politie virus

annebaeten

20 nov 2012 00:20 1 door annebaeten
PC Web Plus - Member

Hi,

Ik had helaas het politie virus op mijn computer. Via malwarebytes verwijderd en dit zijn de logjes die ik kreeg:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Anne at 0:06:04 on 2012-11-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4026.2564 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearch Page = shareware-ne.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0354z115t4792c01o" onclick="window.open(this.href);return false;
uDefault_Search_URL = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
mStart Page = shareware-ne.com
mSearch Page = shareware-ne.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0354z115t4792c01o" onclick="window.open(this.href);return false;
uSearchAssistant = hxxp://www.google.com/ie" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80230" onclick="window.open(this.href);return false;
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80230" onclick="window.open(this.href);return false;
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Users\Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Anne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [sw_updater] "C:\Program Files (x86)\sw_updater\updater.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.nl/s/v/59.06/uploader2.cab" onclick="window.open(this.href);return false;
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{1910C3A2-3CE9-4C45-A618-D5690404B72B} : DHCPNameServer = 10.10.60.1 61.88.88.88 8.8.8.8
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\3585535313447393242343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\75962756C6563737047427966666964786 : DHCPNameServer = 192.168.176.254
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\7616374756E6E65647775627B6 : DHCPNameServer = 10.0.0.254
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\D497E647026427565602759666960213 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0354z115t4792c01o" onclick="window.open(this.href);return false;
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7715z&r=273601100815l0354z115t4792c01o" onclick="window.open(this.href);return false;
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-9-3 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-19 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-19 676936]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-9-3 240160]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-3 58880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-19 25928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-1-24 114560]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-19 22:49:14 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-19 22:49:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-19 21:47:58 -------- d-----w- C:\Program Files\Malwarebytes anti malware
2012-11-19 21:44:43 -------- d-----w- C:\Users\Anne\AppData\Roaming\Malwarebytes
2012-11-19 21:44:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-19 18:49:06 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDFCB5A5-7FCC-4E23-AEB7-DFD74E5E4A4A}\mpengine.dll
2012-11-16 16:45:49 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2012-11-16 16:45:48 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 16:45:48 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 16:45:48 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 16:39:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-16 16:39:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-16 16:39:00 140960 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-11-16 16:35:28 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 16:35:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 16:35:28 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 16:35:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 16:35:27 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 16:35:27 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 16:35:27 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-10-25 20:38:24 -------- d-----w- C:\Users\Anne\AppData\Local\Spotify
2012-10-25 20:38:15 -------- d-----w- C:\Users\Anne\AppData\Roaming\Spotify
2012-10-25 20:37:08 -------- d-----w- C:\Users\Anne\AppData\Local\Apps
2012-10-25 20:37:07 -------- d-----w- C:\Users\Anne\AppData\Local\Deployment
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-03 20:46:09 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-03 20:46:09 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-02-01 18:03:03 1289576 ----a-w- C:\Program Files\wlsetup-web.exe
2011-02-01 17:32:42 9352392 ----a-w- C:\Program Files\msnm75.exe
2010-10-26 02:34:09 14259704 ----a-w- C:\Program Files\picasa38-setup.exe
2010-10-15 12:41:37 9227680 ----a-w- C:\Program Files\FCTBSetup.exe
2010-06-28 05:18:03 4466488 ----a-w- C:\Program Files\dopdf-7.exe
2010-05-21 06:31:30 21220841 ----a-w- C:\Program Files\DCPlusPlus-0.761.exe
2010-04-22 03:58:39 631280 ----a-w- C:\Program Files\SecureW2-package.exe
2010-03-02 10:21:14 2110728 ----a-w- C:\Program Files\Install_Facebook_Plug-In_1.0.3.exe
.
============= FINISH: 0:09:10,22 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6-1-2010 23:52:23
System Uptime: 20-11-2012 0:00:31 (0 hours ago)
.
Motherboard: Acer | | Aspire 7715Z
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | uPGA-478 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 37,945 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport-adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&6CFADE&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport-adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&6CFADE&0&01
Service: vwifimp
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP242: 17-10-2012 11:23:58 - Windows Update
RP243: 25-10-2012 22:36:45 - Windows Update
RP244: 5-11-2012 22:03:25 - Windows Update
RP245: 9-11-2012 22:42:52 - Windows Update
RP246: 13-11-2012 21:11:02 - Windows Update
RP248: 13-11-2012 21:21:29 - Windows Defender Checkpoint
RP249: 16-11-2012 17:33:38 - Windows Update
RP250: 19-11-2012 19:47:42 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer Crystal Eye webcam Ver:1.1.88.610
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader X (10.1.0) - Nederlands
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AusLogics BoostSpeed
AVG 2012
Bing Bar
Bonjour
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Compatibiliteitspakket voor het 2007 Microsoft Office system
Conduit Engine
D3DX10
DC++ 0.761
doPDF 7.1 printer
Freecorder 4.02B Application
Freecorder Toolbar
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Identity Card
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Launch Manager
LimeWire 4.18.8
Malwarebytes Anti-Malware versie 1.65.1.1000
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Nero 8 Lite 8.1.1.3
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
QuickTime
Realtek High Definition Audio Driver
SecureW2 EAP Suite 2.0.2 for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SiteRanker
Skype Toolbars
Skype™ 5.10
Spotify
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Tansee iPhone Transfer Photo
TuneUp Companion 2.2.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.3
Vuze
Vuze Remote Toolbar
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 (32-bit)
.
==== End Of File ===========================

Kan je me helpen met welke volgende stap ik nu moet ondernemen?
Heel erg bedankt!

Groet,
Anne

20 nov 2012 08:52 2 door Maxstar
Administrator

Hoi en welkom op het forum,

1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar het onderstaande indien aanwezig aangezien deze een dubieuze reputatie hebben.
Conduit Engine
Freecorder Toolbar
Vuze Remote Toolbar

2. Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:

Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
- Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
- Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)

Kopieer nu onderstaande code en plak die in het grote invulvenster:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

Code: Selecteer alles

skipsearchscopes-skipstartpage-iedefaults;
{1392b8d2-5c05-419f-a8f6-b9f15a596612};c
C:\Program Files (x86)\Freecorder;fs
{ba14329e-9550-4989-b3f2-9732e92d17cc};c
C:\Program Files (x86)\Vuze_Remote;fs
{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5};c
C:\Program Files (x86)\SiteRanker;fs
{30F9B915-B755-4826-820B-08FBA6BD249D};c
C:\Program Files (x86)\ConduitEngine;fs
startupall;
filesrcm;

Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.

Bent u blij met de geboden hulp? klik hier voor een vrijblijvende donatie

Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

annebaeten

20 nov 2012 22:13 3 door annebaeten
PC Web Plus - Member

hoi!

heel erg bedankt voor de duidelijk uitleg en hulp. Dit is de log die ik krijg:

Zoek.exe Version 3.0.0.4 Updated 19-November-2012
Tool run by Anne on di 20-11-2012 at 21:42:43,03.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\Freecorder" not found
"C:\Program Files (x86)\Vuze_Remote" not found
"C:\Program Files (x86)\ConduitEngine" not found
"C:\ProgramData\dsgsdgdsgdsgw.pad" deleted
"C:\Program Files (x86)\SiteRanker" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Anne\AppData\Local\Temp ====
2012-11-20 20:41:21 2D2894581D355D5F44EAE38898A66846 4398888 ----a-w- C:\Users\Anne\AppData\Local\Temp\tbVuz0.dll
2012-11-20 20:40:33 1A8438854DD15E4389F5BDEF502C369D 4216104 ----a-w- C:\Users\Anne\AppData\Local\Temp\tbFre2.dll
2012-11-20 20:39:33 1A8438854DD15E4389F5BDEF502C369D 4216104 ----a-w- C:\Users\Anne\AppData\Local\Temp\ConduitEngin0.dll
====== C:\Windows\SysWOW64 =====
2012-11-16 16:39:00 2AF2FDFAFEC52085F569AC1C88A4C1FA 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2012-11-16 16:39:00 00721F540637A42E694C42DDD7A2F002 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2012-11-16 16:38:59 E4966988D2BF90B7A5866401B830FA74 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2012-11-16 16:38:59 51E6B19ACFACDBB372003EE016287E82 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2012-11-16 16:38:59 3503F9D68A11DAF4B3AC0270F85726CD 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2012-11-16 16:38:59 081F82EDB9B37A0FC60700C0DD96347D 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2012-11-16 16:38:58 FC4EE980C3BD87D35816EC55007E00B5 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2012-11-16 16:38:58 70D02070AC871E388654C4622215D589 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2012-11-16 16:38:58 708B31095F51A8170AA9D4DAF32A1A89 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2012-11-16 16:38:57 9CB0D2A9A77D91D9614355EE9FF00519 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2012-11-16 16:38:56 962C8A3AF8CA4ABF553E367368565335 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2012-11-16 16:38:56 58F9A2103EC5DF0F2D77851958AB0124 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2012-11-16 16:38:55 50D09C6DBD5D5E447B284116D1A26F62 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2012-11-16 16:38:55 3178C47DB9F1615E5334029607BD3459 1793024 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2012-11-16 16:38:54 8D1BB1E5A033E8817EF94A9047630165 12320768 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2012-11-16 16:38:52 A6B73FCB9496DB101F3066CAF5A7DA4B 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2012-11-16 11:15:54 EF71BA5DF59034962B0C62314A71351A 193536 ----a-w- C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-16 11:15:54 81F6C1AE23B1C493D9E996C3103915D7 44032 ----a-w- C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-16 11:15:47 5078492B9CAC9CB721698DB51F039035 175104 ----a-w- C:\Windows\SysWOW64\netcorehc.dll
2012-11-16 11:15:47 23FC8068953C9BE2D63AE4EF1129112A 18944 ----a-w- C:\Windows\SysWOW64\netevent.dll
2012-11-16 11:15:47 140D9F911182357626165EA0BEB98C4F 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll
2012-11-16 11:15:47 0BA65122FFA7E37564EE86422DBF7AE8 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2012-11-16 11:15:28 D23E615E0969AECC1134E372B0B295D1 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2012-11-16 16:45:48 51DFBD18A435BAEC1F71A692373ECE4F 9728 ----a-w- C:\Windows\Sysnative\Wdfres.dll
2012-11-16 16:39:00 22ADC5B4DFEE3DF09F1424423B43B8A7 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2012-11-16 16:39:00 0B17E54A477B6EF742D2088D6E9BA5C5 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2012-11-16 16:38:59 FF8CD2FD4356FB411FB14C1EC117C668 237056 ----a-w- C:\Windows\Sysnative\url.dll
2012-11-16 16:38:59 DE35C7EEE60336A117F4E1E47695BC3A 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2012-11-16 16:38:59 AA03ACA22B693F20F0C6FDAA80DBFC8B 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2012-11-16 16:38:58 F677FFFD0FF78CE64B2DBFB21BB268DB 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2012-11-16 16:38:58 E519FD2CE6D57062400537C95C3B17FD 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll
2012-11-16 16:38:58 641BE9D78EE70D3BD9A7AA40B9C14334 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2012-11-16 16:38:58 11103CC5A1A78E347BBDDAC564256D1A 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2012-11-16 16:38:57 A19DB004D954BBC9C4EC125711E1D1C2 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2012-11-16 16:38:57 1485AF99450A5BDF1E06CF8A178B90D4 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2012-11-16 16:38:56 F83E66031901DC0DCCE30CBC4265A762 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2012-11-16 16:38:56 D25968D163EC487A50C8C6A91D4134B4 2144768 ----a-w- C:\Windows\Sysnative\iertutil.dll
2012-11-16 16:38:56 66A6C95E11193743FCD4C3A70972860B 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2012-11-16 16:38:53 6D4F838E72EEEB3D6FB16A5A45632560 17811968 ----a-w- C:\Windows\Sysnative\mshtml.dll
2012-11-16 16:38:52 180A7380320AF73CCF7F7D8880CA2193 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
2012-11-16 16:35:28 B20F051B03A966392364C83F009F7D17 84992 ----a-w- C:\Windows\Sysnative\WUDFSvc.dll
2012-11-16 16:35:28 B1DF2D87DC8BF6072699AC8301B37796 194048 ----a-w- C:\Windows\Sysnative\WUDFPlatform.dll
2012-11-16 16:35:27 F1617F1014D51987D517A4C37A7C733B 45056 ----a-w- C:\Windows\Sysnative\WUDFCoinstaller.dll
2012-11-16 16:35:27 8ABFE00F213F2571498F1B8FD7939A98 229888 ----a-w- C:\Windows\Sysnative\WUDFHost.exe
2012-11-16 16:35:27 25AE683DCB4AE7E6F1B193A0CB9DB35F 744448 ----a-w- C:\Windows\Sysnative\WUDFx.dll
2012-11-16 11:15:54 3CC16A849E6092E43909F48EF0E60306 226816 ----a-w- C:\Windows\Sysnative\dhcpcore6.dll
2012-11-16 11:15:54 3C06D5A929B798D0B13F6481242A0FD2 55296 ----a-w- C:\Windows\Sysnative\dhcpcsvc6.dll
2012-11-16 11:15:49 34B419EDEAC6F12B34908DE3758F98C9 3149824 ----a-w- C:\Windows\Sysnative\win32k.sys
2012-11-16 11:15:47 DC4382E93770B3BF0774DB7FE46C8239 18944 ----a-w- C:\Windows\Sysnative\netevent.dll
2012-11-16 11:15:47 D4FAC263861BAE06971C7F7D0A8EBF15 216576 ----a-w- C:\Windows\Sysnative\ncsi.dll
2012-11-16 11:15:47 8AD77806D336673F270DB31645267293 303104 ----a-w- C:\Windows\Sysnative\nlasvc.dll
2012-11-16 11:15:47 59B3BE37BAFBD40715F45D580783738B 246272 ----a-w- C:\Windows\Sysnative\netcorehc.dll
2012-11-16 11:15:47 46BB91A169B9B31FF44EB04C48EC1D41 70656 ----a-w- C:\Windows\Sysnative\nlaapi.dll
2012-11-16 11:15:47 08C2957BB30058E663720C5606885653 569344 ----a-w- C:\Windows\Sysnative\iphlpsvc.dll
2012-11-16 11:15:28 8699D17DFCFCD327784034DB6BD3A422 95744 ----a-w- C:\Windows\Sysnative\synceng.dll
====== C:\Windows\Sysnative\drivers =====
2012-11-19 22:49:14 A8FE8F2783B2929B56F5370A89356CE9 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2012-11-16 16:45:52 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 16:45:48 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys
2012-11-16 16:45:48 442783E2CB0DA19873B7A63833FF4CB4 785512 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys
2012-11-16 16:35:28 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys
2012-11-16 16:35:28 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys
2012-11-16 16:35:27 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 11:15:47 37608401DFDB388CAF66917F6B2D6FB0 1914248 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2012-11-16 11:15:47 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Anne\AppData\Roaming ======
2012-10-25 20:38:24 -------- d-----w- C:\users\Anne\AppData\Local\Spotify
2012-10-25 20:38:15 -------- d-----w- C:\users\Anne\AppData\Roaming\Spotify
2012-10-25 20:37:08 -------- d-----w- C:\users\Anne\AppData\Local\Apps
2012-10-25 20:37:07 -------- d-----w- C:\users\Anne\AppData\Local\Deployment
====== C:\Users\Anne ======

====== C: exe-files ==
2012-11-19 23:19:15 FC08A3B2EA141205817FC8AF93564035 7239632 ----a-w- C:\Users\Anne\AppData\Roaming\Azureus\tmp\AZU4246402774630763085.tmp\Vuze_4.8.0.0a_win32.exe
2012-11-19 22:48:47 1EE6BF9C38EDA7A7F688D28C2BA2DBD8 10669952 ----a-w- C:\Users\Anne\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-19 22:19:05 6EAFAB5BA91B1553CE249775F339CE3B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$ISNQ5ST.exe
2012-11-19 22:18:59 FB56DFB9F43489AC9F4D43A73D2CC568 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$ID47SP4.exe
2012-11-19 22:17:39 12E33DD823D74680DE6F33BFA359EFB3 766536 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$RSNQ5ST.exe
2012-11-19 22:17:31 FACE86ABDF4CE94989A9DA4849498EC7 981656 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$RD47SP4.exe
2012-11-19 21:51:13 12E33DD823D74680DE6F33BFA359EFB3 766536 ----a-w- C:\Users\Anne\Desktop\mbamgui.exe
2012-11-19 21:50:43 2BF3DBBAA26D5513CCADDF7796AC1B38 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$IKKQMPH.exe
2012-11-19 21:46:31 FACE86ABDF4CE94989A9DA4849498EC7 981656 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$RKKQMPH.exe
2012-11-16 16:38:59 DE35C7EEE60336A117F4E1E47695BC3A 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-16 16:38:59 081F82EDB9B37A0FC60700C0DD96347D 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2012-11-16 16:38:58 49442BA6DCE4B4E3C1CB0AB193FE29AD 754848 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-11-16 16:38:58 270A1342BD5AF95CA25A586B4C2F1522 748704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2012-11-16 16:35:27 8ABFE00F213F2571498F1B8FD7939A98 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
=== C: other files ==
2012-11-20 20:41:21 2D2894581D355D5F44EAE38898A66846 4398888 ----a-w- C:\Users\Anne\AppData\Local\Temp\tbVuz0.dll
2012-11-20 20:40:33 1A8438854DD15E4389F5BDEF502C369D 4216104 ----a-w- C:\Users\Anne\AppData\Local\Temp\tbFre2.dll
2012-11-20 20:39:33 1A8438854DD15E4389F5BDEF502C369D 4216104 ----a-w- C:\Users\Anne\AppData\Local\Temp\ConduitEngin0.dll
2012-11-19 23:05:31 DE7D94281661D8A7F20A44B810BCDE9A 688901 ------r- C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KETZKTK\dds.com
2012-11-19 22:49:14 A8FE8F2783B2929B56F5370A89356CE9 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-19 21:51:13 C0F7C25EEFB1C5FD554AAA801201A83C 499784 ----a-w- C:\Users\Anne\Desktop\mbam.dll
2012-11-19 19:12:16 886F3F9D51FEC4ADF54723F854D572D5 23661 ----a-w- C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1LPVGIMQ\skin[1].zip
2012-11-16 16:45:48 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 16:45:48 51DFBD18A435BAEC1F71A692373ECE4F 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 16:45:48 442783E2CB0DA19873B7A63833FF4CB4 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 16:39:00 818E29A9A52EA0644AE48A9374AC7419 140960 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-11-16 16:39:00 2AF2FDFAFEC52085F569AC1C88A4C1FA 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2012-11-16 16:39:00 0B17E54A477B6EF742D2088D6E9BA5C5 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-16 16:38:59 FF8CD2FD4356FB411FB14C1EC117C668 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-16 16:38:59 F19A871BC4EFEA70121EEA205D3E9AB2 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-11-16 16:38:59 E4966988D2BF90B7A5866401B830FA74 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2012-11-16 16:38:59 E25F392C6C9392B333791A179A7CABDD 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-11-16 16:38:59 AA03ACA22B693F20F0C6FDAA80DBFC8B 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-16 16:38:59 58F966712F572E0ADFBC5A472AB0898A 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-11-16 16:38:59 51E6B19ACFACDBB372003EE016287E82 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2012-11-16 16:38:59 3503F9D68A11DAF4B3AC0270F85726CD 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2012-11-16 16:38:58 FC4EE980C3BD87D35816EC55007E00B5 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2012-11-16 16:38:58 F677FFFD0FF78CE64B2DBFB21BB268DB 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-16 16:38:58 E519FD2CE6D57062400537C95C3B17FD 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-16 16:38:58 708B31095F51A8170AA9D4DAF32A1A89 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2012-11-16 16:38:58 641BE9D78EE70D3BD9A7AA40B9C14334 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-16 16:38:57 A555EC9827745E760BBABB7C6D4CE37F 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2012-11-16 16:38:57 A19DB004D954BBC9C4EC125711E1D1C2 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-16 16:38:57 9CB0D2A9A77D91D9614355EE9FF00519 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2012-11-16 16:38:57 325C417819712787741BB187921C395F 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-11-16 16:38:57 1485AF99450A5BDF1E06CF8A178B90D4 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-16 16:38:56 F83E66031901DC0DCCE30CBC4265A762 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-16 16:38:56 D25968D163EC487A50C8C6A91D4134B4 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-16 16:38:56 962C8A3AF8CA4ABF553E367368565335 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2012-11-16 16:38:56 66A6C95E11193743FCD4C3A70972860B 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-16 16:38:56 58F9A2103EC5DF0F2D77851958AB0124 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2012-11-16 16:38:55 EC23242C0F533192CEDF94852CA46BF9 86528 ----a-w- C:\Windows\System32\migration\WininetPlugin.dll
2012-11-16 16:38:55 C41114E3E48F9FF5E925DFB4B1C93A84 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-11-16 16:38:55 50D09C6DBD5D5E447B284116D1A26F62 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2012-11-16 16:38:55 4C860A51870A0FD9C0D6DD83CE810541 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-11-16 16:38:55 3BAA0E59634E7CA35836B93476A79279 66048 ----a-w- C:\Windows\SysWOW64\migration\WininetPlugin.dll
2012-11-16 16:38:55 3178C47DB9F1615E5334029607BD3459 1793024 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2012-11-16 16:38:55 19540694FADD927FE139729EC2E5C80B 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-11-16 16:38:55 0FA429988D6D44C6D569CD9862E62B55 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-11-16 16:38:54 8D1BB1E5A033E8817EF94A9047630165 12320768 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2012-11-16 16:38:53 6D4F838E72EEEB3D6FB16A5A45632560 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-16 16:38:52 A6B73FCB9496DB101F3066CAF5A7DA4B 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2012-11-16 16:38:52 180A7380320AF73CCF7F7D8880CA2193 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-16 16:35:28 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 16:35:28 B20F051B03A966392364C83F009F7D17 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 16:35:28 B1DF2D87DC8BF6072699AC8301B37796 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 16:35:28 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 16:35:27 F1617F1014D51987D517A4C37A7C733B 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 16:35:27 25AE683DCB4AE7E6F1B193A0CB9DB35F 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 11:16:58 C82BBF7DC61C9187A4A5162B5CD21497 67928167 ----a-w- C:\Users\Anne\Desktop\WeTransfer-2W9rHZv1.zip
2012-11-16 11:15:54 EF71BA5DF59034962B0C62314A71351A 193536 ----a-w- C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-16 11:15:54 81F6C1AE23B1C493D9E996C3103915D7 44032 ----a-w- C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-16 11:15:54 3CC16A849E6092E43909F48EF0E60306 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-16 11:15:54 3C06D5A929B798D0B13F6481242A0FD2 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 11:15:49 34B419EDEAC6F12B34908DE3758F98C9 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-16 11:15:47 E2F5CB35194A18CB43C10CAE638B747B 51200 ----a-w- C:\Windows\SysWOW64\migration\IphlpsvcMigPlugin.dll
2012-11-16 11:15:47 DC4382E93770B3BF0774DB7FE46C8239 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-16 11:15:47 D4FAC263861BAE06971C7F7D0A8EBF15 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-16 11:15:47 8AD77806D336673F270DB31645267293 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-16 11:15:47 59B3BE37BAFBD40715F45D580783738B 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-16 11:15:47 5078492B9CAC9CB721698DB51F039035 175104 ----a-w- C:\Windows\SysWOW64\netcorehc.dll
2012-11-16 11:15:47 46BB91A169B9B31FF44EB04C48EC1D41 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-16 11:15:47 37608401DFDB388CAF66917F6B2D6FB0 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-16 11:15:47 3141B005DF760E281D7E261568F8B6CB 60416 ----a-w- C:\Windows\System32\migration\IphlpsvcMigPlugin.dll
2012-11-16 11:15:47 23FC8068953C9BE2D63AE4EF1129112A 18944 ----a-w- C:\Windows\SysWOW64\netevent.dll
2012-11-16 11:15:47 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-16 11:15:47 140D9F911182357626165EA0BEB98C4F 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll
2012-11-16 11:15:47 0BA65122FFA7E37564EE86422DBF7AE8 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2012-11-16 11:15:47 08C2957BB30058E663720C5606885653 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-16 11:15:28 D23E615E0969AECC1134E372B0B295D1 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll
2012-11-16 11:15:28 8699D17DFCFCD327784034DB6BD3A422 95744 ----a-w- C:\Windows\System32\synceng.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"Spotify Web Helper"="C:\Users\Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Anne\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -update activex"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"sw_updater"="C:\Program Files (x86)\sw_updater\updater.exe"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"
"Spotify Web Helper"="C:\Users\Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Anne\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -update activex"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-06-2010 08:16]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-06-2010 08:16]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2245846841-2144525998-156666420-1000Core.job --a------ C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2010 08:18]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2245846841-2144525998-156666420-1000UA.job --a------ C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2010 08:18]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://nl.msn.com/?pc=skyp&ocid=skydhp"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792c01o"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792c01o"
"SearchAssistant"="http://toolbar.inbox.com/search/ie.aspx?tbid=80230"
"CustomizeSearch"="http://toolbar.inbox.com/help/sa_custom ... tbid=80230"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792c01o"
"SearchAssistant"="http://toolbar.inbox.com/search/ie.aspx?tbid=80230"
"CustomizeSearch"="http://toolbar.inbox.com/help/sa_custom ... tbid=80230"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://toolbar.inbox.com/search/ie.aspx?tbid=80230"
"CustomizeSearch"="http://toolbar.inbox.com/help/sa_custom ... tbid=80230"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://toolbar.inbox.com/search/ie.aspx?tbid=80230"
"CustomizeSearch"="http://toolbar.inbox.com/help/sa_custom ... tbid=80230"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://nl.msn.com/?pc=skyp&ocid=skydhp"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKCU\*\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
HKCU\*\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Crawler Search Url="http://www.crawler.com/search/dispatche ... tbid=60179"
HKCU\*\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=i ... RA_nlAU385"
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... urceid=ie7"
HKCU\*\SearchScopes\{7C0F761D-A2B6-4DA6-800F-85D40B0072F8} shareware-ne.com Url="shareware-ne.com"
HKCU\*\SearchScopes\{8B98767B-6811-42C6-A106-75932BE72C25} shareware-ne.com Url="shareware-ne.com"
HKCU\*\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Web Search Url="http://search.conduit.com/ResultsExt.as ... =CT2504091"
HKCU\*\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Inbox Search Url="http://toolbar.inbox.com/search/dispatc ... 230&lng=en"

Hoor graag van je.
Groet anne!

20 nov 2012 22:37 4 door Maxstar
Administrator

Hoi,

Start Zoek.exe nogmaals.
"zoek.exe" gebruiken:

Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
- Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
- Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande code en plak die in het grote invulvenster:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code: Selecteer alles
```
emptyIEcache; 
emptyFFcache;
emptytemp; 
emptyflash;
emptyjava; 
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.

Bent u blij met de geboden hulp? klik hier voor een vrijblijvende donatie

Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

annebaeten

20 nov 2012 23:15 5 door annebaeten
PC Web Plus - Member

hi Maxstar,

hierbij het logje wat ik dit maal heb gekregen:

Zoek.exe Version 3.0.0.4 Updated 19-November-2012
Tool run by Anne on di 20-11-2012 at 23:07:18,64.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J34D9WD will be deleted at reboot
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Anne\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J34D9WD" deleted

Zou het nu verholpen zijn? Hoor heel graag van je.

Groet,
Anne

20 nov 2012 23:35 6 door Maxstar
Administrator

Hoi,

Zijn er nu verder nog problemen merkbaar of functioneert alles weer naar behoren?

Bent u blij met de geboden hulp? klik hier voor een vrijblijvende donatie

Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

annebaeten

20 nov 2012 23:46 7 door annebaeten
PC Web Plus - Member

Hoi!

Nee alles doet het weer. Niks geks gemerkt tot dusver. Als alles maar eraf is.
Bedankt voor je hulp!!

Groet, Anne

21 nov 2012 08:57 8 door Maxstar
Administrator

Hoi,

Graag gedaan en mooi dat er geen problemen meer zijn...

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).

Zoek.exe
DDS

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Volledige systeemscan
Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma.

Handleiding Emsisoft Emergency Kit

Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software

2.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.

Hoe u de herstelpunten verwijderd leest u hier

3.) Wachtwoorden wijzigen
De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
Meer informatie hierover leest u hier

4.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

5.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.
Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.
Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.

Bent u blij met de geboden hulp? klik hier voor een vrijblijvende donatie

Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

23 dec 2012 09:53 9 door Maxstar
Administrator

Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.

Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.

Bent u blij met de geboden hulp? klik hier voor een vrijblijvende donatie

Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

politie virus

Toon berichten van afgelopen

Sorteer op

Beste bezoeker, welkom op PC Web Plus!