe

2014-02-16 15:46:47 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe

2014-02-16 15:45:36 7B4E6EA4FB7778A36F5D95087DE10606 1283584 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$RJDMZ5P.exe

2014-02-16 12:15:07 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Charlotte\Desktop\RSITx64.exe

2014-02-16 12:14:37 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Charlotte.exe

2014-02-16 12:14:16 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$R79Y1NI.exe

2014-02-15 18:18:04 AE2189ED1B3C91C47652589A2B2A6CB9 204800 ----a-w- C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe

2014-02-15 15:43:08 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Easy Write Wizard\wisptis.exe

2014-02-15 15:43:08 !HASH: COULD NOT OPEN FILE !!!!! 0 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Book Wizard\fra\hkcr.exe

2014-02-15 15:33:21 AB44CCD0FA8E55EF88DB941EEF95560A 49152 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\vfind.exe

2014-02-15 15:33:21 92BD80F82FE8A28385B7D9D3F215E8B3 73728 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\pv.exe

2014-02-15 15:33:14 A37C8C8523B2027897BE24C9DEC7CF35 132597 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-697365305-3729413489-3807942375-1000\$RRC1XRI.exe

2014-02-15 15:06:22 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\dea\jucheck.exe

2014-02-15 15:06:22 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\dea\hkcr.exe

2014-02-15 15:06:22 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\dea\convert.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\des\wisptis.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\des\lucoms.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\des\jucheck.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\des\iexplore.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\des\hkcr.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\des\convert.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Help\Master Password Wizard\dea\wisptis.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Books\Fun & Learning\Detective Bob.HTML\wisptis.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Books\Fun & Learning\Detective Bob.HTML\hkcr.exe

2014-02-15 15:05:48 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Program Files (x86)\EasyBits For Kids\Books\Fun & Learning\Detective Bob.HTML\gearsec.exe

2014-02-15 14:19:35 8C9BF11EDF0A9B3FC0DF749B8F3D6966 29712 ----a-w- C:\Users\Mounier\AppData\Local\Temp\xszuvidpeaj.exe

2014-02-15 12:29:56 A59BABFEA99B2D046E9B9AF8B22689CE 284204 --sha-w- C:\Users\Charlotte\AppData\Local\Temp\UpdateFlashPlayer_29e3c6c1.exe

2014-02-15 12:26:56 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKQB70F\exe[1].exe

2014-02-15 09:53:08 7C6B3FBC171A40F430E47C4709A33357 851984 ---ha-r- C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe

2014-02-15 09:53:08 75DF33591256914A6BC2782E5C2042A4 50176 ----a-w- C:\Users\Mounier\AppData\Local\Temp\gkqvolpx.exe

2014-02-14 17:44:33 04FD350AF203F11CF7477C6BA2B9263C 93599 ----a-w- C:\Users\Mounier\AppData\Local\Temp\vpmsvptelmr.exe

2014-02-14 17:43:12 69BDF57C73492FE5D48E8F8DDDD501AD 230912 ---h--r- C:\ProgramData\GoogleUpd\omylcqksw.exe

2014-02-13 17:06:21 AFAB9B381886ABE3490689B7633A858F 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-02-13 17:06:21 9E8F9FDD407DDE997965EEFD9E635CCF 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2014-02-13 17:06:21 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-02-13 17:06:21 338415F2E9A188875B6E43B5269620B0 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-13 17:06:21 27516B54E116D5EF8B0129B5C829A87C 218624 ----a-w- C:\Windows\System32\ie4uinit.exe

2014-02-13 17:06:20 E129D34089E70215B65EA611F802FA9A 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-13 17:06:19 C6E1178294BDEAB1CACF50427688DF05 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-02-13 17:06:19 4263F6C131E513CEA1AE82B5B81A4E1A 808152 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2014-02-13 16:08:01 1B3741488AA7E237961A29D1E7A44C0A 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2014-02-13 16:08:01 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2014-02-13 16:08:00 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-13 16:08:00 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\SysWOW64\RMActivate.exe

2014-02-13 16:08:00 297926B15AE5390409F1007EB28A8EFB 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2014-02-13 16:08:00 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-13 16:08:00 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-13 16:08:00 03F8F411F118CFDA508E77C747BB05EA 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2014-02-11 17:16:59 962145C73210053BA85C17CF91400EF5 217088 ----a-w- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe

=== C: other files ==

2014-02-16 14:21:29 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\_MEI39202\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

2014-02-15 15:57:20 9465A22EF7950C1A57CBE8A0CC461227 1068005 ----a-w- C:\CHARLOTTE\Google Drive\Back-up\Losse bestanden\Re Studie Kijk in je brein.zip

2014-02-15 15:40:52 9465A22EF7950C1A57CBE8A0CC461227 1068005 ----a-w- C:\Users\Charlotte\Desktop\Back-up\Losse bestanden\Re Studie Kijk in je brein.zip

2014-02-15 12:29:58 2F9E35EF375AF5116F3D16F1CC9B4C0B 240 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\tmpb1fef043.bat

2014-02-11 13:22:13 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\_MEI38122\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

2014-02-11 08:56:27 A3DC20485D754C0769C2185BC22927A5 10095 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBYT8CD3\SMClientDB[1].vbs

2014-02-11 08:56:27 9833B2B18D5254B3BBB506A13674E6C6 24837 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZC6L0FW\SMShowMessage[1].vbs

2014-02-11 08:56:27 6DB634C11FCA96B90762B26918DEB612 3444 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L51Q7KSV\SMProviderEnum[1].vbs

2014-02-11 08:56:27 6D71C45E948CACE4E905531A06EE5291 5747 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZC6L0FW\SMUIContainer[1].vbs

2014-02-11 08:56:27 42D3A2293DE78572A16211E1FE4889BB 7104 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3GVL803\SMUtils[1].vbs

2014-02-11 08:56:27 3DDF47DFBF3EDE3DEBAE9E2A7A8FE57E 11025 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQPD0SAH\SMConstantsdef[1].vbs

2014-02-11 08:56:27 2565B7DAC37F8A062A2100539C4C6A11 11986 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTZAQDYU\SMSystemData[1].vbs

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-697365305-3729413489-3807942375-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"NetworkChecker"="C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"

"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2013-12-02 20:34:07 1017 ----a-w- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2014-02-11 17:16:59 217088 ----a-w- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe

2014-02-15 18:18:04 204800 ----a-w- C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/01/2014 13:32]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/01/2014 13:32]

C:\Windows\tasks\HPCeeScheduleForCharlotte.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [05/01/2010 11:53]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HPCeeScheduleForCharlotte" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]

"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]

"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [11/02/2014 09:49]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CHARLO~1\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default

- Undetermined - C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default\extensions\{8F58782C-34D7-DD8D-B020-75C8F4D52146}

ProfilePath: C:\Users\Mounier\AppData\Roaming\Mozilla\Firefox\Profiles\ur1dpi4u.default

- System.Security.Cryptography.DSASignatureFormatter - %ProfilePath%\extensions\{8F58782C-34D7-DD8D-B020-75C8F4D52146}

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default

FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash

63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bopakagnckmlgajfccecajhnimjiiedh - No path found[]

fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02/02/2014 08:58]

Google Docs - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

SiteAdvisor - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

Google Wallet - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

SiteAdvisor - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho

Google Wallet - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8DAB9BCF-DDFC-48B8-AF1B-DAC60E8CD8EF&SSPV="

"Search Page"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

"Search Bar"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

"SearchAssistant"="http://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=BE&userid=e358357c-d7c0-8bb7-4bc6-0b641587c6ca&searchtype=ds&q={searchTerms}&installDate=07/01/2014"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.com"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{28205FEB-945F-4360-A178-D5DE5B4C74B7} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-697365305-3729413489-3807942375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{28205FEB-945F-4360-A178-D5DE5B4C74B7} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Charlotte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Mounier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Mounier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Mounier\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Charlotte\AppData\Local\Mozilla\Firefox\Profiles\3nqgqq6u.default\Cache will be emptied at reboot

C:\Users\Mounier\AppData\Local\Mozilla\Firefox\Profiles\ur1dpi4u.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Mounier\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=226 folders=41 6209309 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Mounier\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Charlotte\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\CHARLO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Mounier\AppData\Local\Temp\temp1144259936.exe" deleted

==== EOF on zo 16/02/2014 at 17:27:42,79 ======================

kape · 16 februari 2014

En krijg je nu nog meldingen van ongewenste bestanden of andere bedreigingen ?

Charlotte Deruyck · 17 februari 2014

Ja, McAfee geeft melding van een Trojaans paard, Redyms-FDIR!194DAC34BEF5 in quarantaine geplaatst vanaf C:\Users\AppData\Roaming\Adobe\acupx217.dll

Ik heb dit bestand nochtans gisteren of eergisteren via de verkenner gezocht en vernietigd, maar blijkbaar had dit geen effect?

kape · 17 februari 2014

Ga naar de site van ESET Online Scanner.

Klik op de knop “Run ESET Online Scanner”

In een apart scherm krijg je de vraag om EsetSmartInstaller te downloaden

Klik op de link van esetsmartinstaller_enu.exe en dan start de download automatisch op.

Kies voor “Download” van dit bestand.

Klik op “uitvoeren” van dit bestand esetsmartinstaller_enu.exe

Zet een vinkje bij “YES, I accept the Terms of Use”

Klik op “Start”

Klik op "Advanced settings"

Zet een vinkje bij de volgende opties:

Remove found threats
Scan archives
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Klik op “Start”

De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.

Je mag het venster sluiten wanneer de scan klaar is.

Gebruik Kladblok om het logje te openen. Dit logje vind je op de locatie C:\\Program Files\\Eset\\EsetOnlineScanner\\log.txt

Kopieer en plak de inhoud van dit logje in je volgende bericht.

Charlotte Deruyck · 18 februari 2014

Dit is het resultaat:

C:\Users\All Users\GoogleUpd\omylcqksw.exe a variant of Win32/Kryptik.BVCC trojan

C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp1065.exe a variant of Win32/Kryptik.BUFJ trojan

C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp3FFC.exe a variant of Win32/Kryptik.BUVR trojan

C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmpC7D0.exe a variant of Win32/Kryptik.BUWU trojan

C:\CHARLOTTE\Fabrieksinstellingen\Cute pdf writer\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined

C:\ProgramData\GoogleUpd\omylcqksw.exe a variant of Win32/Kryptik.BVCC trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp1065.exe a variant of Win32/Kryptik.BUFJ trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp3FFC.exe a variant of Win32/Kryptik.BUVR trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmpC7D0.exe a variant of Win32/Kryptik.BUWU trojan cleaned by deleting - quarantined

C:\Users\Charlotte\AppData\Roaming\Adobe\crsscmgr\service.exe a variant of Win64/BitCoinMiner.U potentially unsafe application deleted - quarantined

C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe a variant of Win32/Kryptik.BURM trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\@Evolutietheorie.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\@MATRIX lengtematen.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\@MIJN EVALUATIEDOCUMENTEN.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\@Thema cultuur.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\@Thema milieu.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Afdrukken.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Back-up email.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\BB lessen.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Bestanden donderdaggroep.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Bestanden maandaggroep.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Bestanden vrijdaggroep.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\CLW 2013-2014 - 2014-02-12.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Dropbox CLW West-Vlaanderen.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Evaluatie NFTE.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Evaluatiedocumenten 2014-2015.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Frans - lessen.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Klassenraden krokus 2014.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Mailen drukkerij.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\NIEUW AV.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Op netwerk CLW zetten.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Rapporten krokus 2014.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\RSV.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Schaal - aangepast.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Smartschool documenten.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Charlotte\Desktop\Snelkoppelingsmapjes stick\Solliciteren 13-14.lnk LNK/Agent.U trojan cleaned by deleting - quarantined

C:\Users\Mounier\AppData\Roaming\Adobe\acupx217.dll a variant of Win32/Kryptik.BVEH trojan cleaned by deleting - quarantined

C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe a variant of Win32/Kryptik.BVEH trojan cleaned by deleting - quarantined

C:\zoek_backup\C_Users_Charlotte_AppData_Roaming_Mozilla_Firefox_Profiles_3nqgqq6u.default_extensions_{8F58782C-34D7-DD8D-B020-75C8F4D52146}\components\SystemSecurityCryptography.js Win32/Boaxxe.BE trojan cleaned by deleting - quarantined

Ik heb ondertussen de map vanop mijn bureaublad gewist, daar had ik de mapjes vanop mijn stick in gezet die plots een snelkoppeling werden...

Inloggen

USB-stick

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie