hoi, ik weet niet zeker of ik het virus goed verwijderd heb..
hierbij de logjes
2
Administrator
Administrator
Hoi,
Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:
Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:
- Sluit nu eerst alle nog openstaande programmavensters!
- Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.- Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
- Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
- Vervolgens zal er na een tijdje een venster geopend worden.
- Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
- Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code: Selecteer alles
startupall; filesrcm; - Klik nu op de knop "Run script".
- Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
- Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
- Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
3
PC Web Plus - Member
PC Web Plus - Member
Ik kreeg ook een melding dat er een audiopluginmgr onleesbaar en beschadigd is. ik zou het hulpprogramma CHKDCK uit moeten voeren???
Zoek.exe Version 3.0.0.4 Updated 05-January-2013
Tool run by thijs on za 05-01-2013 at 9:38:59,99.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\thijs\AppData\Local\Temp ====
2013-01-05 08:36:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Users\thijs\AppData\Local\Temp\HijackThis.exe
====== C:\Windows\SysWOW64 =====
2013-01-05 02:46:18 DA45BC10389B93EA984748914226295B 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.dll
2013-01-05 02:45:41 D65F491938DB7527776BDE77D2849FB0 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.exe
2013-01-04 01:46:46 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-01-04 01:46:46 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2013-01-04 01:46:46 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-01-04 01:46:46 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-04 01:46:46 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2013-01-04 01:46:46 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-04 01:46:45 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-01-04 01:45:43 E32230F4135D507E79509C998F4D8C92 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2013-01-04 01:45:42 5DAF8A6B7F127C4E70A5C1F707347859 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2013-01-04 01:45:21 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-01-04 01:45:21 859CFCE4A0F72916911BD9F6C6E84581 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-01-04 01:45:20 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2013-01-04 01:45:20 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-01-04 01:44:23 52DF0C578CC1A2659F0DF6FCFEC09222 95184 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-04 01:26:58 D4F3176082566CEFA633B4945802D4C4 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-01-04 01:26:58 0978C2B33BDD0A7E6C563AA337DC8BA0 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-01-04 01:26:57 DA15883524770E44CA94D38E9FD54E3D 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-01-04 01:26:57 746D54D4505D7DD64A7204E9356662D3 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-04 01:26:57 2299E1067A7027E25281177830E0F5A7 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-04 01:26:56 4A8CFB2638B946154FC74CD4BECBDCEC 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-04 01:26:55 D433E08B64837534AFB786E454BAB61E 5120 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:55 6F08CABF92AF8FAB3509DD9F313B83F9 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:55 0E3CEB4FCE14AF72FBAAAE754A7C136A 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 EC0A0E7B3537BB2912221D4933216727 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 C1FA7D1A6548037873C90D4EEE34DF2B 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 01:26:54 BC24199038F4BE63A1825CF168408120 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 B4FCCE5BA0990AE78809379CB0C3873C 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 73AF314C216F08A1C97BC03ECAD3A423 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 6B28D57A511929227FF1C8F412C1A3F9 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:54 63416D211D4B15FD841A21E508081F4C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:54 4A01572D2030D49CEB0A319DE0BFF53C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 3B319CC2334AC0D15BE25A5994065F13 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 2A1A2C962BB789EF8EE8CF8CB8F100C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 1818CCEE5CFC3FCC876F42643109F2C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:53 CAF11064A276247FE9F30AB06C4F2F2C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 A2C23B02DC32AA8D3801B84FB54137A6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 72D37545BC03B38537C3ACC7FA8FCA3A 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 50A078C76D94014B61238F1118B6E02C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 1697959965BC58308D046048A69E6C1E 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 139590E1C420A439F23F261979A59BC4 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:52 CBE6C675D3B10E48EF7B25A5FF07B46D 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:52 97188F405255248AC8316001411D9CC5 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:52 7978B487E3FBBC666A494EBECBFB26A9 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:52 3C3685C29EEF909266F124A184F849E6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:52 2B9B097C293696DBC473CEF9F623C980 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:52 1A208F0CEB6DE90A7EE3D4469B3A88BA 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:51 E00F3E011103F0D788EC727374BFB50A 2048 ----a-w- C:\Windows\SysWOW64\user.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-01-04 01:46:52 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2013-01-04 01:46:52 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-04 01:46:52 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2013-01-04 01:46:47 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2013-01-04 01:46:47 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2013-01-04 01:46:47 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2013-01-04 01:46:46 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2013-01-04 01:46:46 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2013-01-04 01:46:46 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2013-01-04 01:46:46 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
2013-01-04 01:46:46 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll
2013-01-04 01:46:46 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\Sysnative\wksprt.exe
2013-01-04 01:46:45 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\Sysnative\mstsc.exe
2013-01-04 01:46:45 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2013-01-04 01:46:44 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\Sysnative\mstscax.dll
2013-01-04 01:45:43 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 ----a-w- C:\Windows\Sysnative\atmfd.dll
2013-01-04 01:45:43 2ED72B3F76C9368ABC01464DA64DB7AE 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
2013-01-04 01:45:21 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2013-01-04 01:45:21 9B3718651DDE8A75FC4E8D6542A250D8 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2013-01-04 01:45:21 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2013-01-04 01:27:00 6F2E324703E6D22B9934C33DA48F1F01 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2013-01-04 01:26:59 72CC564BBC70DE268784BCE91EB8A28F 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2013-01-04 01:26:59 3326166011C9BC13D6A8EFD856E9921C 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2013-01-04 01:26:59 1DC3504CA4C57900F1557E9A3F01D272 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll
2013-01-04 01:26:57 98168B9B0656A01A321FF1BECB2C03E1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2013-01-04 01:26:57 2970785A72054740E1A5DCEB32485486 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2013-01-04 01:26:57 23A6A58BE46A1D6538B33D0F5535EEBE 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2013-01-04 01:26:57 15B30F15BD13640B337A0FC37BD48CDE 243200 ----a-w- C:\Windows\Sysnative\wow64.dll
2013-01-04 01:26:55 A05FA0E17EA9ADE6DC9B5C2BEC224030 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:54 ED6346350B051FA98F755518E1DBC9C4 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 DF38FFD9127965E857E6E8BF41E3AD66 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:54 DE4B59CD672B016B0827D7FBBBB13B74 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 CD2FCB8F13EABE7702A8AE7DE49E90E5 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 C1D840725CBC18F1232B832083EAE51D 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 B1A6900FE182F839DA1B58CDC9E0B3AE 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:54 91EF240DDB541D9FD62EBDC719EAE93A 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:54 7B02A73700CC99A0B9E4D4C0AA2028BA 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 695612AA7E235938E1683CD00D61D157 4608 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 545466F436F875D0FFC171C12CAC3244 4608 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:54 42B7B6D5D9AE16C5793CE28029174D5E 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 28DC7159AC48CF4622D3D222590897C8 5120 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:54 20DC238620F694575DDEE8EC95265774 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 07D74D633327AFF7E2360F32F83D8200 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:54 028685592EF723982C5D6B98D6C4893D 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:53 EAAA1E6695B3D5F834E91F41EB1BD9B2 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 E06E5AA16B3F7C72CDE3593CE87411BB 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 01:26:53 9335B95493FA6CBDF553E36820983A29 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 818C4DEC5316EA1147D059E4CAE75453 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 580BE75B6D90FF6D0C08E5AAD2213C55 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 18B5290C01924D87DDD0480BC8FAB8D6 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 03164C3DD1DCE155A2528DE6CC878975 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:52 D98882549D5D1246039BCF421202EB2E 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:52 244483EF6648ABE51A12C7EB01EB0A60 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:51 BA959333F88D1FAF934CC1318AC3B69E 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:51 B45124A0A5E60906AB72B48C25348835 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-memory-l1-1-0.dll
====== C:\Windows\Sysnative\drivers =====
2013-01-05 02:50:39 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-01-04 01:46:49 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2013-01-04 01:46:49 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2013-01-04 01:45:21 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-01-04 01:45:21 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-01-05 08:36:18 -------- d-----w- C:\Program Files (x86)\HiJackThis
======= C: =====
====== C:\Users\thijs\AppData\Roaming ======
2013-01-05 02:50:08 -------- d-----w- C:\users\thijs\AppData\Local\Programs
====== C:\Users\thijs ======
====== C: exe-files ==
2013-01-05 08:36:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Users\thijs\AppData\Local\Temp\HijackThis.exe
2013-01-05 08:36:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\HiJackThis\HiJackThis.exe
2013-01-05 03:02:46 D3517F30DE32D88FB7E3F946CA8DFBC5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$IDWN51I.exe
2013-01-05 02:49:23 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$RDWN51I.exe
2013-01-05 02:45:41 D65F491938DB7527776BDE77D2849FB0 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.exe
2013-01-04 04:55:14 37805D8621594CF24EADC2AFF36499B4 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$I46I2I7.exe
2013-01-04 01:46:52 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-04 01:46:46 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-01-04 01:46:46 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\System32\wksprt.exe
2013-01-04 01:46:46 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2013-01-04 01:46:45 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2013-01-04 01:40:24 105DE32BB543BCA78D72818B4EFF6178 896016 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$R46I2I7.exe
2013-01-04 01:26:59 3326166011C9BC13D6A8EFD856E9921C 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-01-04 01:26:57 2299E1067A7027E25281177830E0F5A7 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-04 01:26:56 4A8CFB2638B946154FC74CD4BECBDCEC 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-04 01:26:51 E00F3E011103F0D788EC727374BFB50A 2048 ----a-w- C:\Windows\SysWOW64\user.exe
=== C: other files ==
2013-01-05 03:00:16 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\Users\thijs\Desktop\dds.com
2013-01-05 02:50:39 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-05 02:46:18 DA45BC10389B93EA984748914226295B 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.dll
2013-01-04 01:46:52 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-04 01:46:52 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-04 01:46:49 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-01-04 01:46:49 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-01-04 01:46:47 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-01-04 01:46:47 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-04 01:46:47 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-01-04 01:46:46 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-01-04 01:46:46 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-01-04 01:46:46 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2013-01-04 01:46:46 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2013-01-04 01:46:46 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2013-01-04 01:46:46 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-01-04 01:46:46 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-04 01:46:46 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\System32\aaclient.dll
2013-01-04 01:46:46 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-04 01:46:45 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-01-04 01:46:45 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-01-04 01:46:44 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2013-01-04 01:45:43 E32230F4135D507E79509C998F4D8C92 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2013-01-04 01:45:43 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-04 01:45:43 2ED72B3F76C9368ABC01464DA64DB7AE 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-04 01:45:42 5DAF8A6B7F127C4E70A5C1F707347859 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2013-01-04 01:45:21 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-04 01:45:21 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-01-04 01:45:21 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-04 01:45:21 9B3718651DDE8A75FC4E8D6542A250D8 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-04 01:45:21 859CFCE4A0F72916911BD9F6C6E84581 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-01-04 01:45:21 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-04 01:45:21 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-04 01:45:20 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2013-01-04 01:45:20 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-01-04 01:44:23 52DF0C578CC1A2659F0DF6FCFEC09222 95184 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-04 01:27:00 6F2E324703E6D22B9934C33DA48F1F01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-04 01:26:59 72CC564BBC70DE268784BCE91EB8A28F 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 01:26:59 1DC3504CA4C57900F1557E9A3F01D272 1161216 ----a-w- C:\Windows\System32\kernel32.dll
2013-01-04 01:26:58 D4F3176082566CEFA633B4945802D4C4 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-01-04 01:26:58 0978C2B33BDD0A7E6C563AA337DC8BA0 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-01-04 01:26:57 E337DE8814EABEDEA01919B94D323078 44032 ----a-w- C:\Windows\AppPatch\acwow64.dll
2013-01-04 01:26:57 DA15883524770E44CA94D38E9FD54E3D 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-01-04 01:26:57 98168B9B0656A01A321FF1BECB2C03E1 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-01-04 01:26:57 746D54D4505D7DD64A7204E9356662D3 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-04 01:26:57 2970785A72054740E1A5DCEB32485486 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-01-04 01:26:57 23A6A58BE46A1D6538B33D0F5535EEBE 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-01-04 01:26:57 15B30F15BD13640B337A0FC37BD48CDE 243200 ----a-w- C:\Windows\System32\wow64.dll
2013-01-04 01:26:55 D433E08B64837534AFB786E454BAB61E 5120 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:55 A05FA0E17EA9ADE6DC9B5C2BEC224030 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:55 6F08CABF92AF8FAB3509DD9F313B83F9 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:55 0E3CEB4FCE14AF72FBAAAE754A7C136A 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 ED6346350B051FA98F755518E1DBC9C4 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 EC0A0E7B3537BB2912221D4933216727 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 DF38FFD9127965E857E6E8BF41E3AD66 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:54 DE4B59CD672B016B0827D7FBBBB13B74 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 CD2FCB8F13EABE7702A8AE7DE49E90E5 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 C1FA7D1A6548037873C90D4EEE34DF2B 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 01:26:54 C1D840725CBC18F1232B832083EAE51D 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 BC24199038F4BE63A1825CF168408120 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 B4FCCE5BA0990AE78809379CB0C3873C 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 B1A6900FE182F839DA1B58CDC9E0B3AE 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:54 91EF240DDB541D9FD62EBDC719EAE93A 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:54 7B02A73700CC99A0B9E4D4C0AA2028BA 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 73AF314C216F08A1C97BC03ECAD3A423 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 6B28D57A511929227FF1C8F412C1A3F9 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:54 695612AA7E235938E1683CD00D61D157 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 63416D211D4B15FD841A21E508081F4C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:54 545466F436F875D0FFC171C12CAC3244 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:54 4A01572D2030D49CEB0A319DE0BFF53C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 42B7B6D5D9AE16C5793CE28029174D5E 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 3B319CC2334AC0D15BE25A5994065F13 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 2A1A2C962BB789EF8EE8CF8CB8F100C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 28DC7159AC48CF4622D3D222590897C8 5120 ---ha-w- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:54 20DC238620F694575DDEE8EC95265774 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 1818CCEE5CFC3FCC876F42643109F2C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:54 07D74D633327AFF7E2360F32F83D8200 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:54 028685592EF723982C5D6B98D6C4893D 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:53 EAAA1E6695B3D5F834E91F41EB1BD9B2 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 E06E5AA16B3F7C72CDE3593CE87411BB 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 01:26:53 CAF11064A276247FE9F30AB06C4F2F2C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 A2C23B02DC32AA8D3801B84FB54137A6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 9335B95493FA6CBDF553E36820983A29 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 818C4DEC5316EA1147D059E4CAE75453 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 72D37545BC03B38537C3ACC7FA8FCA3A 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 580BE75B6D90FF6D0C08E5AAD2213C55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 50A078C76D94014B61238F1118B6E02C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 18B5290C01924D87DDD0480BC8FAB8D6 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 1697959965BC58308D046048A69E6C1E 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 139590E1C420A439F23F261979A59BC4 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:53 03164C3DD1DCE155A2528DE6CC878975 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:52 D98882549D5D1246039BCF421202EB2E 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:52 CBE6C675D3B10E48EF7B25A5FF07B46D 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:52 97188F405255248AC8316001411D9CC5 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:52 7978B487E3FBBC666A494EBECBFB26A9 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:52 3C3685C29EEF909266F124A184F849E6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:52 2B9B097C293696DBC473CEF9F623C980 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:52 244483EF6648ABE51A12C7EB01EB0A60 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:52 1A208F0CEB6DE90A7EE3D4469B3A88BA 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:51 BA959333F88D1FAF934CC1318AC3B69E 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:51 B45124A0A5E60906AB72B48C25348835 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3464960758-4197574661-1130637895-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\thijs\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"8B98DA628DD888E18E68C6568B631FB869FECA70._service_run"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"
"GoogleChromeAutoLaunch_1586AFCD2F1EACCBB75CD08BC6FC294A"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"NBAgent"="c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\thijs\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"8B98DA628DD888E18E68C6568B631FB869FECA70._service_run"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"
"GoogleChromeAutoLaunch_1586AFCD2F1EACCBB75CD08BC6FC294A"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
==== Startup Folders ======================
2010-04-20 13:39:23 1258 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2010-04-20 13:39:23 1258 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-08-26 12:43:45 1277 ----a-w- C:\users\thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-12-2012 13:25]
C:\Windows\tasks\AutoRearm.job --a------ C:\Windows\AutoRearm\AutoRearm.exe [15-10-2011 21:55]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3464960758-4197574661-1130637895-1001UA.job --a------ C:\Users\thijs\AppData\Local\Google\Update\GoogleUpdate.exe [24-05-2011 16:45]
Zoek.exe Version 3.0.0.4 Updated 05-January-2013
Tool run by thijs on za 05-01-2013 at 9:38:59,99.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\thijs\AppData\Local\Temp ====
2013-01-05 08:36:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Users\thijs\AppData\Local\Temp\HijackThis.exe
====== C:\Windows\SysWOW64 =====
2013-01-05 02:46:18 DA45BC10389B93EA984748914226295B 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.dll
2013-01-05 02:45:41 D65F491938DB7527776BDE77D2849FB0 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.exe
2013-01-04 01:46:46 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-01-04 01:46:46 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2013-01-04 01:46:46 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-01-04 01:46:46 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-04 01:46:46 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2013-01-04 01:46:46 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-04 01:46:45 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-01-04 01:45:43 E32230F4135D507E79509C998F4D8C92 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2013-01-04 01:45:42 5DAF8A6B7F127C4E70A5C1F707347859 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2013-01-04 01:45:21 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-01-04 01:45:21 859CFCE4A0F72916911BD9F6C6E84581 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-01-04 01:45:20 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2013-01-04 01:45:20 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-01-04 01:44:23 52DF0C578CC1A2659F0DF6FCFEC09222 95184 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-04 01:26:58 D4F3176082566CEFA633B4945802D4C4 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-01-04 01:26:58 0978C2B33BDD0A7E6C563AA337DC8BA0 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-01-04 01:26:57 DA15883524770E44CA94D38E9FD54E3D 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-01-04 01:26:57 746D54D4505D7DD64A7204E9356662D3 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-04 01:26:57 2299E1067A7027E25281177830E0F5A7 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-04 01:26:56 4A8CFB2638B946154FC74CD4BECBDCEC 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-04 01:26:55 D433E08B64837534AFB786E454BAB61E 5120 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:55 6F08CABF92AF8FAB3509DD9F313B83F9 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:55 0E3CEB4FCE14AF72FBAAAE754A7C136A 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 EC0A0E7B3537BB2912221D4933216727 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 C1FA7D1A6548037873C90D4EEE34DF2B 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 01:26:54 BC24199038F4BE63A1825CF168408120 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 B4FCCE5BA0990AE78809379CB0C3873C 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 73AF314C216F08A1C97BC03ECAD3A423 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 6B28D57A511929227FF1C8F412C1A3F9 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:54 63416D211D4B15FD841A21E508081F4C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:54 4A01572D2030D49CEB0A319DE0BFF53C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 3B319CC2334AC0D15BE25A5994065F13 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 2A1A2C962BB789EF8EE8CF8CB8F100C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 1818CCEE5CFC3FCC876F42643109F2C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:53 CAF11064A276247FE9F30AB06C4F2F2C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 A2C23B02DC32AA8D3801B84FB54137A6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 72D37545BC03B38537C3ACC7FA8FCA3A 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 50A078C76D94014B61238F1118B6E02C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 1697959965BC58308D046048A69E6C1E 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 139590E1C420A439F23F261979A59BC4 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:52 CBE6C675D3B10E48EF7B25A5FF07B46D 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:52 97188F405255248AC8316001411D9CC5 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:52 7978B487E3FBBC666A494EBECBFB26A9 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:52 3C3685C29EEF909266F124A184F849E6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:52 2B9B097C293696DBC473CEF9F623C980 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:52 1A208F0CEB6DE90A7EE3D4469B3A88BA 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:51 E00F3E011103F0D788EC727374BFB50A 2048 ----a-w- C:\Windows\SysWOW64\user.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-01-04 01:46:52 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2013-01-04 01:46:52 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-04 01:46:52 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2013-01-04 01:46:47 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2013-01-04 01:46:47 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2013-01-04 01:46:47 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2013-01-04 01:46:46 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2013-01-04 01:46:46 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2013-01-04 01:46:46 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2013-01-04 01:46:46 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
2013-01-04 01:46:46 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll
2013-01-04 01:46:46 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\Sysnative\wksprt.exe
2013-01-04 01:46:45 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\Sysnative\mstsc.exe
2013-01-04 01:46:45 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2013-01-04 01:46:44 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\Sysnative\mstscax.dll
2013-01-04 01:45:43 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 ----a-w- C:\Windows\Sysnative\atmfd.dll
2013-01-04 01:45:43 2ED72B3F76C9368ABC01464DA64DB7AE 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll
2013-01-04 01:45:21 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2013-01-04 01:45:21 9B3718651DDE8A75FC4E8D6542A250D8 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2013-01-04 01:45:21 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2013-01-04 01:27:00 6F2E324703E6D22B9934C33DA48F1F01 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2013-01-04 01:26:59 72CC564BBC70DE268784BCE91EB8A28F 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2013-01-04 01:26:59 3326166011C9BC13D6A8EFD856E9921C 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2013-01-04 01:26:59 1DC3504CA4C57900F1557E9A3F01D272 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll
2013-01-04 01:26:57 98168B9B0656A01A321FF1BECB2C03E1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2013-01-04 01:26:57 2970785A72054740E1A5DCEB32485486 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2013-01-04 01:26:57 23A6A58BE46A1D6538B33D0F5535EEBE 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2013-01-04 01:26:57 15B30F15BD13640B337A0FC37BD48CDE 243200 ----a-w- C:\Windows\Sysnative\wow64.dll
2013-01-04 01:26:55 A05FA0E17EA9ADE6DC9B5C2BEC224030 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:54 ED6346350B051FA98F755518E1DBC9C4 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 DF38FFD9127965E857E6E8BF41E3AD66 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:54 DE4B59CD672B016B0827D7FBBBB13B74 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 CD2FCB8F13EABE7702A8AE7DE49E90E5 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 C1D840725CBC18F1232B832083EAE51D 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 B1A6900FE182F839DA1B58CDC9E0B3AE 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:54 91EF240DDB541D9FD62EBDC719EAE93A 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:54 7B02A73700CC99A0B9E4D4C0AA2028BA 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 695612AA7E235938E1683CD00D61D157 4608 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 545466F436F875D0FFC171C12CAC3244 4608 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:54 42B7B6D5D9AE16C5793CE28029174D5E 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 28DC7159AC48CF4622D3D222590897C8 5120 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:54 20DC238620F694575DDEE8EC95265774 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 07D74D633327AFF7E2360F32F83D8200 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:54 028685592EF723982C5D6B98D6C4893D 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:53 EAAA1E6695B3D5F834E91F41EB1BD9B2 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 E06E5AA16B3F7C72CDE3593CE87411BB 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 01:26:53 9335B95493FA6CBDF553E36820983A29 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 818C4DEC5316EA1147D059E4CAE75453 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 580BE75B6D90FF6D0C08E5AAD2213C55 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 18B5290C01924D87DDD0480BC8FAB8D6 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 03164C3DD1DCE155A2528DE6CC878975 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:52 D98882549D5D1246039BCF421202EB2E 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:52 244483EF6648ABE51A12C7EB01EB0A60 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:51 BA959333F88D1FAF934CC1318AC3B69E 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:51 B45124A0A5E60906AB72B48C25348835 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-core-memory-l1-1-0.dll
====== C:\Windows\Sysnative\drivers =====
2013-01-05 02:50:39 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-01-04 01:46:49 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2013-01-04 01:46:49 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2013-01-04 01:45:21 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2013-01-04 01:45:21 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-01-05 08:36:18 -------- d-----w- C:\Program Files (x86)\HiJackThis
======= C: =====
====== C:\Users\thijs\AppData\Roaming ======
2013-01-05 02:50:08 -------- d-----w- C:\users\thijs\AppData\Local\Programs
====== C:\Users\thijs ======
====== C: exe-files ==
2013-01-05 08:36:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Users\thijs\AppData\Local\Temp\HijackThis.exe
2013-01-05 08:36:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\HiJackThis\HiJackThis.exe
2013-01-05 03:02:46 D3517F30DE32D88FB7E3F946CA8DFBC5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$IDWN51I.exe
2013-01-05 02:49:23 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$RDWN51I.exe
2013-01-05 02:45:41 D65F491938DB7527776BDE77D2849FB0 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.exe
2013-01-04 04:55:14 37805D8621594CF24EADC2AFF36499B4 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$I46I2I7.exe
2013-01-04 01:46:52 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-01-04 01:46:46 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-01-04 01:46:46 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\System32\wksprt.exe
2013-01-04 01:46:46 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2013-01-04 01:46:45 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2013-01-04 01:40:24 105DE32BB543BCA78D72818B4EFF6178 896016 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3464960758-4197574661-1130637895-1001\$R46I2I7.exe
2013-01-04 01:26:59 3326166011C9BC13D6A8EFD856E9921C 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-01-04 01:26:57 2299E1067A7027E25281177830E0F5A7 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-04 01:26:56 4A8CFB2638B946154FC74CD4BECBDCEC 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-04 01:26:51 E00F3E011103F0D788EC727374BFB50A 2048 ----a-w- C:\Windows\SysWOW64\user.exe
=== C: other files ==
2013-01-05 03:00:16 8B968045D75783A09592C3105F2865DA 688992 ----a-r- C:\Users\thijs\Desktop\dds.com
2013-01-05 02:50:39 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-05 02:46:18 DA45BC10389B93EA984748914226295B 17920 ----a-w- C:\Windows\SysWOW64\rpcnetp.dll
2013-01-04 01:46:52 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-01-04 01:46:52 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-01-04 01:46:49 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-01-04 01:46:49 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-01-04 01:46:47 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-01-04 01:46:47 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-01-04 01:46:47 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-01-04 01:46:46 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-01-04 01:46:46 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-01-04 01:46:46 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2013-01-04 01:46:46 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2013-01-04 01:46:46 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2013-01-04 01:46:46 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-01-04 01:46:46 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2013-01-04 01:46:46 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\System32\aaclient.dll
2013-01-04 01:46:46 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-01-04 01:46:45 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-01-04 01:46:45 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-01-04 01:46:44 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2013-01-04 01:45:43 E32230F4135D507E79509C998F4D8C92 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll
2013-01-04 01:45:43 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-04 01:45:43 2ED72B3F76C9368ABC01464DA64DB7AE 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-04 01:45:42 5DAF8A6B7F127C4E70A5C1F707347859 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll
2013-01-04 01:45:21 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-04 01:45:21 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2013-01-04 01:45:21 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-04 01:45:21 9B3718651DDE8A75FC4E8D6542A250D8 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-04 01:45:21 859CFCE4A0F72916911BD9F6C6E84581 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-01-04 01:45:21 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-04 01:45:21 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-04 01:45:20 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2013-01-04 01:45:20 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2013-01-04 01:44:23 52DF0C578CC1A2659F0DF6FCFEC09222 95184 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-04 01:27:00 6F2E324703E6D22B9934C33DA48F1F01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-04 01:26:59 72CC564BBC70DE268784BCE91EB8A28F 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 01:26:59 1DC3504CA4C57900F1557E9A3F01D272 1161216 ----a-w- C:\Windows\System32\kernel32.dll
2013-01-04 01:26:58 D4F3176082566CEFA633B4945802D4C4 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-01-04 01:26:58 0978C2B33BDD0A7E6C563AA337DC8BA0 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-01-04 01:26:57 E337DE8814EABEDEA01919B94D323078 44032 ----a-w- C:\Windows\AppPatch\acwow64.dll
2013-01-04 01:26:57 DA15883524770E44CA94D38E9FD54E3D 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-01-04 01:26:57 98168B9B0656A01A321FF1BECB2C03E1 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-01-04 01:26:57 746D54D4505D7DD64A7204E9356662D3 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-04 01:26:57 2970785A72054740E1A5DCEB32485486 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-01-04 01:26:57 23A6A58BE46A1D6538B33D0F5535EEBE 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-01-04 01:26:57 15B30F15BD13640B337A0FC37BD48CDE 243200 ----a-w- C:\Windows\System32\wow64.dll
2013-01-04 01:26:55 D433E08B64837534AFB786E454BAB61E 5120 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:55 A05FA0E17EA9ADE6DC9B5C2BEC224030 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:55 6F08CABF92AF8FAB3509DD9F313B83F9 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:55 0E3CEB4FCE14AF72FBAAAE754A7C136A 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 ED6346350B051FA98F755518E1DBC9C4 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 EC0A0E7B3537BB2912221D4933216727 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 DF38FFD9127965E857E6E8BF41E3AD66 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 01:26:54 DE4B59CD672B016B0827D7FBBBB13B74 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 CD2FCB8F13EABE7702A8AE7DE49E90E5 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 C1FA7D1A6548037873C90D4EEE34DF2B 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 01:26:54 C1D840725CBC18F1232B832083EAE51D 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 BC24199038F4BE63A1825CF168408120 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 B4FCCE5BA0990AE78809379CB0C3873C 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 01:26:54 B1A6900FE182F839DA1B58CDC9E0B3AE 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:54 91EF240DDB541D9FD62EBDC719EAE93A 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:54 7B02A73700CC99A0B9E4D4C0AA2028BA 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 01:26:54 73AF314C216F08A1C97BC03ECAD3A423 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 01:26:54 6B28D57A511929227FF1C8F412C1A3F9 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:54 695612AA7E235938E1683CD00D61D157 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 01:26:54 63416D211D4B15FD841A21E508081F4C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:54 545466F436F875D0FFC171C12CAC3244 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:54 4A01572D2030D49CEB0A319DE0BFF53C 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 42B7B6D5D9AE16C5793CE28029174D5E 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 01:26:54 3B319CC2334AC0D15BE25A5994065F13 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 01:26:54 2A1A2C962BB789EF8EE8CF8CB8F100C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 01:26:54 28DC7159AC48CF4622D3D222590897C8 5120 ---ha-w- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 01:26:54 20DC238620F694575DDEE8EC95265774 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 01:26:54 1818CCEE5CFC3FCC876F42643109F2C0 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 01:26:54 07D74D633327AFF7E2360F32F83D8200 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:54 028685592EF723982C5D6B98D6C4893D 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 01:26:53 EAAA1E6695B3D5F834E91F41EB1BD9B2 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 E06E5AA16B3F7C72CDE3593CE87411BB 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 01:26:53 CAF11064A276247FE9F30AB06C4F2F2C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 01:26:53 A2C23B02DC32AA8D3801B84FB54137A6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 9335B95493FA6CBDF553E36820983A29 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 01:26:53 818C4DEC5316EA1147D059E4CAE75453 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 72D37545BC03B38537C3ACC7FA8FCA3A 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 580BE75B6D90FF6D0C08E5AAD2213C55 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 01:26:53 50A078C76D94014B61238F1118B6E02C 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 18B5290C01924D87DDD0480BC8FAB8D6 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 01:26:53 1697959965BC58308D046048A69E6C1E 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 01:26:53 139590E1C420A439F23F261979A59BC4 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:53 03164C3DD1DCE155A2528DE6CC878975 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 01:26:52 D98882549D5D1246039BCF421202EB2E 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 01:26:52 CBE6C675D3B10E48EF7B25A5FF07B46D 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:52 97188F405255248AC8316001411D9CC5 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-04 01:26:52 7978B487E3FBBC666A494EBECBFB26A9 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 01:26:52 3C3685C29EEF909266F124A184F849E6 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:52 2B9B097C293696DBC473CEF9F623C980 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 01:26:52 244483EF6648ABE51A12C7EB01EB0A60 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 01:26:52 1A208F0CEB6DE90A7EE3D4469B3A88BA 4608 ---ha-w- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 01:26:51 BA959333F88D1FAF934CC1318AC3B69E 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 01:26:51 B45124A0A5E60906AB72B48C25348835 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3464960758-4197574661-1130637895-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\thijs\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"8B98DA628DD888E18E68C6568B631FB869FECA70._service_run"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"
"GoogleChromeAutoLaunch_1586AFCD2F1EACCBB75CD08BC6FC294A"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"NBAgent"="c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\thijs\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"8B98DA628DD888E18E68C6568B631FB869FECA70._service_run"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"
"GoogleChromeAutoLaunch_1586AFCD2F1EACCBB75CD08BC6FC294A"="C:\Users\thijs\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
==== Startup Folders ======================
2010-04-20 13:39:23 1258 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2010-04-20 13:39:23 1258 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-08-26 12:43:45 1277 ----a-w- C:\users\thijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-12-2012 13:25]
C:\Windows\tasks\AutoRearm.job --a------ C:\Windows\AutoRearm\AutoRearm.exe [15-10-2011 21:55]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3464960758-4197574661-1130637895-1001UA.job --a------ C:\Users\thijs\AppData\Local\Google\Update\GoogleUpdate.exe [24-05-2011 16:45]
4
Administrator
Administrator
Hoi,
Dit ziet er verder prima uit, voer nu nog even een scan uit met HitmanPro.
Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
Klik hier voor een uitgebreide handleiding van HitmanPro.
Dit ziet er verder prima uit, voer nu nog even een scan uit met HitmanPro.
Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
Klik hier voor een uitgebreide handleiding van HitmanPro.
- Houd de linker CTRL toets ingedrukt en dubbelklik op "HitmanPro36.exe" om de "Force Breach" te starten en klik op "volgende" als HitmanPro de processen heeft geblokkeerd.
- Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
- Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
- Als de scan klaar is klik je op "volgende"
- Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
- Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
- Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
Post dit logje. - Klik nu op de knop "Herstarten".
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
6
Administrator
Administrator
Hoi,
Dit ziet er picobello uit, zijn er verder nog problemen merkbaar of functioneert alles weer naar behoren?
Dit ziet er picobello uit, zijn er verder nog problemen merkbaar of functioneert alles weer naar behoren?
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
7
PC Web Plus - Member
PC Web Plus - Member
hoi,
De melding van nero is niet meer teruggekomen en alles ziet er normaal uit!
kan vriendje weer een nieuwe poging ondernemen om m nu wel eens virusvrij te houden
heel erg bedankt!! ook namens vriendje
op naar laptop2..
De melding van nero is niet meer teruggekomen en alles ziet er normaal uit!
kan vriendje weer een nieuwe poging ondernemen om m nu wel eens virusvrij te houden
heel erg bedankt!! ook namens vriendje
op naar laptop2..
8
Administrator
Administrator
Hoi,
Graag gedaan en mooi dat er geen problemen meer zijn...
Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.
De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.
1.) Volledige systeemscan
Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma. Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software
2.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
Meer informatie hierover leest u hier
4.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier
5.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier
6.) Preventie informatie & het gebruik van beveiligings software.
Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.
Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.
Zoals je in het eerdere bericht hebt kunnen lez
Graag gedaan en mooi dat er geen problemen meer zijn...
Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.
De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
- Zoek.exe
- DDS
Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.
1.) Volledige systeemscan
Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma. Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software
2.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
- Hoe u de herstelpunten verwijderd leest u hier
De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
Meer informatie hierover leest u hier
4.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier
5.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier
6.) Preventie informatie & het gebruik van beveiligings software.
Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.
Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.
Zoals je in het eerdere bericht hebt kunnen lez
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
9
.
.
Kaspersky Internet Security 2013 U maakt automatisch kans op één van de vijf licenties
PC Web Plus mag met dank aan Kaspersky vijf licenties verloten van 'Kaspersky Internet Security 2013'.
Het meedoen aan deze actie is heel simpel, u hoeft namelijk helemaal niets te doen! Geen prijsvraag, puzzel echt helemaal niets.
Als u op het forum komt voor hulp en ondersteuning bij het verwijderen van een malware gerelateerd probleem dingt u automatisch mee om kans te maken op één van de vijf licenties van Kaspersky Internet Security 2013
Uw naam wordt vanaf 1 januari 2013 opgenomen in de lijst van deelnemers en op vrijdag 1 Februari 2013 zullen de gebruikers van het forum bekend gemaakt worden die een een licentie van Kaspersky Internet Security 2013 krijgen toegestuurd
Meer informatie lees u bij: Start het nieuwe jaar veilig met kasperksy Internet Security
11
Administrator
Administrator
Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.
Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.
Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.
Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.
Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.
Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)