Computer Forum voor al uw vragen en problemen.

Register een gratis account om van alle functies op het forum gebruik te kunnen maken.

Problemen met uw computer, of heeft u advies nodig? PC Web Plus helpt u graag verder.

Welkom op PC Web Plus, op dit computerforum kunt u terecht voor gratis hulp bij computerproblemen en allerhande vragen over software, hardware en computerbeveiliging.

Als gast kunt u alleen het forum bekijken en meelezen met de verschillende discussies. U kunt echter geen reacties of commentaar geven op bestaande discussies, of nieuwe onderwerpen op het forum starten met uw vraag of probleem.

Klik op de onderstaande link om geheel gratis een gebruikersaccount op ons forum te registreren. Vanaf dat moment kunt u deelnemen aan de diverse discussies op het forum.

Klik hier om een gratis account te registreren! - of lees onze Welkomstgids door voor meer informatie over het gebruik van het forum.

 
annebaeten
PC Web Plus - Member
PC Web Plus - Member
Onderwerp Auteur
Berichten: 9
Lid geworden op: di 20 nov, 2012 00:16:54
Kennisniveau: (1) Beginner

trojan virus

zo 13 jan, 2013 23:25:03

Hoi,
Ik heb helaas het (wederom) het trojan virus op mijn computer. Hierbij mijn log's van HITMANPRO en DDs.
Zou je me kunnen adviseren voor een goede virusscanner die ik kan aanschaffen?

DDS :
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Anne at 23:14:14 on 2013-01-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4026.2437 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = shareware-ne.com
mStart Page = shareware-ne.com
mSearch Page = shareware-ne.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [sw_updater] "C:\Program Files (x86)\sw_updater\updater.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.nl/s/v/59.06/uploader2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.254
TCP: Interfaces\{1910C3A2-3CE9-4C45-A618-D5690404B72B} : DHCPNameServer = 10.10.60.1 61.88.88.88 8.8.8.8
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960} : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\3585535313447393242343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\75962756C6563737047427966666964786 : DHCPNameServer = 192.168.176.254
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\7616374756E6E65647775627B6 : DHCPNameServer = 10.0.0.254
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\973726275656B65627 : DHCPNameServer = 192.168.0.1 8.8.8.8
TCP: Interfaces\{A152C309-3995-4BB7-AC03-9F7B05E5D960}\D497E647026427565602759666960213 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792c01o
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5t4792c01o
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-9-3 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-1-13 108904]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-19 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-19 676936]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-9-3 240160]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-1-13 32152]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-3 58880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-19 25928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-1-24 114560]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-13 22:03:32 -------- d-----w- C:\Program Files\HitmanPro
2013-01-13 22:02:44 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-12 00:28:36 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{77228072-4E9C-4F88-8957-EC35C3E67B47}\mpengine.dll
2013-01-09 19:07:52 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-28 15:23:36 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-28 15:23:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-28 15:23:01 -------- d-----w- C:\Program Files\iTunes
2012-12-28 15:23:01 -------- d-----w- C:\Program Files\iPod
2012-12-27 20:00:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-27 20:00:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-27 20:00:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-27 20:00:01 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-17 21:22:24 -------- d-----w- C:\Users\Anne\AppData\Local\{4D1FB1CF-8818-48B8-B64E-37B6E8E0BF17}
.
==================== Find3M ====================
.
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 21:55:48 24064 ----a-w- C:\Windows\zoek-delete.exe
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-02-01 18:03:03 1289576 ----a-w- C:\Program Files\wlsetup-web.exe
2011-02-01 17:32:42 9352392 ----a-w- C:\Program Files\msnm75.exe
2010-10-26 02:34:09 14259704 ----a-w- C:\Program Files\picasa38-setup.exe
2010-10-15 12:41:37 9227680 ----a-w- C:\Program Files\FCTBSetup.exe
2010-06-28 05:18:03 4466488 ----a-w- C:\Program Files\dopdf-7.exe
2010-05-21 06:31:30 21220841 ----a-w- C:\Program Files\DCPlusPlus-0.761.exe
2010-04-22 03:58:39 631280 ----a-w- C:\Program Files\SecureW2-package.exe
2010-03-02 10:21:14 2110728 ----a-w- C:\Program Files\Install_Facebook_Plug-In_1.0.3.exe
.
============= FINISH: 23:18:46,00 ===============


Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6-1-2010 23:52:23
System Uptime: 13-1-2013 23:09:33 (0 hours ago)
.
Motherboard: Acer | | Aspire 7715Z
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | uPGA-478 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 47,07 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport-adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&6CFADE&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport-adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&6CFADE&0&01
Service: vwifimp
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP254: 3-12-2012 22:05:07 - Windows Update
RP255: 10-12-2012 20:38:20 - Windows Update
RP256: 13-12-2012 6:59:30 - Windows Update
RP257: 14-12-2012 1:32:34 - Windows Update
RP258: 17-12-2012 22:19:54 - Windows Update
RP259: 22-12-2012 11:21:48 - Windows Update
RP260: 27-12-2012 20:59:12 - Windows Update
RP261: 6-1-2013 19:01:07 - Windows Update
RP262: 9-1-2013 19:56:56 - Windows Update
RP263: 12-1-2013 1:03:26 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer Crystal Eye webcam Ver:1.1.88.610
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader X (10.1.0) - Nederlands
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AusLogics BoostSpeed
Aventail Access Manager
Aventail Web Proxy Agent
AVG 2012
Bing Bar
Bonjour
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Compatibiliteitspakket voor het 2007 Microsoft Office system
D3DX10
DC++ 0.761
doPDF 7.1 printer
Freecorder 4.02B Application
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
iCloud
Identity Card
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Launch Manager
LimeWire 4.18.8
Malwarebytes Anti-Malware versie 1.65.1.1000
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared 64-bit MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Nero 8 Lite 8.1.1.3
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
QuickTime
Realtek High Definition Audio Driver
SecureW2 EAP Suite 2.0.2 for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SiteRanker
Skype Toolbars
Skype™ 5.10
Spotify
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Tansee iPhone Transfer Photo
TuneUp Companion 2.2.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.3
Vuze
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 (32-bit)
.
==== End Of File ===========================


Hitmanpro:

HitmanPro 3.7.0.185
www.hitmanpro.com

   Computer name . . . . : ANNE-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   Safe Mode Boot  . . . : NETWORK
   User name . . . . . . : Anne-PC\Anne
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-01-13 23:03:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 9
   Traces  . . . . . . . : 264

   Objects scanned . . . : 1.487.779
   Files scanned . . . . : 51.388
   Remnants scanned  . . : 391.371 files / 1.045.020 keys

Malware _____________________________________________________________________

   C:\Users\Anne\wgsdgsdgdsgsd.exe -> Quarantined
      Size . . . . . . . : 139.264 bytes
      Age  . . . . . . . : 1.9 days (2013-01-12 01:03:26)
      Entropy  . . . . . : 7.0
      SHA-256  . . . . . : E3EB2707CBC53F3592729CD9263821554038DFFD81925C69EC320BB9EE40CB43
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : CTF Loader
      Version  . . . . . : 5.2.3790.1830
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
    > G Data . . . . . . : Win32:Rootkit-gen [Rtk]
      Fuzzy  . . . . . . : 112.0
      Startup
         C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk


Malware remnants ____________________________________________________________

   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Ransomware) -> PendingDelete
   HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}\ (Adware.Hotbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}\ (Adware.Gamevance) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}\ (Adware.Gamevance) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}\ (Adware.Hotbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}\ (Adware.Hotbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}\ (Adware.Hotbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}\ (Adware.Gamevance) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0ANYY8PO.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0JBHZR7X.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0JM5BNED.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0LYCSC0Y.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0SWWKEXK.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\1FNE06XF.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\1UNYNAZK.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\1ZZ11GOK.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\26DD7SI5.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\2ETIUT3W.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\2PS5J1W4.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\3N09F871.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\3TVVEWTY.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\43B5O0LP.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\4YKHK362.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\5DV5BERM.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\5ELUXXX9.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\5IXI0C6I.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\5W17UH58.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\631ZED5R.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\6HQ9YBPP.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\6PTDGK3F.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\6UAI8PXC.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\75WM7JOH.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\791FY0UF.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\7C1QUMOA.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\7FU7MHHT.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\7UMLFQ00.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\8QIU8903.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\9R9BLJZS.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\A0N3HY6K.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\A6SX4P6Y.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\AG025FDF.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@112.2o7[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@3mobile.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ad.ad-srv[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ad.m5prod[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ad.muzzy[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adinterax[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adlegend[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.admaxasia[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.as4x.tmcs.ticketmaster[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.associatedcontent[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.bcserving[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.cnn[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.financialcontent[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.foodbuzz[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.id-t[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.kilroytravels[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.monster[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.nmv[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.pc-helpforum[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.pointroll[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.travellogger[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.us.e-planning[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ads.weatherzone.com[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adserver.adremedy[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adserver.adtechus[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adserver.itx[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adserver.toscani-online[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adservx.omg.com[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@adverterenophyves.hyves[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@advertstream[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@anheuserbusch.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@apmebf[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@asrverzekeringen.solution.weborama[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@associatedcontent.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@at.atwola[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@atwola[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@australiapost.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@avgtechnologies.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@bankwest.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@be.sitestat[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@bluestreak[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CA01U61U.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CA505VY7.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CA6Y2GR9.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CA6YXAA6.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CA829OMX.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CA8AOUB4.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAAIDNAK.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CACV3HAP.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CADDZD6S.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAGF2HMA.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAGSTORT.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAIG9AYC.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAII6Q85.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAJBIFEX.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAK3WJ0C.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAL78H4G.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CALM6QID.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CANV744J.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAPQVBAI.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAQ6O92P.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CARIVHD7.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CASR276N.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAU7HKVD.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAW2RQK3.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAWCYASS.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@CAYQ9YRL.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@cdn1.trafficmp[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@cdn4.specificclick[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@chitika[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@cms.trafficmp[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@content.yieldmanager[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@counter.hitslink[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@cpc.tmgadnetwerk[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@crisper.solution.weborama[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@de.sitestat[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@de.sitestat[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@detelegraaf.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@dmtracker[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@eas4.emediate[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@edsa.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ehg-adidas.hitbox[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ehg-ccbn.hitbox[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ehg-crain.hitbox[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ehg-starbucks.hitbox[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@f2network.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ffdmacintosh.solution.weborama[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ffdts.solution.weborama[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@findarticles[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@fuckmylife[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@hitbox[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@idfact.adservinginternational[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@idfactory.adservinginternational[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@in.getclicky[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@int.sitestat[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@int.sitestat[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@interclick[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@leeenterprises.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@livenation.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@marriottinternational.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@medianetworks.adservinginternational[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@microsoftsto.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@microsoftwlsearchcrm.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@nike.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@ohra.adservinginternational[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@optus.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@overture[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@pointroll[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@questionmarket[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@rainbowmedia.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@reagroup.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@realmedia[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@revenue[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@roommates.com.au.38155.fb.dbbsrv[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@rotator.adjuggler[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@siemens.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@simpel.adservinginternational[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@sparkle.adservinginternational[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stat.dealtime[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stat.onestat[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stats.edgevertising[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stats.ladotstats[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stats.postbus51[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stats.rabobank[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stats.rabobank[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stats.townnews[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@stepstone.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@surveymonkey.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@tacoda[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@thephonehouse.solution.weborama[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@tourismnz.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@tourismwesternaustralia.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@tpgpost.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@track.adform[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@trafficmp[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@translinksystemsbv.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@travelcomau.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@trinitymirror.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@valueclick[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@vdwp.solution.weborama[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@viator.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@warnerbros.112.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@worldticketcenter.122.2o7[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@www.mystats[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@xiti[1].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\anne@yadro[2].txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\B1GVIYRT.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\B83GL25E.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\BI2K9U08.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\BJ0B252L.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\BPNPXJ2Y.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\C9R9JF3B.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\CPELSFB7.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\EAH2Z0SR.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\EY2X6OXH.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\FFPFM6N6.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\FRJFON0A.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\FY9YMSJ4.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\GM9JFNDG.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\GP6KRXEJ.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\HDXSBN6U.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\HPVU7U0E.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\I1MJVLW0.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\JB7WIDLZ.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\K3HGYX2A.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\K6A1I6FA.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\K6ASJX69.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\KC9266YT.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\KGDIMUY5.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\KT2QVCO9.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\L6HAYQLI.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\LBZ8DUDR.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\LMA23IY8.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\M0TXF93I.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\M4TO8MC8.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\MUB61YB1.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\MUQ7LAJ4.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\N1KH3DZ4.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\NDZRC6NM.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\NZKDZ64A.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\OH0QBSIW.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\OKG6TUW1.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\PJ5TXZ66.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\POCX7UXO.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\QGVRZHYP.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\QORC4YP7.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\QP316D2R.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\QUHSBGK2.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\S1JN7M61.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\SCY7ALIG.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\SZ1YXOE2.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\T8WJXSWM.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\U52F8V52.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\UCY6I00I.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\UINXQVYW.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\UPEOLKZE.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\UXP2JBV6.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\V46BITT8.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\VK7UFHTL.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\WCLHNZHB.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\WMXHTYPY.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\WWO5KRMQ.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\X0R2LZ0C.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\X2VRR8L5.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XA11RK03.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XDDI967E.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XNGH70NG.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XOQ5J5TM.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XU0L0SBO.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XWSC1JNJ.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\XZ2I01G9.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\Y1834021.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\Y43HJMAB.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\Y5QV0JF8.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\YKF00URR.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\YWUQW06S.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\YZ17CDY8.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\Z35ZYSL2.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\ZLJAPL5A.txt
   C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\ZN26P1AB.txt





Ik verneem graag van u.
Vriendelijke groet,
Anne

 
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: vr 03 dec, 2010 18:00:18

Re: trojan virus

zo 13 jan, 2013 23:34:55

Welkom op PC Web Plus.nl

Probeer het volgende:

"zoek.exe" gebruiken:
  • Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
    (hier of hier) kan je lezen hoe je dat doet.
  • Download daarna zoek.exe naar het bureaublad.
  • Start de tool middels dubbelklik op "zoek.exe".
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    autoclean;
    iedefaults;http://www.google.nl
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "sw_updater"=-;r
    filesrcm;
    startupall;

  • Sluit nu eerst alle overige nog openstaande programmavensters!
  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Groeten smeenk :)
 
annebaeten
PC Web Plus - Member
PC Web Plus - Member
Onderwerp Auteur
Berichten: 9
Lid geworden op: di 20 nov, 2012 00:16:54
Kennisniveau: (1) Beginner

Re: trojan virus

di 15 jan, 2013 20:00:34

Hoi Smeenk, hierbij mijn logje. Denk je dat alles weg is?


Zoek.exe Version 3.0.0.4 Updated 14-January-2013
Tool run by Anne on di 15-01-2013 at 19:44:22,34.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{828030A1-22C1-4009-854F-8E305202313F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sw_updater"=-

==== Deleting Files \ Folders ======================

"C:\ProgramData\dsgsdgdsgdsgw.pad" deleted
"C:\ProgramData\dsgsdgdsgdsgw.js" deleted
"C:\Users\Anne\AppData\Roaming\PriceGong" deleted
"C:\ProgramData\Partner" deleted
"C:\Users\Anne\AppData\Local\Conduit" deleted
"C:\Users\Anne\AppData\LocalLow\PriceGong" deleted
"C:\Users\Anne\AppData\LocalLow\Conduit" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Anne\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-01-09 19:08:34 52CCA2E9FFD0653CACED1E808AADE4B6 492032 ----a-w- C:\Windows\SysWOW64\win32spl.dll
2013-01-09 19:08:21 EAADD6E47ED2A7003ACE1793B98CF63F 1389568 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2013-01-09 19:08:21 21D3A18769EC2C4E56756D04E989A221 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2013-01-09 19:08:20 BF6D6ED5FADCEEE885BD0144ECF1BA27 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 19:08:20 B7230010D97787AF3D25E4C82F2B06B9 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll
2013-01-09 19:08:10 ED59143843560B5EDB543C2A48CB9E4B 45568 ----a-w- C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 19:08:10 A704E750245D5D4EE4A23E99A00F27D5 46592 ----a-w- C:\Windows\SysWOW64\fpb.rs
2013-01-09 19:08:10 A067A19A91C2AA0198F9BD01A5CEF5C6 21504 ----a-w- C:\Windows\SysWOW64\grb.rs
2013-01-09 19:08:10 9EDCFA23CC081E38C86CA309D0F7E3DC 30720 ----a-w- C:\Windows\SysWOW64\usk.rs
2013-01-09 19:08:10 9B7D7F4D1F79E8B7D727BE94B1630D59 44544 ----a-w- C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 19:08:10 6EC618588447B82EA8D88719EE46F725 43520 ----a-w- C:\Windows\SysWOW64\csrr.rs
2013-01-09 19:08:10 64E211E0FDFCE4D186DF58BB7D0503BC 2576384 ----a-w- C:\Windows\SysWOW64\gameux.dll
2013-01-09 19:08:10 5109C45498BC709C8A7E016D5FFCCAC2 20480 ----a-w- C:\Windows\SysWOW64\pegi.rs
2013-01-09 19:08:10 4F5C56DBF076D5BBB1D22B37BF281396 20480 ----a-w- C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 19:08:10 41CE7975CAD7BCF92538D2C452239523 40960 ----a-w- C:\Windows\SysWOW64\cob-au.rs
2013-01-09 19:08:10 27828AAA24AA46F11036954ADE355C1C 15360 ----a-w- C:\Windows\SysWOW64\djctq.rs
2013-01-09 19:08:09 DDD1C4AB9A9DAE6D4092C4C95E714650 51712 ----a-w- C:\Windows\SysWOW64\esrb.rs
2013-01-09 19:08:09 CBC69A055EF410CBD65593E4808B6DB4 23552 ----a-w- C:\Windows\SysWOW64\oflc.rs
2013-01-09 19:08:09 7752619457598CF057C4CC02A0867029 55296 ----a-w- C:\Windows\SysWOW64\cero.rs
2013-01-09 19:08:09 72035C97983745E742D71E9A8EF70BBB 20480 ----a-w- C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 19:08:09 43C9CF6825CEA58F1815B7C3DBBB385C 308736 ----a-w- C:\Windows\SysWOW64\Wpc.dll
2013-01-09 19:07:52 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\SysWOW64\locale.nls
2013-01-09 19:07:50 E954A79D6A754A5475582CACED1565E6 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 19:07:49 D836382F58FC216317C9C0CFC7EE6B5A 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 19:07:49 C27C0DBA18C5668D47D17D7EB305172B 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-01-09 19:07:49 AC0B6F41882FC6ED186962D770EBF1D2 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-01-09 19:07:46 E0AD44A09B01D863B90F9ED8DF7AE771 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-09 19:07:46 4707A115C283D2FE29BE63CC24B83EC7 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-09 19:07:45 C991F87D8C679B016BBEC40412B36AF6 2048 ----a-w- C:\Windows\SysWOW64\user.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-01-13 22:08:26 54FF0E233967E493009CA038E1DBB5C3 1960 ----a-w- C:\Windows\Sysnative\.crusader
2013-01-09 19:08:34 0353B239C28B0E9EBC7FA3D1F6181661 750592 ----a-w- C:\Windows\Sysnative\win32spl.dll
2013-01-09 19:08:22 99B91C5D2FCEF218CAD3600ECB62A799 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll
2013-01-09 19:08:22 371948BC5911ABA06168FAC91ED25F06 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2013-01-09 19:08:20 DBF99FD9CAF75CA66D042BD8D050FF71 800768 ----a-w- C:\Windows\Sysnative\usp10.dll
2013-01-09 19:08:20 5F3307352216618221A17CFEF273EEE2 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2013-01-09 19:08:10 EBB73E4E8CA01089CF74ECE506EB7607 43520 ----a-w- C:\Windows\Sysnative\csrr.rs
2013-01-09 19:08:10 C4B0793E4B97AA36A2A8C81A7AA1979A 44544 ----a-w- C:\Windows\Sysnative\pegibbfc.rs
2013-01-09 19:08:10 A2E0F1E01A0983E9C94565BBEC862BF7 40960 ----a-w- C:\Windows\Sysnative\cob-au.rs
2013-01-09 19:08:10 997938D423CE830161CB6059434E3C9F 45568 ----a-w- C:\Windows\Sysnative\oflc-nz.rs
2013-01-09 19:08:10 6D540AF9B183FC97DC4CC54369561548 20480 ----a-w- C:\Windows\Sysnative\pegi-pt.rs
2013-01-09 19:08:10 661AE5EAC62C4598DD01795CEB915BAE 20480 ----a-w- C:\Windows\Sysnative\pegi.rs
2013-01-09 19:08:10 65A8302C7551CFE45FAA2BC085C9E7E2 15360 ----a-w- C:\Windows\Sysnative\djctq.rs
2013-01-09 19:08:10 5C48A43FC30FC61ECB1335DC646686BC 30720 ----a-w- C:\Windows\Sysnative\usk.rs
2013-01-09 19:08:10 54B11BB2AFBC3D5EBA9C96F0C1820B9B 46592 ----a-w- C:\Windows\Sysnative\fpb.rs
2013-01-09 19:08:10 4489D5D2CB4BA0799F3FB4625DE181CF 21504 ----a-w- C:\Windows\Sysnative\grb.rs
2013-01-09 19:08:10 2BCBA6052374959A30BD7948444DBB79 2746368 ----a-w- C:\Windows\Sysnative\gameux.dll
2013-01-09 19:08:10 027675ED9B34EE1B91505C3B8752649F 441856 ----a-w- C:\Windows\Sysnative\Wpc.dll
2013-01-09 19:08:09 D0C01412FBF59C1C25630C49F0C1B803 55296 ----a-w- C:\Windows\Sysnative\cero.rs
2013-01-09 19:08:09 9BB05674E013C35F4DAED51F5015355D 20480 ----a-w- C:\Windows\Sysnative\pegi-fi.rs
2013-01-09 19:08:09 51D25C805A01A2C4F930F9720CF51FFE 51712 ----a-w- C:\Windows\Sysnative\esrb.rs
2013-01-09 19:08:09 4773EB5962548068547214A620E9ACC3 23552 ----a-w- C:\Windows\Sysnative\oflc.rs
2013-01-09 19:07:52 1F56F209585F350A5666E3CC7931FD67 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2013-01-09 19:07:52 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\Sysnative\locale.nls
2013-01-09 19:07:50 65C113214F7B05820F6D8A65B1485196 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll
2013-01-09 19:07:49 BA69FBB4BFC88BA6AA8EB5A285393A72 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2013-01-09 19:07:49 9E479C2B605C25DA4971ABA36250FAEF 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2013-01-09 19:07:49 5674E21E82CFBEA36DDAD5DB285D6DBC 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2013-01-09 19:07:49 3EE3AA76D8AB6D5644C4C8F34471CEB3 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2013-01-09 19:07:49 259EB5F7D95A29842B476C5B3EB6E186 243200 ----a-w- C:\Windows\Sysnative\wow64.dll
2013-01-09 19:07:49 1BCDB508143B517F21BBDAC10F5777BF 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2013-01-09 19:07:34 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\Sysnative\taskhost.exe
2013-01-09 19:07:33 523B9B64F2B6C630A2E0A87116C05F12 3149824 ----a-w- C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2012-12-28 15:23:36 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-01-13 22:03:32 -------- d-----w- C:\Program Files\HitmanPro
2012-12-28 15:23:01 -------- d-----w- C:\Program Files\iTunes
2012-12-28 15:23:01 -------- d-----w- C:\Program Files\iPod
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Anne\AppData\Roaming ======
====== C:\Users\Anne ======
2013-01-13 22:02:44 -------- d-----w- C:\ProgramData\HitmanPro
2012-12-28 15:23:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

====== C: exe-files ==
2013-01-14 19:19:10 5CA39C1D83B285427FC20044A14F0F4A 1718808 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_0BB4946B2EEAC900.exe
2013-01-14 19:19:05 924173893B3735741B373CA366C37823 398992 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_F5CB933C28B61353.exe
2013-01-14 19:19:02 BAD663957F682F95B22C4E83AB49CB52 308368 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_38F27E698DCE3952.exe
2013-01-14 19:18:59 4A001CFD8565634EC6891B6BFAB04183 1053840 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_94DDE1EDD1CDF6A3.exe
2013-01-14 19:18:12 88C48DAAB78EEE9F856C8BFF2141F09B 530464 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3607.2246\GoogleToolbarInstaller_updater_signed.exe
2013-01-14 19:15:26 EE0C13AB4D3DA0BBEA29EE1905993F15 5576696 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.52\24.0.1312.52_23.0.1271.97_chrome_updater.exe
2013-01-13 22:03:33 9C66FEEFCA9D5DD712AB78D17BB16DA8 108904 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
2013-01-13 22:03:32 F17E6B94BD68109FA517F8C8D9C7092D 9703176 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2013-01-13 22:02:40 F17E6B94BD68109FA517F8C8D9C7092D 9703176 ----a-w- C:\Users\Anne\Desktop\HitmanPro_x64.exe
2013-01-09 19:07:49 1BCDB508143B517F21BBDAC10F5777BF 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-01-09 19:07:46 E0AD44A09B01D863B90F9ED8DF7AE771 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-01-09 19:07:46 4707A115C283D2FE29BE63CC24B83EC7 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-01-09 19:07:45 C991F87D8C679B016BBEC40412B36AF6 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2013-01-09 19:07:34 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\System32\taskhost.exe
=== C: other files ==
2013-01-14 19:19:13 917A728A12F25FCF4636858FAC9979FA 1000984 ----a-w- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
2013-01-14 19:19:13 76E7410B3A308F6960D3CE06DC7874AD 150040 ----a-w- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
2013-01-14 19:19:13 6217BCE38E3B1DBA4F1A789189A2616C 346136 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
2013-01-14 19:19:13 07DCB2037B557BD97EA5F963EA0B9A83 49176 ----a-w- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gth.dll
2013-01-14 19:18:55 4C1B167473577A2B07413458B61FDB58 512144 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_nl_63371F198DACB2EB.dll
2013-01-14 19:18:52 58EC0172DA8A00597E93A072F6E7F044 1032848 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_C9EDDF0B6984A451.dll
2013-01-14 19:18:45 CF16087091E3D12A71FBBAC93504CC85 4607120 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_64_EA4317C393845F35.dll
2013-01-14 19:18:39 B53A732C08002F6EDA943DEB8CE91F6E 3053200 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_68D43262AB91CB4A.dll
2013-01-14 19:18:32 9B1B6ECC2F29A4F2448BCFFD9F930E72 253584 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_64_BFF210F947D9DB39.dll
2013-01-14 19:18:28 B9497C5ACAEA521663BFFBB321DD3AFA 192144 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbar_32_E4372AF08E5B8B50.dll
2013-01-13 22:15:38 787C9CE82EC06CF45C737D5568CE949C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2245846841-2144525998-156666420-1000\$IYLHVKH.dll
2013-01-13 22:13:50 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Anne\Downloads\dds.com
2013-01-12 01:04:53 9CD0D6D484504F85F950D63AA8DB4AB9 22025 ----a-w- C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEXA338Y\skin[1].zip
2013-01-12 00:03:19 6793DA5AFD1367ADFB86F8D9B4F5AC3C 35437 ----a-w- C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BCOG18H8\stormtrooper[1].zip
2013-01-09 19:07:49 629694436F3C8443AD7415346FBB9A41 44032 ----a-w- C:\Windows\AppPatch\acwow64.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-06-2010 08:16]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-06-2010 08:16]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2245846841-2144525998-156666420-1000Core.job --a------ C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2010 08:18]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2245846841-2144525998-156666420-1000UA.job --a------ C:\Users\Anne\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2010 08:18]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dcmagccbogebndpoodhhhafmofelpffh - C:\Users\Anne\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://nl.msn.com/?pc=skyp&ocid=skydhp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
HKCU\*\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Crawler Search Url="http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60179"
HKCU\*\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADRA_nlAU385"
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
HKCU\*\SearchScopes\{7C0F761D-A2B6-4DA6-800F-85D40B0072F8} shareware-ne.com Url="shareware-ne.com"
HKCU\*\SearchScopes\{8B98767B-6811-42C6-A106-75932BE72C25} shareware-ne.com Url="shareware-ne.com"
HKCU\*\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Inbox Search Url="http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80230&lng=en"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Anne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Anne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found


groet,
anne
 
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: vr 03 dec, 2010 18:00:18

Re: trojan virus

di 15 jan, 2013 23:45:04

Bijna alles is weg :)

"zoek.exe" gebruiken:
  • Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
    (hier of hier) kan je lezen hoe je dat doet.
  • Start de tool middels dubbelklik op "zoek.exe".
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    {7C0F761D-A2B6-4DA6-800F-85D40B0072F8};c
    {C04B7D22-5AEC-4561-8F49-27F6269208F6};c
    {8B98767B-6811-42C6-A106-75932BE72C25};c

  • Sluit nu eerst alle overige nog openstaande programmavensters!
  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Groeten smeenk :)
 
annebaeten
PC Web Plus - Member
PC Web Plus - Member
Onderwerp Auteur
Berichten: 9
Lid geworden op: di 20 nov, 2012 00:16:54
Kennisniveau: (1) Beginner

Re: trojan virus

do 17 jan, 2013 00:12:19

Hi Smeenk,

HIerbij mijn nieuwe logje. Zou alles nu dan weg zijn? Thanks voor je help! x

Zoek.exe Version 4.0.0.1 Updated 16-January-2013
Tool run by Anne on do 17-01-2013 at 0:07:34,18.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} deleted successfully
HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B98767B-6811-42C6-A106-75932BE72C25} deleted successfully

==== Deleting CLSID Registry Values ======================
 
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: vr 03 dec, 2010 18:00:18

Re: trojan virus

do 17 jan, 2013 14:36:39

Ik denk dat de bovenste regel niet helemaal meegekopieerd is

"zoek.exe" gebruiken:
  • Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens het gebruik soms als trojan aangezien.
    (hier of hier) kan je lezen hoe je dat doet.
  • Start de tool middels dubbelklik op "zoek.exe".
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    {7C0F761D-A2B6-4DA6-800F-85D40B0072F8};c

  • Sluit nu eerst alle overige nog openstaande programmavensters!
  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Groeten smeenk :)
 
annebaeten
PC Web Plus - Member
PC Web Plus - Member
Onderwerp Auteur
Berichten: 9
Lid geworden op: di 20 nov, 2012 00:16:54
Kennisniveau: (1) Beginner

Re: trojan virus

do 17 jan, 2013 20:41:23

Hi Smeenk,

hierbij het logje;


Zoek.exe Version 4.0.0.1 Updated 17-January-2013
Tool run by Anne on do 17-01-2013 at 20:36:21,82.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2245846841-2144525998-156666420-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7C0F761D-A2B6-4DA6-800F-85D40B0072F8} deleted successfully

==== Deleting CLSID Registry Values ======================


zou dan nu het virus eraf zijn? :-)
 
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: vr 03 dec, 2010 18:00:18

Re: trojan virus

do 17 jan, 2013 22:33:20

Ik denk dat alles nu wel ongeveer schoon is :)

Doe nog even de volgende stappen:

Download Ccleaner

Bij het installeren van de nieuwste Ccleaner wordt nu ook Google Chrome (automatisch) mee geinstalleerd.
Wil je dit voorkomen, dan moet je tijdens het installeren een vinkje weg halen, zodat Google Chrome niet geinstalleerd wordt.

Start CCleaner op.
• Klik in de linkse kolom op Cleaner.
• Klik achtereenvolgens op Analyseren en Opschonen.
• Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
• Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
• Dan krijg je de vraag om een back-up te maken, klik op JA en kies dan Herstel alle geselecteerde fouten.
• Sluit hierna CCleaner af.


Je mag alle gebruikte tools + de bijbehorende logjes verwijderen.

Verwijder nog even alle oude systeemherstelpunten want daar kunnen nog besmettingen in zitten.
Windows systeemherstelpunten verwijderen klik hier.
Let op: ga geen systeemherstel doen, maar laat alle oude systeemherstelpunten verwijderen.


Om herbesmetting te vermijden, kan je deze tips eens nalezen: Hoe voorkom ik een nieuwe infectie?.

Groeten smeenk ;)
 
annebaeten
PC Web Plus - Member
PC Web Plus - Member
Onderwerp Auteur
Berichten: 9
Lid geworden op: di 20 nov, 2012 00:16:54
Kennisniveau: (1) Beginner

Re: trojan virus

do 17 jan, 2013 23:09:13

Hi Smeenk,

Hartstikke bedankt! Ik heb ook nog even je overige stappen opgevolgd! Ik ga dit weekend kijken voor een virus scanner... ook wel handig. Nogmaals bedankt.

Groet,
Anne
 
Gebruikersavatar
PC Web Plus
PC Web Plus - Member
PC Web Plus - Member
Berichten: 173
Lid geworden op: za 26 jun, 2010 04:21:34

Re: trojan virus

vr 18 jan, 2013 09:13:27

Kaspersky Internet Security 2013 U maakt automatisch kans op één van de vijf licenties

PC Web Plus mag met dank aan Kaspersky vijf licenties verloten van 'Kaspersky Internet Security 2013'.

Het meedoen aan deze actie is heel simpel, u hoeft namelijk helemaal niets te doen! Geen prijsvraag, puzzel echt helemaal niets.
Als u op het forum komt voor hulp en ondersteuning bij het verwijderen van een malware gerelateerd probleem dingt u automatisch mee om kans te maken op één van de vijf licenties van Kaspersky Internet Security 2013

Uw naam wordt vanaf 1 januari 2013 opgenomen in de lijst van deelnemers en op vrijdag 1 Februari 2013 zullen de gebruikers van het forum bekend gemaakt worden die een een licentie van Kaspersky Internet Security 2013 krijgen toegestuurd

Meer informatie lees u bij: Start het nieuwe jaar veilig met kasperksy Internet Security

 
Gebruikersavatar
Maxstar
Administrator
Administrator
Berichten: 41272
Lid geworden op: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 10
AV: Emsisoft Internet Security
Contacteer:

Re: trojan virus

vr 01 feb, 2013 09:40:53

Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.


Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers en 19 gasten