Malware

[Johan Vancoillie]

Logfile of random's system information tool 1.08 (written by random/random)

Run by Johan at 2014-03-02 22:18:42

Microsoft® Windows Vista™ Home Basic Service Pack 2

System drive C: has 23 GB (16%) free of 143 GB

Total RAM: 2039 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:20:51, on 2/03/2014

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16533)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe

C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Users\Johan\Desktop\RSIT-1.06.exe

C:\Program Files\trend micro\Johan.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Spoon.net Sandbox Manager 3.33.lnk = C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs:

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files\Web Protect\PCProtect.exe

O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9774 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\SelectionTool Update.job

C:\Windows\tasks\SelectionTool_wd.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-16 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-16 194128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-12 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-12 154136]

"Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-12 129560]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]

"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

""= []

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe [2007-04-27 312848]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-13 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

C:\Program Files\Brownie\BrstsWnd.exe [2008-10-17 1086768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]

C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe [2007-05-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2007-04-17 368640]

C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Spoon.net Sandbox Manager 3.33.lnk - C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2007-08-24 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCProtect]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pcwatch.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-03-02 21:31:32 ----D---- C:\Windows\ERUNT

2014-03-02 20:31:03 ----HD---- C:\Windows\msdownld.tmp

2014-03-02 20:27:55 ----D---- C:\AdwCleaner

2014-03-02 19:02:33 ----D---- C:\Program Files\Microsoft Security Client

2014-03-02 18:59:31 ----A---- C:\Windows\system32\drivers\netio.sys

2014-03-02 09:51:35 ----D---- C:\Users\Johan\AppData\Roaming\Activeris

2014-03-02 09:50:57 ----D---- C:\ProgramData\Activeris

2014-03-02 09:50:56 ----D---- C:\Program Files\Activeris AntiMalware

2014-03-02 09:50:56 ----A---- C:\Windows\system32\acrisnative32.exe

2014-03-01 16:35:01 ----D---- C:\Users\Johan\AppData\Roaming\Malwarebytes

2014-03-01 16:34:42 ----D---- C:\ProgramData\Malwarebytes

2014-03-01 16:34:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2014-03-01 16:34:40 ----A---- C:\Windows\system32\drivers\mbam.sys

2014-02-28 21:00:48 ----D---- C:\ProgramData\Mozilla

2014-02-28 21:00:47 ----D---- C:\Program Files\Mozilla Maintenance Service

2014-02-28 21:00:43 ----D---- C:\Program Files\Mozilla Firefox

2014-02-28 14:26:41 ----D---- C:\Program Files\trend micro

2014-02-28 14:26:40 ----D---- C:\rsit

2014-02-28 08:17:57 ----D---- C:\Windows\Migration

2014-02-28 08:11:42 ----D---- C:\Program Files\SelectionTool-soft

2014-02-27 13:16:28 ----D---- C:\Users\Johan\AppData\Roaming\vlc

2014-02-27 13:16:27 ----D---- C:\Users\Johan\AppData\Roaming\FLV and Media Player

2014-02-27 13:15:42 ----D---- C:\ProgramData\Common Toolkit Suite

2014-02-27 12:58:10 ----D---- C:\Program Files\Applian Technologies

2014-02-27 12:54:47 ----A---- C:\Windows\system32\PCProtectOff.ini

2014-02-27 12:54:47 ----A---- C:\Windows\system32\PCProtect.ini

2014-02-27 12:54:47 ----A---- C:\Windows\system32\drivers\pcwatch.sys

2014-02-27 12:54:33 ----A---- C:\Windows\system32\PCProtect.dll

2014-02-27 12:53:18 ----D---- C:\Program Files\Web Protect

2014-02-14 08:08:47 ----A---- C:\Windows\system32\mshtmled.dll

2014-02-14 08:08:46 ----A---- C:\Windows\system32\vbscript.dll

2014-02-14 08:08:45 ----A---- C:\Windows\system32\jsproxy.dll

2014-02-14 08:08:45 ----A---- C:\Windows\system32\ieui.dll

2014-02-14 08:08:43 ----A---- C:\Windows\system32\msfeeds.dll

2014-02-14 08:08:43 ----A---- C:\Windows\system32\ieUnatt.exe

2014-02-14 08:08:42 ----A---- C:\Windows\system32\wininet.dll

2014-02-14 08:08:41 ----A---- C:\Windows\system32\jscript.dll

2014-02-14 08:08:39 ----A---- C:\Windows\system32\url.dll

2014-02-14 08:08:39 ----A---- C:\Windows\system32\jscript9.dll

2014-02-14 08:08:38 ----A---- C:\Windows\system32\iertutil.dll

2014-02-14 08:08:37 ----A---- C:\Windows\system32\urlmon.dll

2014-02-14 08:08:36 ----A---- C:\Windows\system32\ieframe.dll

2014-02-14 08:08:34 ----A---- C:\Windows\system32\mshtml.dll

2014-02-13 15:12:36 ----A---- C:\monitor.exe

2014-02-13 14:43:24 ----A---- C:\monitorsvc.exe

2014-02-13 08:11:09 ----A---- C:\Windows\system32\msxml3.dll

======List of files/folders modified in the last 1 months======

2014-03-02 22:18:40 ----D---- C:\Windows\Temp

2014-03-02 21:35:31 ----HD---- C:\ProgramData

2014-03-02 21:31:32 ----D---- C:\Windows

2014-03-02 21:28:32 ----D---- C:\Windows\system32\Tasks

2014-03-02 20:38:39 ----D---- C:\Windows\Tasks

2014-03-02 20:38:38 ----D---- C:\Windows\System32

2014-03-02 20:36:47 ----D---- C:\Program Files\Common Files

2014-03-02 20:36:46 ----RD---- C:\Program Files

2014-03-02 20:31:23 ----D---- C:\Program Files\Internet Explorer

2014-03-02 19:06:16 ----D---- C:\Windows\system32\drivers

2014-03-02 19:04:44 ----SHD---- C:\Windows\Installer

2014-03-02 19:03:34 ----D---- C:\Windows\system32\catroot

2014-03-02 19:03:23 ----SD---- C:\ProgramData\Microsoft

2014-03-02 19:01:36 ----D---- C:\Windows\winsxs

2014-03-02 19:00:36 ----D---- C:\Windows\system32\catroot2

2014-03-02 18:59:12 ----SHD---- C:\System Volume Information

2014-03-02 10:30:46 ----D---- C:\Windows\Microsoft.NET

2014-03-02 09:55:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-03-02 09:55:48 ----D---- C:\Windows\inf

2014-03-02 09:28:13 ----D---- C:\Users\Johan\AppData\Roaming\DVDVideoSoft

2014-03-01 18:04:32 ----D---- C:\Windows\Performance

2014-03-01 15:58:32 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-02-28 21:12:59 ----D---- C:\Program Files\Google

2014-02-28 21:02:17 ----SD---- C:\Users\Johan\AppData\Roaming\Microsoft

2014-02-28 19:45:23 ----D---- C:\Windows\Prefetch

2014-02-28 15:40:41 ----D---- C:\Windows\Minidump

2014-02-28 14:04:26 ----D---- C:\Users\Johan\AppData\Roaming\Azureus

2014-02-28 08:30:46 ----RSD---- C:\Windows\assembly

2014-02-28 08:22:00 ----A---- C:\Windows\BRWMARK.INI

2014-02-28 08:20:57 ----D---- C:\Windows\system32\en-US

2014-02-28 08:11:40 ----HD---- C:\Windows\system32\GroupPolicy

2014-02-27 13:30:01 ----D---- C:\Windows\system32\WDI

2014-02-27 11:12:47 ----D---- C:\Users\Johan\AppData\Roaming\Nitro PDF

2014-02-24 08:30:36 ----A---- C:\Windows\NeroDigital.ini

2014-02-14 11:03:03 ----D---- C:\Windows\system32\migration

2014-02-14 08:26:18 ----D---- C:\Windows\system32\MRT

2014-02-14 08:18:14 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-31 43872]

R1 pcwatch;pcwatch service; \??\C:\Windows\system32\Drivers\pcwatch.sys [2014-01-08 19840]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]

R2 regi;regi; \??\C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 8192]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]

R3 E100B;Intel® PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]

R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-07 985600]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-07 207360]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 NETw4v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-14 2222080]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-12 181432]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-07 659968]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]

S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-07-12 73344]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Opstartservice voor SQL Server voor Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2009-02-23 30312]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-12-05 144688]

R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]

R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [2013-03-26 196624]

R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]

R2 SQLBrowser;SQL Server-browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]

R3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

S2 ProtectMonitor;Protect Monitor; C:\monitorsvc.exe [2014-02-13 34244]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-01 257928]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-27 194032]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-13 118896]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PCProtect;PCProtect; C:\Program Files\Web Protect\PCProtect.exe [2014-01-08 1265608]

S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Jion]

Download LSPFix naar het bureaublad.

1. Start het programma.

2. Selecteer "I know what I'am doing"

3. Selecteer ALLEEN dit bestand: pcprotect.dll

4. Klik op "remove" zodat het bestand naar het rechter venster gaat.

5. Klik op "Finish"

6. Herstart de pc.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

• 
  
• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r
""=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
C:\Users\Johan\AppData\Roaming\Activeris;fs
C:\ProgramData\Activeris;fs
C:\Program Files\Activeris AntiMalware;fs
C:\Windows\system32\acrisnative32.exe;f
C:\Program Files\Applian Technologies;fs
C:\Windows\system32\PCProtectOff.ini;f
C:\Windows\system32\PCProtect.ini;f
C:\Windows\system32\drivers\pcwatch.sys;f
C:\Windows\system32\PCProtect.dll;f
C:\Program Files\Web Protect;fs
PCProtect;s
ProtectMonitor;s
C:\Program Files\Applian Technologies;fs
C:\Users\Johan\AppData\Roaming\DVDVideoSoft;fs
pcwatch;s
C:\Windows\system32\Drivers\pcwatch.sys;f
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCProtect];r
autoclean;
emptyclsid;
emptyfolderscheck;delete 
startupall; 
filesrcm;

• 
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

3 maart 2014 aangepast door Jion

[Johan Vancoillie]

Zoek.exe v5.0.0.0 Updated 02-March-2014

Tool run by Johan on ma 03/03/2014 at 8:40:30,22.

Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Johan\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

3/03/2014 8:45:37 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\Roxio deleted successfully

C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully

C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully

C:\Users\Johan\AppData\Roaming\Sammsoft deleted successfully

C:\Users\Johan\AppData\Roaming\SampleView deleted successfully

C:\Users\Johan\AppData\Roaming\Simple Star deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{1E69FDC0-2B83-4E05-8421-50FA49367524} deleted successfully

HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{7EAC1B27-D3F3-4E67-8594-17901E53B1F5} deleted successfully

HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Internet Explorer\SearchScopes\{8FF3AC42-788C-47FD-A32C-DCE63F79CBCC} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\PCProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\PCProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\PCProtect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectMonitor deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ProtectMonitor deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ProtectMonitor deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectMonitor deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCProtect]

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found

C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found

"C:\Windows\Installer\1cfc7ef.msi" not found

C:\Users\Johan\AppData\Roaming\Activeris deleted

C:\ProgramData\Activeris deleted

C:\Program Files\Applian Technologies deleted

C:\Users\Johan\AppData\Roaming\DVDVideoSoft deleted

C:\Users\Public\Desktop\Activeris AntiMalware.lnk deleted

C:\Program Files\Common Files\DVDVideoSoft\bin deleted

C:\Program Files\Solibo Ltd deleted

C:\PROGRA~2\InstallMate deleted

C:\Users\Johan\AppData\Local\avgchrome deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted

C:\Windows\Tasks\SelectionTool Update.job deleted

C:\Windows\Tasks\SelectionTool_wd.job deleted

C:\Windows\system32\Tasks\SelectionTool Update deleted

C:\Windows\system32\Tasks\SelectionTool_wd deleted

C:\Windows\System32\searchplugins deleted

C:\Windows\System32\Extensions deleted

"C:\Windows\system32\acrisnative32.exe" deleted

"C:\Windows\system32\PCProtectOff.ini" deleted

"C:\Windows\system32\PCProtect.ini" deleted

"C:\Windows\system32\drivers\pcwatch.sys" not deleted

"C:\Windows\system32\PCProtect.dll" not deleted

"C:\monitorsvc.exe" deleted

"C:\monitor.exe" not deleted

"C:\Windows\system32\Drivers\pcwatch.sys" not deleted

"C:\Program Files\Activeris AntiMalware\acrissys.dll" deleted

"C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe" deleted

"C:\Program Files\Activeris AntiMalware\Interop.IWshRuntimeLibrary.dll" deleted

"C:\Program Files\Activeris AntiMalware\Microsoft.Win32.TaskScheduler.DLL" deleted

"C:\Program Files\Activeris AntiMalware\scandll.dll" deleted

"C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll" deleted

"C:\Program Files\Activeris AntiMalware\Xceed.Compression.dll" deleted

"C:\Program Files\Activeris AntiMalware\Xceed.FileSystem.dll" deleted

"C:\Program Files\Activeris AntiMalware\Xceed.Zip.dll" deleted

"C:\Program Files\Web Protect\freebl3.dll" not deleted

"C:\Program Files\Web Protect\libnspr4.dll" not deleted

"C:\Program Files\Web Protect\libplc4.dll" not deleted

"C:\Program Files\Web Protect\libplds4.dll" not deleted

"C:\Program Files\Web Protect\nss3.dll" not deleted

"C:\Program Files\Web Protect\nssckbi.dll" not deleted

"C:\Program Files\Web Protect\nssdbm3.dll" not deleted

"C:\Program Files\Web Protect\nssutil3.dll" not deleted

"C:\Program Files\Web Protect\PCCertInstaller.dll" not deleted

"C:\Program Files\Web Protect\PCProtect.exe" not deleted

"C:\Program Files\Web Protect\smime3.dll" not deleted

"C:\Program Files\Web Protect\softokn3.dll" not deleted

"C:\Program Files\Web Protect\sqlite3.dll" not deleted

"C:\Program Files\Activeris AntiMalware\acrissys.dll" deleted

"C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe" deleted

"C:\Program Files\Activeris AntiMalware\Interop.IWshRuntimeLibrary.dll" deleted

"C:\Program Files\Activeris AntiMalware\Microsoft.Win32.TaskScheduler.DLL" deleted

"C:\Program Files\Activeris AntiMalware\scandll.dll" deleted

"C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll" deleted

"C:\Program Files\Activeris AntiMalware\Xceed.Compression.dll" deleted

"C:\Program Files\Activeris AntiMalware\Xceed.FileSystem.dll" deleted

"C:\Program Files\Activeris AntiMalware\Xceed.Zip.dll" deleted

"C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe" deleted

"C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe" deleted

"C:\Program Files\SelectionTool-soft\SelectionTool_wd.exe" deleted

"C:\Program Files\Activeris AntiMalware" deleted

"C:\Program Files\Web Protect" not deleted

"C:\Program Files\Activeris AntiMalware" deleted

"C:\Program Files\SelectionTool-soft" deleted

"C:\Program Files\SelectionTool-soft" deleted

"C:\Program Files\SelectionTool-soft" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2014-03-02 18:05:16 2701448229AEE43D266C00042EA3CB52 2154 ----a-w- C:\Windows\epplauncher.mif

====== C:\Users\Johan\AppData\Local\Temp ====

2014-03-02 20:27:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2014-03-02 08:50:11 C6F4C01EB7834DF438CE86EC12855D26 4831488 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\amsetup_activeris_default_tuguu_installer.exe

2014-03-02 08:50:10 9416B10237364F2D80BF2DDFB5E1EA0E 73840 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Cloud_Backup_Setup.exe

2014-03-02 08:49:56 177579E8B1FB727DAB62841D55DE9BF3 209306 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\VOPackage.exe

2014-03-02 08:49:53 7CBF0F56A71FCBF2D0C9044EB4EEEB1C 6538384 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\feven-pro.exe

2014-03-02 08:49:52 380A164A9602979CFF50CA0AE70EAEA8 1235280 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Re-markit_2040-2082.exe

2014-02-28 20:27:47 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\npGoogleUpdate3.dll

2014-02-28 20:27:47 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\psmachine.dll

2014-02-28 20:27:47 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\psuser.dll

2014-02-28 20:27:40 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateOnDemand.exe

2014-02-28 20:27:40 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleCrashHandler64.exe

2014-02-28 20:27:40 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleCrashHandler.exe

2014-02-28 20:27:40 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateSetup.exe

2014-02-28 20:27:40 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\goopdate.dll

2014-02-28 20:27:40 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateBroker.exe

2014-02-28 20:27:40 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdateHelper.msi

2014-02-28 20:27:40 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Johan\AppData\Local\Temp\{98F181C0-9E2C-4EE8-8AA2-F1F1D854D9E7}\GoogleUpdate.exe

2014-02-28 20:27:00 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\npGoogleUpdate3.dll

2014-02-28 20:27:00 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\psmachine.dll

2014-02-28 20:27:00 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\psuser.dll

2014-02-28 20:26:58 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateOnDemand.exe

2014-02-28 20:26:58 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleCrashHandler64.exe

2014-02-28 20:26:58 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleCrashHandler.exe

2014-02-28 20:26:58 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateSetup.exe

2014-02-28 20:26:58 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\goopdate.dll

2014-02-28 20:26:58 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateBroker.exe

2014-02-28 20:26:58 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdateHelper.msi

2014-02-28 20:26:58 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Johan\AppData\Local\Temp\{9C5BB31B-D52E-4327-883C-CE232B19CD87}\GoogleUpdate.exe

2014-02-28 20:12:20 A9C86900D2A61728C8326FE7147617C5 578440 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\npGoogleUpdate3.dll

2014-02-28 20:12:20 3A49D76D0AA3DC5FC0B4EEF3B7E84EF1 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\psmachine.dll

2014-02-28 20:12:20 3703787CB966F9F6C69EF9164D882EE3 166792 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\psuser.dll

2014-02-28 20:12:16 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateOnDemand.exe

2014-02-28 20:12:16 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleCrashHandler64.exe

2014-02-28 20:12:16 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleCrashHandler.exe

2014-02-28 20:12:16 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateSetup.exe

2014-02-28 20:12:16 A43B937C580F5DFC43EF63EF72992FE9 847752 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\goopdate.dll

2014-02-28 20:12:16 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateBroker.exe

2014-02-28 20:12:16 6996AB4F70B3718CC465DE43A75A10C8 26112 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdateHelper.msi

2014-02-28 20:12:16 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Johan\AppData\Local\Temp\{64A3F2A3-F07B-4AE9-9B6D-6EE26740576A}\GoogleUpdate.exe

2014-02-28 12:02:07 4FC2DD7656CF6C466B073283BE23E695 4608 ----a-w- C:\Users\Johan\AppData\Local\Temp\i4jdel0.exe

2014-02-27 11:57:14 F7DE2118FBF18A8817B83DCCBA3738A7 10365728 ----a-w- C:\Users\Johan\AppData\Local\Temp\BackupSetup.exe

2014-02-27 11:54:39 A082E5473B2A9A4D846ED7DDF637AC76 8704 ----a-w- C:\Users\Johan\AppData\Local\Temp\SpOrder.dll

2014-02-27 09:26:32 E6BB491A120A0668A551A8C2ED2FEE4F 6602128 ----a-w- C:\Users\Johan\AppData\Local\Temp\{83EA00F3-C680-4E55-B6B1-16FA25015B34}\setup.exe

2014-02-27 09:26:19 DA4BFBD389F1FD5BB0C7394230BB6641 6967304 ----a-w- C:\Users\Johan\AppData\Local\Temp\n4562\OptimizerPro.exe

2014-02-27 09:26:17 819CF842280DAE24BFBAC0F6CB4EBCC2 6221664 ----a-w- C:\Users\Johan\AppData\Local\Temp\n4562\speedupmypc_EN_1303-b354ca22.exe

2014-02-27 09:25:56 5783C9C37A5A3E87EA4BF77A38A77D2D 233024 ----a-w- C:\Users\Johan\AppData\Local\Temp\n4562\melondrea_0702-81cfb2ef.exe

====== Java Cache =====

====== C:\Windows\system32 =====

2014-02-27 11:54:33 F03FAEC422B8E51280C6643B95325A36 293984 ----a-w- C:\Windows\System32\PCProtect.dll

====== C:\Windows\system32\drivers =====

2014-03-02 17:59:31 3546C0B6F2D808D4E6294A9D6B25151B 221568 ----a-w- C:\Windows\System32\drivers\netio.sys

2014-03-01 15:34:40 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-02-27 11:54:47 !HASH: COULD NOT OPEN FILE !!!!! 19840 ----a-w- C:\Windows\System32\drivers\pcwatch.sys

====== C:\Windows\Tasks ======

2014-03-02 09:04:47 C9F1D6DAB26708324E8671FF9A1DE835 3090 ----a-w- C:\Windows\system32\Tasks\Activeris AntiMalware_startup

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-02-28 20:00:47 -------- d-----w- C:\Program Files\Mozilla Maintenance Service

2014-02-28 13:26:41 -------- d-----w- C:\Program Files\trend micro

2014-02-27 11:53:18 -------- d-----w- C:\Program Files\Web Protect

======= C: =====

2014-02-13 14:12:36 8227D3C44DBC47BC5E279E37AF04261C 487517 ----a-w- C:\monitor.exe

====== C:\Users\Johan\AppData\Roaming ======

2014-03-03 08:22:32 -------- d-----w- C:\Users\Johan\AppData\Local\Systweak

2014-03-03 07:59:22 -------- d-----w- C:\Users\Johan\AppData\Roaming\Simple Star

2014-02-28 20:00:55 -------- d-----w- C:\Users\Johan\AppData\Local\Mozilla

2014-02-27 15:07:00 DA17530920AE4C5085022FB9723DBB68 93 ----a-w- C:\Users\Johan\AppData\Local\fusioncache.dat

2014-02-27 15:07:00 -------- d-----w- C:\Users\Johan\AppData\Local\ApplicationHistory

2014-02-27 12:16:28 -------- d-----w- C:\Users\Johan\AppData\Roaming\vlc

2014-02-27 12:16:27 -------- d-----w- C:\Users\Johan\AppData\Roaming\FLV and Media Player

2014-02-27 11:56:51 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters

====== C:\Users\Johan ======

2014-03-03 07:15:32 A7690639D8FC6F297C0406FB8B8D7E21 186880 ----a-w- C:\Users\Johan\Downloads\LSPFix.exe

2014-03-02 20:39:31 C8F069A68D57DA55102D58CFE24C0D72 4765152 ----a-w- C:\Users\Johan\Downloads\C Cleaner.exe

2014-03-02 20:25:23 2075EBB7954277A05193412881EC8FDE 1037734 ----a-w- C:\Users\Johan\Downloads\JRT.exe

2014-03-02 19:28:38 2C6A7CC31F83BAD5A4F1539FB7174CAE 20868936 ----a-w- C:\Users\Johan\Downloads\BOIE9_NLNL_BO0084_VIS.EXE

2014-03-02 18:35:48 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Johan\Desktop\adwcleaner.exe

2014-03-02 18:25:21 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Johan\Downloads\adwcleaner.exe

2014-03-02 17:51:42 BFBA3103D1B3539164B50FD8D257BC1D 11154256 ----a-w- C:\Users\Johan\Downloads\mseinstall.exe

2014-03-02 08:51:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware

2014-03-02 08:44:01 541D953F8FE722A74B972407FF82796B 320512 ----a-w- C:\Users\Johan\Downloads\Java.exe

2014-02-28 20:13:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-02-28 20:00:48 -------- d-----w- C:\ProgramData\Mozilla

2014-02-28 13:26:05 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Johan\Downloads\RSIT-1.06 (1).exe

2014-02-28 13:25:49 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Johan\Desktop\RSIT-1.06.exe

2014-02-28 07:11:52 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol

2014-02-27 12:15:42 -------- d-----w- C:\ProgramData\Common Toolkit Suite

====== C: exe-files ==

2014-03-03 07:19:41 E9F8C3AE8C2C2CF120F16C59E68301D0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2085648268-594906628-2024494315-1007\$I4M492B.exe

2014-03-02 20:27:32 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2014-03-02 08:50:11 C6F4C01EB7834DF438CE86EC12855D26 4831488 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\amsetup_activeris_default_tuguu_installer.exe

2014-03-02 08:50:10 9416B10237364F2D80BF2DDFB5E1EA0E 73840 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Cloud_Backup_Setup.exe

2014-03-02 08:49:56 177579E8B1FB727DAB62841D55DE9BF3 209306 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\VOPackage.exe

2014-03-02 08:49:53 7CBF0F56A71FCBF2D0C9044EB4EEEB1C 6538384 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\feven-pro.exe

2014-03-02 08:49:52 380A164A9602979CFF50CA0AE70EAEA8 1235280 ----a-w- C:\Users\Johan\AppData\Local\Temp\44073108-b091-4817-a627-3300e73bb1cb\software\Re-markit_2040-2082.exe

2014-02-28 20:12:54 261EEC91B8A0FAA76499559265B1A627 36847320 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\33.0.1750.117\33.0.1750.117_chrome_installer.exe

2014-02-28 20:00:50 FC558F42CA98DAB4465263FDE812A5B2 106212 ----a-w- C:\Program Files\Mozilla Maintenance Service\Uninstall.exe

2014-02-28 20:00:47 338037EFA0E8E8699B2667D57B751574 118896 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

2014-02-28 20:00:01 39A5A5E8E6448F6A8481E9CC762E5A4A 25212312 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67K5JQYA\Firefox Setup 27.0.1.exe

2014-02-28 13:26:41 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Johan.exe

2014-02-28 12:02:07 4FC2DD7656CF6C466B073283BE23E695 4608 ----a-w- C:\Users\Johan\AppData\Local\Temp\i4jdel0.exe

2014-02-27 11:57:38 69964A5CE728889240732A08A589E8EA 18651688 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67K5JQYA\FLVPlayer[1].exe

2014-02-27 11:57:14 F7DE2118FBF18A8817B83DCCBA3738A7 10365728 ----a-w- C:\Users\Johan\AppData\Local\Temp\BackupSetup.exe

2014-02-27 11:57:13 3D2810BD999225AC121040BA80D24494 98024 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DS27COL\aff_setup[1].exe

2014-02-27 11:55:58 D7C083E7758FFD2DF5A336C084D24159 2758320 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MT65LFZJ\FULL-DISKfighterSetup_partner516_1.3.61Web[1].exe

2014-02-27 11:53:16 71B60BBE81A2E6CC809D7B9A11833D90 5758504 ----a-w- C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHI0HNYL\wp-adk.104i[1].exe

=== C: other files ==

2014-03-03 07:19:41 0FF405B66F13DA25F3D5577DD84EEFAD 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2085648268-594906628-2024494315-1007\$IPJQ4AS.zip

2014-03-03 07:18:25 665EB733A910E451D9EDDE21E0C7D7C7 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2085648268-594906628-2024494315-1007\$IH6W90Y.zip

2014-03-02 20:27:21 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\modules.bat

2014-03-02 20:27:21 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\runvalues.bat

2014-03-02 20:27:21 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\prelim.bat

2014-03-02 20:27:21 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\searchlnk.bat

2014-03-02 20:27:21 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\TDL4.bat

2014-03-02 20:27:20 F7A2BEBE778DC26187C675948B2CEBAB 16063 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\get.bat

2014-03-02 20:27:20 C9494C05F5248940AEE0D0A8C4EA89D9 152746 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\firefox.bat

2014-03-02 20:27:20 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\chrome.bat

2014-03-02 20:27:20 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\FWPolicy.bat

2014-03-02 20:27:20 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\ask.bat

2014-03-02 20:27:20 B13567DECD03F424239DE6D1ED408C08 10261 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\JRT.bat

2014-03-02 20:27:20 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\ev_clear.bat

2014-03-02 20:27:20 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\iexplore.bat

2014-03-02 20:27:20 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\delorphans.bat

2014-03-02 20:27:20 3ECC13A08D5F7771A8C8ED15C2B2B6D5 154576 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\misc.bat

2014-03-02 20:27:20 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\medfos.bat

2014-03-02 20:27:20 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Johan\AppData\Local\Temp\jrt\delfolders.bat

2014-02-28 12:02:48 66F5451EE4129B88976D30CD31E90690 26237 ----a-w- C:\Users\Johan\AppData\Roaming\Azureus\tmp\AZU5698845600859727706.tmp\plugin\azupdater_1.9.1.zip

2014-02-28 12:02:45 66F5451EE4129B88976D30CD31E90690 26237 ----a-w- C:\Users\Johan\AppData\Local\Temp\azupdater_1.9.1.zip

2014-02-28 12:02:29 CD0E05DBDC8984548DBA144E20D0F35C 9234316 ----a-w- C:\Users\Johan\AppData\Local\Temp\Vuze_5.3.0.0_win32.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"MSConfig"="C:\Windows\system32\msconfig.exe /auto"

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe Reader Speed Launcher"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsWnd]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BrStsWnd"

"hkey"="HKLM"

"command"="C:\\Program Files\\Brownie\\BrstsWnd.exe Autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Health Check Scheduler"

"hkey"="HKLM"

"command"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="c:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Picasa Media Detector"

"hkey"="HKCU"

"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QlbCtrl"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Sidebar"

"hkey"="HKCU"

"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DVD Check.lnk"

"backup"="C:\\Windows\\pss\\DVD Check.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\INTERV~1\\DVDCHE~1\\DVDCheck.exe "

"item"="DVD Check"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

"path"="C:\\Users\\Johan\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Mediacontrole Picture Motion Browser.lnk"

"backup"="C:\\Windows\\pss\\Mediacontrole Picture Motion Browser.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~1\\Sony\\SONYPI~1\\VOLUME~1\\SPUVOL~1.EXE /noballoononstart"

"item"="Mediacontrole Picture Motion Browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

==== Startup Folders ======================

2014-01-10 09:21:41 1892 ----a-w- C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon.net Sandbox Manager 3.33.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/10/2010 10:28]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/10/2010 10:28]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Activeris AntiMalware_startup" [C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe]

"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\HP Health Check" [c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe]

"C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{1D474081-7974-43EA-B098-CBD4DABD0911}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{CC774EB4-0A2D-4662-9EBA-338132CD0D12}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [04/09/2009 06:54]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{a70186fb-3fb6-4577-b8fa-d3fe3c0c76e1}"="C:\Program Files\SelectionTool-soft\155.xpi" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default

A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13

9B6A3FF9099A9A87BCB583924C1D34C8 - C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\npMozillaSpoonPlugin.dll - Spoon Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

6A5514D088820307BD97F5A7B24007C0 - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome

BE9F266D2080FB8E308BC86A5735C000 - C:\Users\Johan\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll - Spoon Plugin

A6F192D530DE04216573A15A0EDB6045 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4

5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4

BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4

8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4

3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4

2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4

A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4

E87E216C7B839EA112FCD317DE642F47 - C:\Users\Johan\AppData\Local\Spoon\3.24.0.6\npMozillaSpoonPlugin.dll - Spoon Plugin

AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat

625D0A824F513CE1CABB8861E97F2142 - C:\Program Files\Google\Picasa3\npPicasa2.dll - Picasa

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

B18B7242761F8630BD8BC71325C7F16A - C:\Program Files\Nitro\Reader 3\npnitroie.dll - Nitro PDF plugin for Internet Explorer

7D388990149D424EBDB31896C2A4ACC3 - C:\Program Files\Nitro\Reader 3\npdf.dll - Nitro PDF Library

B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

aaaajpkhjdkhhnkmgfjodbkfpbmibkkk - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09"

"Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google"

"Default_Page_URL"="http://www.google.com"

"Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{1E69FDC0-2B83-4E05-8421-50FA49367524}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E69FDC0-2B83-4E05-8421-50FA49367524}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\mozilla\Firefox\Extensions\{a70186fb-3fb6-4577-b8fa-d3fe3c0c76e1} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\059103D1F2AE2884A90A9464776548A2 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VMidi deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D301950-EA2F-4882-9AA0-49467756842A} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1 deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\059103D1F2AE2884A90A9464776548A2 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\mozaiek\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\zqeqhe5s.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=902 folders=107 310537593 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Johan\AppData\Local\Temp will be emptied at reboot

C:\Users\mozaiek\AppData\Local\Temp emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Johan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\drivers\pcwatch.sys" not deleted

"C:\Windows\system32\PCProtect.dll" not deleted

"C:\monitor.exe" not found

"C:\Windows\system32\Drivers\pcwatch.sys" not deleted

"C:\Program Files\Web Protect\freebl3.dll" not found

"C:\Program Files\Web Protect\libnspr4.dll" not found

"C:\Program Files\Web Protect\libplc4.dll" not found

"C:\Program Files\Web Protect\libplds4.dll" not found

"C:\Program Files\Web Protect\nss3.dll" not found

"C:\Program Files\Web Protect\nssckbi.dll" not found

"C:\Program Files\Web Protect\nssdbm3.dll" not found

"C:\Program Files\Web Protect\nssutil3.dll" not found

"C:\Program Files\Web Protect\PCCertInstaller.dll" not found

"C:\Program Files\Web Protect\PCProtect.exe" not found

"C:\Program Files\Web Protect\smime3.dll" not found

"C:\Program Files\Web Protect\softokn3.dll" not found

"C:\Program Files\Web Protect\sqlite3.dll" not found

"C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

"C:\Program Files\Web Protect" not found

==== EOF on ma 03/03/2014 at 12:35:07,20 ======================

[Jion]

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Start Zoek.exe nogmaals met het onderstaande script.

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

   
  C:\Windows\system32\drivers\pcwatch.sys;f
  C:\Windows\system32\PCProtect.dll;f
  C:\Windows\system32\Tasks\Activeris AntiMalware_startup;fs
  C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters;fs
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware;fs
  pcwatch;s
  autoclean; 
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

3 maart 2014 aangepast door Jion

[Johan Vancoillie]

Zoek.exe v5.0.0.0 Updated 02-March-2014

Tool run by Johan on ma 03/03/2014 at 13:37:52,10.

Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Johan\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-03-113507.log 42680 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

Toegang geweigerd.

==== Deleting Files \ Folders ======================

C:\Windows\system32\Tasks\Activeris AntiMalware_startup deleted

C:\Windows\system32\config\systemprofile\AppData\Roaming\Fighters deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware deleted

C:\Users\Johan\AppData\Local\Systweak deleted

"C:\Windows\system32\PCProtect.dll" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [04/09/2009 06:54]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default

A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13

9B6A3FF9099A9A87BCB583924C1D34C8 - C:\Users\Johan\AppData\Local\Spoon\3.33.6.199\npMozillaSpoonPlugin.dll - Spoon Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

6A5514D088820307BD97F5A7B24007C0 - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome

BE9F266D2080FB8E308BC86A5735C000 - C:\Users\Johan\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll - Spoon Plugin

A6F192D530DE04216573A15A0EDB6045 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4

5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4

BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4

8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4

3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4

2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4

A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4

E87E216C7B839EA112FCD317DE642F47 - C:\Users\Johan\AppData\Local\Spoon\3.24.0.6\npMozillaSpoonPlugin.dll - Spoon Plugin

AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

8130FF8214221BA5AC764909587E161A - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat

625D0A824F513CE1CABB8861E97F2142 - C:\Program Files\Google\Picasa3\npPicasa2.dll - Picasa

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

B18B7242761F8630BD8BC71325C7F16A - C:\Program Files\Nitro\Reader 3\npnitroie.dll - Nitro PDF plugin for Internet Explorer

7D388990149D424EBDB31896C2A4ACC3 - C:\Program Files\Nitro\Reader 3\npdf.dll - Nitro PDF Library

B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://nl.msn.com/?ocid=OIE9MSE&PC=UP09"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\mozaiek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\zqeqhe5s.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=908 folders=114 310548904 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Johan\AppData\Local\Temp will be emptied at reboot

C:\Users\mozaiek\AppData\Local\Temp emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Johan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\PCProtect.dll" not deleted

"C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted

==== EOF on ma 03/03/2014 at 16:49:12,24 ======================

[Jion]

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• 
  
• Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  
• Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  
• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  
• Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  
• Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  
• Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  
• Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
  

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

• 
  
• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.
  

[Johan Vancoillie]

ComboFix 14-03-03.02 - Johan 03/03/2014 21:42:48.2.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2039.1033 [GMT 1:00]

Gestart vanuit: c:\users\Johan\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\X86

.

---- Voorgaande Run -------

.

c:\program files\ir.exe

c:\programdata\33A33D8C61.sys

c:\users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\melondrea_iels

c:\users\Johan\Documents\~WRL0009.tmp

c:\users\Johan\Documents\~WRL0053.tmp

c:\users\Johan\Documents\~WRL0071.tmp

c:\users\Johan\Documents\~WRL0094.tmp

c:\users\Johan\Documents\~WRL0408.tmp

c:\users\Johan\Documents\~WRL0470.tmp

c:\users\Johan\Documents\~WRL0474.tmp

c:\users\Johan\Documents\~WRL0516.tmp

c:\users\Johan\Documents\~WRL0634.tmp

c:\users\Johan\Documents\~WRL1040.tmp

c:\users\Johan\Documents\~WRL1129.tmp

c:\users\Johan\Documents\~WRL1214.tmp

c:\users\Johan\Documents\~WRL1580.tmp

c:\users\Johan\Documents\~WRL1693.tmp

c:\users\Johan\Documents\~WRL2660.tmp

c:\users\Johan\Documents\~WRL3084.tmp

c:\users\Johan\Documents\~WRL3113.tmp

c:\users\Johan\Documents\~WRL3353.tmp

c:\users\Johan\Documents\~WRL3478.tmp

c:\users\Johan\Documents\~WRL3954.tmp

c:\users\mozaiek\AppData\Roaming

c:\users\mozaiek\AppData\Roaming\Adobe\Acrobat\8.0\Synchronizer\adobesynchronizersu80

c:\users\mozaiek\AppData\Roaming\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80

c:\users\mozaiek\AppData\Roaming\Google\Local Search History\google%2Eweb.w

c:\users\mozaiek\AppData\Roaming\InterVideo\WinDVD\5.0\Bookmark\Ardennen 2010-573075874_Auto.bmk

c:\users\mozaiek\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch

c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\211d6170acdead96f2b0b3abc11b841a_207aa63c-8ed0-4d95-82e7-567eb3ee1e26

c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\2c213f36ee5b58c4e6131a062d6a848d_207aa63c-8ed0-4d95-82e7-567eb3ee1e26

c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\3b506bb7ec45930bece63a7501c6d653_207aa63c-8ed0-4d95-82e7-567eb3ee1e26

c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\784149cce94ccff820d86ca0df032ca5_207aa63c-8ed0-4d95-82e7-567eb3ee1e26

c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\abca89b8a79c2d7092ab2f0549f1eec3_207aa63c-8ed0-4d95-82e7-567eb3ee1e26

c:\users\mozaiek\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085648268-594906628-2024494315-1006\ceb90913b6a3faba551052fb5e8cc9e3_207aa63c-8ed0-4d95-82e7-567eb3ee1e26

c:\users\mozaiek\AppData\Roaming\Microsoft\Excel\Excel11.xlb

c:\users\mozaiek\AppData\Roaming\Microsoft\Forms\RefEdit.exd

c:\users\mozaiek\AppData\Roaming\Microsoft\HTML Help\hh.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3JAVBZJG\pmocntr2[1].xml

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\MSJ21YD1\tba[1].xml

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Excel11.pip

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\MSO1036.acl

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\MSO1043.acl

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\MSO2057.acl

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\PowerP11.pip

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Publis11.pip

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\1043.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\17 Megan Positief denken.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 AJOntwerp Basofiche.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 AJOntwerp Keuzelijsten.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Cover BaSO-zorgfiche.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Engagementsverklaring BaSO-project.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Handleiding BaSO-zorgfiche3.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\2009-06-10 Visietekst BaSO-project3.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\BASO fiche.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Biblio.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\de beluga walvis febe en sidney.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\EUROTOOL.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Normal.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Proefwerkenlijst december 2008.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Proefwerkenlijst juni 2009.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\QUIKANIM.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Sjablonen.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Tabellen 2008-2009.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\The Coverage - kaartjes 2.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\TRANS-IT (H).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\USB2 (G).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Recent\Verwisselbare schijf (G).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\VB11.pip

c:\users\mozaiek\AppData\Roaming\Microsoft\Office\Word11.pip

c:\users\mozaiek\AppData\Roaming\Microsoft\PowerPoint\PPT11.pcb

c:\users\mozaiek\AppData\Roaming\Microsoft\Proof\CUSTOM.DIC

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\CREDHIST

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\0abedd24-9163-48ea-8019-9e861208f818

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\0ea7530e-0b4c-466c-a21d-cfc9ec3ba15c

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\12c1238f-d48f-48ce-88d4-2c001269bc10

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\8b30283c-7b26-4953-a152-b82a7c986a04

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\92857e7d-c7aa-48b7-bb7f-030d55e74f9d

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\aa04f6cf-e8f0-431f-9186-500bc1d69392

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\b8781d7b-3bb6-43de-b09e-15e8e255f3c7

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\c7c745b7-0124-4c63-b405-36e642c60c8e

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\ce3ce2c8-6d45-4a97-bb28-115985ee55d0

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\e620b7a1-1e08-4b2a-aec5-2f3f5570bfe8

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\e8a44249-d4c4-4cb0-9297-44770d3d9b8d

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\f38c087e-66aa-4ba5-9b9e-d461b9519957

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\f443cd7a-4a07-4362-b46d-7348a607f8a4

c:\users\mozaiek\AppData\Roaming\Microsoft\Protect\S-1-5-21-2085648268-594906628-2024494315-1006\Preferred

c:\users\mozaiek\AppData\Roaming\Microsoft\Sjablonen\Normal.dot

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\0T467S3R.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\BKPO96QS.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\07BN3B3I.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\0RQRXYF7.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZDWIMOA.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\3CXM5VE9.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\3UK08E92.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\6G46QAYI.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\79CP38JN.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\8LNM0GZU.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\98BAREDT.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\9FTE106T.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\AWJOM4HY.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\B80LWXHW.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\BA4XJSKW.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMRWB0HQ.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSMEZXTD.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\F41HE5Z9.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBPZ46WX.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\II3Y0V7M.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHW89UJT.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOK6T0JL.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJKFVV1I.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@ad.yieldmanager[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@adlink[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@ads.educationad[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@adsfac[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@adtech[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@amgdgt[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@aol[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@aol[3].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@be.msn[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@bs.serving-sys[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@bt.ilsemedia[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@c.bing[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@c.msn[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@clkads[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@clkads[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@clkads[3].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@cmg1.conduit-widgets[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@content.yieldmanager[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@corel[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@enquisite[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@feedsportal[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@fl01.ct2.comclick[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@google[4].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@google[5].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@hp-comm.be.msn[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@hp-commercial.my.nl.aol[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@ibsrv[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@imageshack[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@jufnele.yurls[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@jufnele[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@live[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@mail.google[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@meesterjohan.yurls[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@metriweb[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@mrpicassohead[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@msnportal.112.2o7[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@nl.aol[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@quantserve[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@rad.microsoft[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@rubiconproject[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@search.hp.my.nl.aol[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@treknature[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@typhonebe.solution.weborama[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@weborama[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.adspace[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.belstat[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.corel[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@www.microsoft[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@yahoo[2].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\mozaiek@youtube[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\OPZSZJCV.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\QH4SGALG.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJGADCC1.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\TPK5ZJTT.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZ8LHSAG.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\XODHX96W.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZJQX0RR0.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\MLISFNZT.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\mozaiek@avgtechnologies.112.2o7[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\mozaiek@onlinestores.metaservices.microsoft[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\mozaiek@tonenwilmainohio[1].txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Cookies\Y680CDQ0.txt

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\17 Megan Positief denken.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 AJOntwerp Basofiche.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 AJOntwerp Keuzelijsten.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Cover BaSO-zorgfiche.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Engagementsverklaring BaSO-project.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Handleiding BaSO-zorgfiche3.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\2009-06-10 Visietekst BaSO-project3.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\BASO fiche.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\de beluga walvis febe en sidney.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Kompas doelen week 21-25.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Kompas doelen week 26-32.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Nano (G).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Proefwerkenlijst december 2008.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Proefwerkenlijst juni 2009.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Tabellen 2008-2009.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\The Coverage - kaartjes 2.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\TRANS-IT (H).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\USB2 (G).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\uurrooster_Tamara_Vanneste_2008-2009.xlsx.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\Verwisselbare schijf (G).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Recent\zzweg.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Documenten.mydocs

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\SendTo\Wizard Bestanden via Bluetooth overzetten.LNK

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

c:\users\mozaiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

c:\users\mozaiek\AppData\Roaming\Nero\Nero8\Nero BackItUp\Cache\NBKeyScan.txt

c:\windows\IsUn0413.exe

F:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2014-02-03 to 2014-03-03 ))))))))))))))))))))))))))))))

.

.

2014-03-03 21:01 . 2014-03-03 21:01 -------- d-----w- c:\users\Johan\AppData\Local\temp

2014-03-03 21:01 . 2014-03-03 21:01 -------- d-----w- c:\users\mozaiek\AppData\Local\temp

2014-03-03 21:01 . 2014-03-03 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-03 20:01 . 2014-03-03 20:01 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E392B474-C717-4E6E-BD90-64A382D659AB}\MpKslbdfe439c.sys

2014-03-03 19:53 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E392B474-C717-4E6E-BD90-64A382D659AB}\mpengine.dll

2014-03-03 13:05 . 2014-03-03 12:37 24064 ----a-w- c:\windows\zoek-delete.exe

2014-03-03 07:59 . 2014-03-03 07:59 -------- d-----w- c:\users\Johan\AppData\Roaming\Simple Star

2014-03-03 07:39 . 2014-03-03 13:01 -------- d-----w- C:\zoek_backup

2014-03-02 20:31 . 2014-03-02 20:31 -------- d-----w- c:\windows\ERUNT

2014-03-02 19:31 . 2014-03-02 19:31 -------- d--h--w- c:\windows\msdownld.tmp

2014-03-02 19:27 . 2014-03-02 19:39 -------- d-----w- C:\AdwCleaner

2014-03-02 18:21 . 2014-02-17 12:30 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3552FCFB-F74F-423A-A4C6-8D492EAE2191}\gapaengine.dll

2014-03-02 18:20 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-02 18:02 . 2014-03-02 18:04 -------- d-----w- c:\program files\Microsoft Security Client

2014-03-02 17:59 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2014-03-01 15:35 . 2014-03-01 15:35 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes

2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\programdata\Malwarebytes

2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-03-01 15:34 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-28 20:02 . 2014-02-28 20:02 -------- d-----w- c:\users\Johan\AppData\Local\Macromedia

2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\users\Johan\AppData\Local\Mozilla

2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\program files\Mozilla Maintenance Service

2014-02-28 13:26 . 2014-03-02 21:18 -------- d-----w- c:\program files\trend micro

2014-02-28 13:26 . 2014-02-28 13:28 -------- d-----w- C:\rsit

2014-02-28 07:37 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A893665-38D0-456A-84C2-AB21D4C1F6DE}\mpengine.dll

2014-02-28 07:17 . 2014-02-28 07:17 -------- d-----w- c:\windows\Migration

2014-02-27 15:07 . 2014-02-27 15:07 -------- d-----w- c:\users\Johan\AppData\Local\ApplicationHistory

2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\vlc

2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\FLV and Media Player

2014-02-27 12:15 . 2014-02-27 12:15 -------- d-----w- c:\programdata\Common Toolkit Suite

2014-02-27 11:54 . 2014-01-08 06:09 19840 ----a-w- c:\windows\system32\drivers\pcwatch.sys

2014-02-27 11:54 . 2014-01-08 06:08 293984 ----a-w- c:\windows\system32\PCProtect.dll

2014-02-13 07:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-01 14:58 . 2012-04-16 06:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-03-01 14:58 . 2011-06-08 06:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-19 07:32 . 2009-10-20 07:58 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-18 20:10 . 2014-01-21 07:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-13 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

.

c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Spoon.net Sandbox Manager 3.33.lnk - c:\users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe [2014-1-10 4616840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

path=c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk

backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

2008-10-17 14:52 1086768 ------w- c:\program files\Brownie\BrStsWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2007-11-06 14:34 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-24 23:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-28 20:28 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28]

.

2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28]

.

.

------- Bijkomende Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\PCProtect.dll

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

FF - ProfilePath - c:\users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-19382892-37d0-4849-b4f6-e6a7984e8311 - c:\program files\SelectionTool-soft\Uninstall.exe

AddRemove-8461-7759-5462-8226 - c:\program files\Vuze\uninstall.exe

AddRemove-Activeris AntiMalware_is1 - c:\program files\Activeris AntiMalware\unins000.exe

AddRemove-FLV and Media Player - c:\program files\Applian Technologies\FLV and Media Player\uninstall.exe

AddRemove-Het Heelal 2004 - c:\windows\IsUn0413.exe

AddRemove-VOPackage - c:\users\Johan\AppData\Roaming\VOPackage\uninstall.exe

AddRemove-wp-adk - c:\program files\Web Protect\wp-adk_uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-03-03 22:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\@* *& ]

@Allowed: (Read) (RestrictedCode)

"MachineID"=hex:06,5a,9b,71,56,f0,a3,00

.

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]

"008b-06a9"=dword:00000001

"008b-06ab"=dword:00000000

"008b-0514"="ARW 2.0-formaat"

"008b-0580"=""

"008b-0583"="c:\\Users\\Johan\\Documents\\Image Data Converter SR\\Collections"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2014-03-03 22:06:43

ComboFix-quarantined-files.txt 2014-03-03 21:06

.

Pre-Run: 45.248.262.144 bytes beschikbaar

Post-Run: 45.180.989.440 bytes beschikbaar

.

- - End Of File - - 0B1F5846BF141536179A0341110AB3F1

84DAAF92C4695AE60591C148EED5E3F3

[Jion]

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
File:: 
C:\Windows\system32\drivers\pcwatch.sys
C:\Windows\system32\PCProtect.dll 

Driver::
pcwatch

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pcwatch.sys]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

3 maart 2014 aangepast door Jion

[Johan Vancoillie]

ComboFix 14-03-03.02 - Johan 03/03/2014 23:51:14.4.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2039.896 [GMT 1:00]

Gestart vanuit: c:\users\Johan\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Johan\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_PCWATCH

-------\Service_pcwatch

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2014-02-03 to 2014-03-03 ))))))))))))))))))))))))))))))

.

.

2014-03-03 23:02 . 2014-03-03 23:05 -------- d-----w- c:\users\Johan\AppData\Local\temp

2014-03-03 23:02 . 2014-03-03 23:02 -------- d-----w- c:\users\mozaiek\AppData\Local\temp

2014-03-03 23:02 . 2014-03-03 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-03 22:38 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99A6B602-29F6-474B-897E-39582FF5CAD4}\mpengine.dll

2014-03-03 13:05 . 2014-03-03 12:37 24064 ----a-w- c:\windows\zoek-delete.exe

2014-03-03 07:59 . 2014-03-03 07:59 -------- d-----w- c:\users\Johan\AppData\Roaming\Simple Star

2014-03-03 07:39 . 2014-03-03 13:01 -------- d-----w- C:\zoek_backup

2014-03-02 20:31 . 2014-03-02 20:31 -------- d-----w- c:\windows\ERUNT

2014-03-02 19:31 . 2014-03-02 19:31 -------- d--h--w- c:\windows\msdownld.tmp

2014-03-02 19:27 . 2014-03-02 19:39 -------- d-----w- C:\AdwCleaner

2014-03-02 18:21 . 2014-02-17 12:30 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3552FCFB-F74F-423A-A4C6-8D492EAE2191}\gapaengine.dll

2014-03-02 18:20 . 2014-02-17 00:32 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-03-02 18:02 . 2014-03-02 18:04 -------- d-----w- c:\program files\Microsoft Security Client

2014-03-02 17:59 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2014-03-01 15:35 . 2014-03-01 15:35 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes

2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\programdata\Malwarebytes

2014-03-01 15:34 . 2014-03-01 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-03-01 15:34 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-28 20:02 . 2014-02-28 20:02 -------- d-----w- c:\users\Johan\AppData\Local\Macromedia

2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\users\Johan\AppData\Local\Mozilla

2014-02-28 20:00 . 2014-02-28 20:00 -------- d-----w- c:\program files\Mozilla Maintenance Service

2014-02-28 13:26 . 2014-03-02 21:18 -------- d-----w- c:\program files\trend micro

2014-02-28 13:26 . 2014-02-28 13:28 -------- d-----w- C:\rsit

2014-02-28 07:17 . 2014-02-28 07:17 -------- d-----w- c:\windows\Migration

2014-02-27 15:07 . 2014-02-27 15:07 -------- d-----w- c:\users\Johan\AppData\Local\ApplicationHistory

2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\vlc

2014-02-27 12:16 . 2014-02-27 12:16 -------- d-----w- c:\users\Johan\AppData\Roaming\FLV and Media Player

2014-02-27 12:15 . 2014-02-27 12:15 -------- d-----w- c:\programdata\Common Toolkit Suite

2014-02-27 11:54 . 2014-01-08 06:09 19840 ----a-w- c:\windows\system32\drivers\pcwatch.sys

2014-02-27 11:54 . 2014-01-08 06:08 293984 ----a-w- c:\windows\system32\PCProtect.dll

2014-02-13 07:11 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-01 14:58 . 2012-04-16 06:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-03-01 14:58 . 2011-06-08 06:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-02-06 07:08 . 2014-02-28 07:37 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A893665-38D0-456A-84C2-AB21D4C1F6DE}\mpengine.dll

2014-01-19 07:32 . 2009-10-20 07:58 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-18 20:10 . 2014-01-21 07:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-01-30 14:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-13 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-12 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-12 129560]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

.

c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Spoon.net Sandbox Manager 3.33.lnk - c:\users\Johan\AppData\Local\Spoon\3.33.6.199\Spoon-Sandbox.exe [2014-1-10 4616840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Johan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

path=c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk

backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

2008-10-17 14:52 1086768 ------w- c:\program files\Brownie\BrStsWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

2007-11-06 14:34 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-09-24 23:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-28 20:28 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28]

.

2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 09:28]

.

.

------- Bijkomende Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

FF - ProfilePath - c:\users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\zqeqhe5s.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2014-03-04 00:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\@* *& ]

@Allowed: (Read) (RestrictedCode)

"MachineID"=hex:06,5a,9b,71,56,f0,a3,00

.

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-2085648268-594906628-2024494315-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]

"008b-06a9"=dword:00000001

"008b-06ab"=dword:00000000

"008b-0514"="ARW 2.0-formaat"

"008b-0580"=""

"008b-0583"="c:\\Users\\Johan\\Documents\\Image Data Converter SR\\Collections"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\conime.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe

c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2014-03-04 00:12:41 - machine werd herstart

ComboFix-quarantined-files.txt 2014-03-03 23:12

ComboFix2.txt 2014-03-03 21:06

.

Pre-Run: 45.135.339.520 bytes beschikbaar

Post-Run: 44.813.410.304 bytes beschikbaar

.

- - End Of File - - FDD152C34526D6A96D06ADBFE775B570

84DAAF92C4695AE60591C148EED5E3F3

[Jion]

Wil je eens nakijken of je onderstaande vetgedrukte bestanden nog hebt staan op je computer?

C:\Windows\system32\drivers\pcwatch.sys

C:\Windows\system32\PCProtect.dll

Indien je deze ziet staan, mag je ze in veilige modus verwijderen.

Ik heb gezien dat je gebruik maakt van de gratis virusscanner Microsoft Security Essentials?

Helaas presteert deze zeer ondermaats. Ik raad je aan om deze te verwijderen en een andere, betere gratis scanner te installeren.

Op >>DEZE<< pagina vind je een overzicht van de meest gebruikte scanners met een woordje uitleg en een download link.

Om af te sluiten, mag je onderstaande tool nog uitvoeren:

Download Delfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

• 
  
• Remove disinfection tools
  
• Purge System Restore
  
• Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.