Beste lezer,
ik heb het programma funmoods op mijn computer. Ik heb de stappen in onderstaande discussie al opgevolgd maar krijg http://searchfunmoods.com nog steeds niet van mijn computer af 
http://antivirus.startpagina.nl/prikbord/16077932/16077983/re-funmoods-verwijderen
Wie kan mij helpen hier vanaf te komen?
Groet,
Fabian
Hallo,
Begin met je profiel te wijzigen zodat je mailadres niet meer zichtbaar is.(dit is vragen om spam en spyware)
Klik op de blauwe balk boven dit bericht en kies profiel wijzigen.
Type dan een naam in die zichtbaar mag worden i.p.v. je mailadres.
Als je de discussie heb gelezen zou ik graag de logjes willen zien van:
Mbam
Adwcleaner
HijackThis
Hierna kunnen we je verder helpen.
Gr.Ben
Ondertussen zelf al even aan het stoeien geweest en als het goed is moet het nu weg zijn.. Hier de logs.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:25, on 3-12-2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: “C:\Program Files\Norton Internet Security\osCheck.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM\..\Run: “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDYA7ELV\MediaPlayerUpgrade.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\WinSecureAv\bm.exe” dm=http://winsecureav.com ad=http://winsecureav.com sd=http://ykeeper.winsecureav.com
O4 - HKLM\..\Run: C:\Program Files\WinSecureAv\ptask.exe
O4 - HKLM\..\Run: C:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: C:\Users\Eigenaar\AppData\Roaming\WinFB2.exe
O4 - HKLM\..\Run: “D:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Users\Eigenaar\AppData\Roaming\WinFB2.exe
O4 - HKCU\..\Run: C:\Users\Eigenaar\AppData\Roaming\Croaoc.exe
O4 - HKCU\..\Run: “C:\Users\Eigenaar\AppData\Local\Akamai\netsession_win.exe”
O4 - HKCU\..\Run: “J:\Program Files\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll c:\progra~1\sophos\sophos~1\sophos~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
–
End of file - 9087 bytes
# AdwCleaner v2.011 - Verslag gemaakt op 04/12/2012 om 18:17:58
# Geactualiseerd op 02/12/2012 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Premium (32 bits)
# Gebruiker : Eigenaar - PC_VAN_EIGENAAR
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Eigenaar\Downloads\adwcleaner.exe
# Optie
***** *****
***** *****
File Verwijdert : C:\Users\Eigenaar\AppData\Local\funmoods-speeddial_sf.crx
Map Verwijdert : C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
***** *****
Data Verwijdert : HKLM\..\Windows = c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Crossrider
Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes
***** *****
-\\ Internet Explorer v7.0.6000.17037
Het register bevat geen enkele ongeoorloofde invoer.
-\\ Google Chrome v23.0.1271.95
File : C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Preferences
De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.09.29.05
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
Eigenaar :: PC_VAN_EIGENAAR
3-12-2012 18:35:31
mbam-log-2012-12-03 (18-35-31).txt
Scantype: Volledige scan (C:\|D:\|F:\|J:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 383571
Verstreken tijd: 2 uur/uren, 15 minuut/minuten, 34 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 2
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Winupdate32 (Trojan.Agent.Gen) -> Data: C:\Users\Eigenaar\AppData\Roaming\WinFB2.exe -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 2
C:\Users\Eigenaar\AppData\Local\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
emptyclsid;
emptyjava;
emptyflash;
emptyCHRcache;
emptytemp;
filesrcm;
startupall;
emptyIEcache;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
Zoek.exe Version 3.0.0.4 Updated 03-December-2012
Tool run by Eigenaar on wo 05-12-2012 at 17:22:56,01.
Microsoft® Windows Vista™ Home Premium 6.0.6000 x86
Running in: Normal Mode Internet Access Detected
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Eigenaar\AppData\Local\Temp ====
2012-12-05 16:07:40 B5B5BC08EC2B4AD3FD2D50AD0C4C53BB 58736 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\symlcsv1.exe
2012-12-03 21:25:50 52F21EB2C7960E8523C64A867D7C6A06 580883 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\installer.exe
2012-12-03 18:16:19 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\56415uninstall.exe
2012-11-30 18:06:50 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\35713uninstall.exe
2012-11-30 17:43:16 AE7E0C99C5BC7D28325C0CD7885C851F 1062504 ——w- C:\Users\Eigenaar\AppData\Local\Temp\YontooSetup-S.exe
2012-11-25 20:22:06 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\63099uninstall.exe
2012-11-25 19:04:49 7704B843006444B69486FD27D4660845 3380216 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\SIMEEIInstaller.exe
2012-11-25 19:04:48 F888959350086A5C75976E4E97ED23CC 2962432 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\SIMEEI2Installer.exe
2012-11-25 19:04:03 251326838643B61415694F6EB0C2D3E9 526680 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\Shortcut_sweetimsetup (1).exe
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2012-12-03 17:33:44 500D089CE760D83DA2B6CBA681AA9949 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
====== C:\Windows\Tasks ======
2012-11-25 19:35:08 20EA86D62840AEBCCAF9E43FE3E5D8E0 1048 —-a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-25 19:35:06 D3C76AA1EC73631D7C6698AA7FBE8E68 1044 —-a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2012-12-03 17:57:11 ——– d—–w- C:\Program Files\Webteh
2012-11-28 16:22:30 ——– d—–w- C:\Program Files\Red Sky
======= C: =====
2012-12-04 17:17:58 34EA0A28670BD6BF6E609CCD17F01594 2764 —-a-w- C:\AdwCleaner.txt
2012-12-03 21:26:12 3A82EED8932C1FD51428FD3BF2C72AA7 2833 —-a-w- C:\AdwCleaner.txt
2012-12-03 17:30:51 86F694ADDBE5D1AC69B6847F6CAFB210 1373 —-a-w- C:\AdwCleaner.txt
2012-12-02 17:50:40 CEB1A54B8864876EF46FC8827BC11E15 3447 —-a-w- C:\AdwCleaner.txt
2012-11-28 15:42:33 1D5F9CACEB657D422C72B20988AE6FBC 4831 —-a-w- C:\AdwCleaner.txt
2012-11-27 17:29:31 851BF881C547D471A4D7EA5187780AD1 4277 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Eigenaar\AppData\Roaming ======
2012-12-03 18:13:04 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\VideoPlayerPackages
2012-11-30 17:43:49 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\AudioConverterPackages
2012-11-30 17:36:34 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\VideoConverterPackages
2012-11-28 16:23:35 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\WinRAR
2012-11-28 16:22:36 ——– d—–w- C:\users\Eigenaar\AppData\Local\DownTango
2012-11-25 20:36:17 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\TestApp
2012-11-25 19:33:07 92D731932167FFF6C4D682310EFE4FD3 7887 —-a-w- C:\users\Eigenaar\AppData\Roaming\pcouffin.cat
2012-11-25 19:33:07 8E688E3230764E28D765FD8688B16E9D 1144 —-a-w- C:\users\Eigenaar\AppData\Roaming\pcouffin.inf
2012-11-25 19:33:07 5B6C11DE7E839C05248CED8825470FEF 47360 —-a-w- C:\users\Eigenaar\AppData\Roaming\pcouffin.sys
2012-11-25 19:33:07 254FBCA565E049648B0CCE2CEADF05D2 87608 —-a-w- C:\users\Eigenaar\AppData\Roaming\inst.exe
2012-11-25 19:33:06 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\Vso
2012-11-25 19:16:47 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\BSplayer Pro
2012-11-25 19:16:47 ——– d—–w- C:\users\Eigenaar\AppData\Roaming\BSplayer
====== C:\Users\Eigenaar ======
2012-11-25 20:36:20 ——– d—–w- C:\ProgramData\PC Tools
2012-11-25 19:32:37 ——– d—–w- C:\ProgramData\VSO
====== C: exe-files ==
2012-12-05 16:07:40 B5B5BC08EC2B4AD3FD2D50AD0C4C53BB 58736 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\symlcsv1.exe
2012-12-04 17:07:13 54B0C0CC000F31BFA2393C663235BBD7 540743 —-a-w- C:\Users\Eigenaar\Downloads\adwcleaner.exe
2012-12-04 17:06:33 FB8CC0F4CFFDB132D41305697836045C 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$I705EU4.exe
2012-12-04 17:06:33 F275AECBB2119D814F0E20E9CEE4C1F3 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$IGWKKJ5.exe
2012-12-04 17:06:33 CF3E3EE962B44A0E7A6B0D2A51BF4675 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$I51Q7K4.exe
2012-12-04 17:06:33 AE4AABA96A31916904118360CD68EB2B 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$I2UB646.exe
2012-12-04 17:06:33 49F64FC7C4568BD2EA9F5645C79D2065 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$IGMPWDO.exe
2012-12-04 17:06:33 483D75565BB0494CB384A1EEB946F76B 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$I8CGLKG.exe
2012-12-04 17:06:33 44F663CB7454471E708136BB89A0038C 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$IWQS56A.exe
2012-12-04 17:06:33 3FF80E2E6161D40D8B161DE93F9F2A56 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$IBJCACR.exe
2012-12-04 17:06:33 2FD033C35554D23F17F0E6D209A1C612 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$I1XH4XU.exe
2012-12-04 17:06:33 1BB58596CE76071977F741AC9960987A 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$INO7QPL.exe
2012-12-04 17:06:32 79CD94610C6F5175B8FF25211E6112B3 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$IPDNEDY.exe
2012-12-03 21:25:50 52F21EB2C7960E8523C64A867D7C6A06 580883 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\installer.exe
2012-12-03 18:16:19 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\56415uninstall.exe
2012-12-03 18:15:45 D31823B08F437DBE7923206829360053 1115032 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\4139860.Uninstall\Uninstall.exe
2012-12-03 18:10:50 D31823B08F437DBE7923206829360053 1115032 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$RPDNEDY.exe
2012-12-03 17:54:32 40FD07318F0212BF82BB1D3CA5F69C3A 10638576 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$RGWKKJ5.exe
2012-12-03 17:32:35 1EE6BF9C38EDA7A7F688D28C2BA2DBD8 10669952 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$RWQS56A.exe
2012-12-02 17:56:14 2616DE336678004F684DDBC41D131DF0 318088 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$RGMPWDO.exe
2012-12-02 13:06:44 BC53D6CFD9E46F02A36860A6A8AE1CE6 30659064 —-a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\23.0.1271.95\23.0.1271.95_chrome_installer.exe
2012-12-02 13:05:42 F216024A7DB5DD9B720D9D81FF128EB5 763440 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\GoogleUpdateSetup.exe
2012-12-02 13:05:42 56563114B47B3AE148B5C97C7800B78B 59344 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\GoogleUpdateBroker.exe
2012-12-02 13:05:42 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\GoogleUpdate.exe
2012-12-02 13:05:42 18FAFDD046CA6D9619E0796A66F65BA9 59344 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\GoogleUpdateOnDemand.exe
2012-12-02 13:05:41 AE5A69F44C1F97EDC83237FC0B29B6FB 212432 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\GoogleCrashHandler.exe
2012-12-02 13:05:41 41938F2C1642459CBBA691B5DBD6395A 279504 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\GoogleCrashHandler64.exe
2012-12-02 02:24:31 BC86BBB57CCDCF919F311C9E8EBF0DB3 670712 —-a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.95\23.0.1271.95_23.0.1271.91_chrome_updater.exe
2012-11-30 18:06:50 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\35713uninstall.exe
2012-11-30 18:01:42 211E5CA345A3BBB8C691FC8E6F5AA181 1115544 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\483993.Uninstall\Uninstall.exe
2012-11-30 17:59:06 C2B742ED7046E2DB977F64858F11A83B 1115544 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\328444.Uninstall\Uninstall.exe
2012-11-30 17:43:16 AE7E0C99C5BC7D28325C0CD7885C851F 1062504 ——w- C:\Users\Eigenaar\AppData\Local\Temp\YontooSetup-S.exe
2012-11-30 17:42:14 C2B742ED7046E2DB977F64858F11A83B 1115544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$R8CGLKG.exe
2012-11-30 17:34:21 211E5CA345A3BBB8C691FC8E6F5AA181 1115544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$R2UB646.exe
2012-11-29 12:59:14 41B6F86196E318B0F746609E88E61E31 523928 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\131B8061-BAB0-7891-B693-79576A15E2EA\Latest\setup2.exe
=== C: other files ==
2012-12-04 17:06:33 7B1FBD1FEC9F68E1163305CB77A6F4E6 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$I2QCKDO.zip
2012-12-03 21:26:05 C7625B1599C0AF2885BFD3436D4484EC 481 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\Uninst.bat
2012-12-03 18:13:45 1330F8A5264D02B7D62DC976F74458C3 290500 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\scoped_dir_1136_7992\funmoods-speeddial_sf.crx
2012-12-03 17:33:44 500D089CE760D83DA2B6CBA681AA9949 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-02 13:05:47 B1BEC149287ABB04F1D9E2E2556159A5 28112 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_vi.dll
2012-12-02 13:05:47 B07516B5E0D0AC8EE91FE8D746A01690 159696 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\psuser.dll
2012-12-02 13:05:47 AA8741CCF37572960C231B99FFB3CA3F 159696 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\psmachine.dll
2012-12-02 13:05:47 90F2B31C13F1DCA7B08B0CB1B3E2C10F 21968 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_zh-CN.dll
2012-12-02 13:05:47 8343DBAEF8CF37A44DBECB9CCBFEAA33 572880 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\npGoogleUpdate3.dll
2012-12-02 13:05:47 30ECC285370B32EE4F48B911A8A8AE94 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ur.dll
2012-12-02 13:05:47 274DB972D4BE3C523935C0821FE45BC2 21968 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_zh-TW.dll
2012-12-02 13:05:46 FAE6C66C616BBB72372C4B2A5A04360F 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_uk.dll
2012-12-02 13:05:46 F1B2A4096A666A38032872BF40BDD735 30160 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ta.dll
2012-12-02 13:05:46 6D270202AB6231B0546F45C6B0F78BA9 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_sl.dll
2012-12-02 13:05:46 67DEA5CB37A195A019F158725C4B589F 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_tr.dll
2012-12-02 13:05:46 409915124AEBDC4F3A362A1191512726 27600 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_th.dll
2012-12-02 13:05:46 3010B55C4A849838408029C30A122933 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_sv.dll
2012-12-02 13:05:46 27707013B5B048E81F6D576D783EE857 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_sr.dll
2012-12-02 13:05:46 0D7BFF1467E72C27A5773C57B388114F 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_sw.dll
2012-12-02 13:05:46 0C45289F651FA6508352EE23FB1F59B6 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_te.dll
2012-12-02 13:05:45 F08AB6DCB4C0B8D88FAA6AF17B4DD432 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ro.dll
2012-12-02 13:05:45 EDA0381FC6372F8490067911767D0365 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_mr.dll
2012-12-02 13:05:45 E817C85652C55C6253AD150B6FF90B6C 30160 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_nl.dll
2012-12-02 13:05:45 C3C20861B75405DF8E28A2A725947D89 28112 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_lt.dll
2012-12-02 13:05:45 B7FC55141D45191CF081B484D63D62AB 23504 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ko.dll
2012-12-02 13:05:45 B7A4EE43FB1B1D6BB19EE6BDC240F78C 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_no.dll
2012-12-02 13:05:45 8BCA304C5D3BDC3959C4D99A9083F642 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_pt-PT.dll
2012-12-02 13:05:45 8B7C54689B651ADD160D23F9B1D8DDBA 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_pt-BR.dll
2012-12-02 13:05:45 7A3B55C05B035042B4DCAD7FF9365E1B 30160 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_pl.dll
2012-12-02 13:05:45 72DDB231C46B4A09CB9591D58DFA1962 28112 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ms.dll
2012-12-02 13:05:45 40E11DD251F02B987D0B995885D3994C 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ru.dll
2012-12-02 13:05:45 3E01B6EA01B98196C9FE9134F10EA540 31696 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ml.dll
2012-12-02 13:05:45 38E72B2FFEF8CFF5A7091B31C181D2B8 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_sk.dll
2012-12-02 13:05:45 176E174BF32526BAB1379D5980D5E5E9 30160 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_lv.dll
2012-12-02 13:05:44 E6C58DEA62E4D92CA49AE24D711727AB 24528 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ja.dll
2012-12-02 13:05:44 CA7528A88F08C964FF8DE7E4E1FC8755 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_gu.dll
2012-12-02 13:05:44 C86FC340FF9C88CD8089BEDF9152B274 30672 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_it.dll
2012-12-02 13:05:44 C7DFBBC772A6DAEAEB725F4E73B48E88 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_hr.dll
2012-12-02 13:05:44 ABBDE334F87F01BC0BEE7475E8AE4695 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_fi.dll
2012-12-02 13:05:44 7F6FDF281EE7637E21F94012093113E6 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_is.dll
2012-12-02 13:05:44 6CD4714AC13ED448DBDC67746A67A353 28112 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_id.dll
2012-12-02 13:05:44 5C32F6FE36113D5B5A5C6C1B3B3ACC3B 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_kn.dll
2012-12-02 13:05:44 3E2B125434238773F45DC79D415E3AF7 30160 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_fil.dll
2012-12-02 13:05:44 3B7445912C5453A165C2483289FB461B 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_hu.dll
2012-12-02 13:05:44 2C345EDA29309E6BC6B76554E9B35F44 26064 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_iw.dll
2012-12-02 13:05:44 16DA319C49F028E978822E8BB1963E5A 30672 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_fr.dll
2012-12-02 13:05:44 127F00FE67E9EACA7E2788468D1987C8 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_hi.dll
2012-12-02 13:05:43 F8810FB106BDA89469C68CF4902AD2CA 31184 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_es.dll
2012-12-02 13:05:43 F3E8BCE306D64540762F9CE259A8B11B 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_da.dll
2012-12-02 13:05:43 D1B4C6060F3956D9EC705947599B0F99 28112 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_en-GB.dll
2012-12-02 13:05:43 C4ABA43E88B0F11F07F14C593A76BE20 29648 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ca.dll
2012-12-02 13:05:43 AC2BE73471AF297387DA018E8095834E 31184 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_de.dll
2012-12-02 13:05:43 66F55491CA6872C479CE996BB629E2C2 29136 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_es-419.dll
2012-12-02 13:05:43 62DBD114F7C68EC125AF414188BDAE82 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_cs.dll
2012-12-02 13:05:43 53B95D3CB3C40CDCE7C93A52FCA92A12 28112 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_et.dll
2012-12-02 13:05:43 430F1EED95FD728BB615DA0E03239479 30672 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_el.dll
2012-12-02 13:05:43 34FFAA567C4BC724920604005B17DD29 27600 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_fa.dll
2012-12-02 13:05:43 2368136FF8B2EDDADD5D81EE04693A36 27600 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_en.dll
2012-12-02 13:05:42 D39F2EE5A8A2EBC855D3209B2B9B49BB 28624 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_bn.dll
2012-12-02 13:05:42 8642C2B668760705618D19C756540DCA 25040 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_am.dll
2012-12-02 13:05:42 24774899F86A8D2F8CCFCC47711430C5 30160 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_bg.dll
2012-12-02 13:05:42 2279AB7467E22CA7698AC4FEFE93B44D 26576 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdateres_ar.dll
2012-12-02 13:05:42 07F7AE68602448F4B6D5A9A40BBA977C 834000 —-atw- C:\Users\Eigenaar\AppData\Local\Temp\{2629CCAB-7A8E-4613-8FAE-D8890612D848}\goopdate.dll
2012-11-30 17:39:30 D824D758EE83599348EC04DD4276934D 13136 —-a-w- C:\$Recycle.Bin\S-1-5-21-2010709158-3741065282-913981132-1000\$R2QCKDO.zip
2012-11-30 17:35:24 0F66E8E2340569FB17E774DAC2010E31 520234 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\131B8061-BAB0-7891-B693-79576A15E2EA\Latest\sqlite3.dll
2012-11-30 17:35:23 39EFC6BD073A446EB539BF100A3DE1B1 5120 —-a-w- C:\Users\Eigenaar\AppData\Local\Temp\131B8061-BAB0-7891-B693-79576A15E2EA\Latest\IECookieLow.dll
==== Startup Registry Enabled ======================
“WindowsWelcomeCenter”=“rundll32.exe oobefldr.dll,ShowWelcomeCenter”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”
“WindowsWelcomeCenter”=“rundll32.exe oobefldr.dll,ShowWelcomeCenter”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe”
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background”
“Croaoc”=“C:\Users\Eigenaar\AppData\Roaming\Croaoc.exe”
“Akamai NetSession Interface”=“C:\Users\Eigenaar\AppData\Local\Akamai\netsession_win.exe”
“Spotify Web Helper”=“J:\Program Files\Spotify\Data\SpotifyWebHelper.exe”
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe”
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“Bar”="C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDYA7ELV\MediaPlayerUpgrade.exe"
“bm”=“C:\Program Files\Common Files\WinSecureAv\bm.exe dm=http://winsecureav.com ad=http://winsecureav.com sd=http://ykeeper.winsecureav.com”
“ptask”=“C:\Program Files\WinSecureAv\ptask.exe”
“Sophos AutoUpdate Monitor”=“C:\Program Files\Sophos\AutoUpdate\almon.exe”
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe -atboottime”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“Winupdate32”=“C:\Users\Eigenaar\AppData\Roaming\WinFB2.exe”
“UnlockerAssistant”=“D:\Program Files\Unlocker\UnlockerAssistant.exe”
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe”
“Windows Defender”=“%ProgramFiles%\Windows Defender\MSASCui.exe -hide”
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe”
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background”
“Croaoc”=“C:\Users\Eigenaar\AppData\Roaming\Croaoc.exe”
“Akamai NetSession Interface”=“C:\Users\Eigenaar\AppData\Local\Akamai\netsession_win.exe”
“Spotify Web Helper”=“J:\Program Files\Spotify\Data\SpotifyWebHelper.exe”
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\CreateChoiceProcessTask.job –a—— C:\Windows\System32\browserchoice.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Eigenaar.job –a—— C:\PROGRA1\NORTON1\NORTON1\Navw32.exe
C:\Windows\tasks\RegistryBooster.job –a—— C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eigenaar\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty Chrome Cache ======================
C:\users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Eigenaar\AppData\Local\Temp successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Eigenaar\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat” not found
“C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
“C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
Hallo,
Doe dan het volgende:
Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar het onderstaande indien aanwezig aangezien deze een dubieuze reputatie hebben.
WinSecureAv
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
;ra
“Croaoc”=-;r
;ra
“Winupdate32”=-;r
“ptask”=-;r
“bm”=-;r
C:\Program Files\Common Files\WinSecureAv;fs
C:\Program Files\WinSecureAv;fs
C:\Users\Eigenaar\AppData\Roaming\WinFB2.exe;f
C:\Users\Eigenaar\AppData\Roaming\Croaoc.exe;f
C:\Windows\tasks\CreateChoiceProcessTask.job;f
C:\Windows\System32\browserchoice.exe;f
emptyclsid;
emptytemp;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
Zoek.exe Version 3.0.0.4 Updated 03-December-2012
Tool run by Eigenaar on wo 05-12-2012 at 19:20:52,55.
Microsoft® Windows Vista™ Home Premium 6.0.6000 x86
Running in: Normal Mode Internet Access Detected
==== Registry Lines To Reset ACL ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Reset Succesfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Reset Succesfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“Croaoc”=-
“Winupdate32”=-
“ptask”=-
“bm”=-
==== Deleting Files \ Folders ======================
“C:\Users\Eigenaar\AppData\Roaming\WinFB2.exe” not found
“C:\Users\Eigenaar\AppData\Roaming\Croaoc.exe” not found
“C:\Program Files\Common Files\WinSecureAv” not found
“C:\Program Files\WinSecureAv” not found
“C:\Windows\System32\browserchoice.exe” not deleted
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Eigenaar\AppData\Local\Temp successfully emptied
==== Deleting Files / Folders ======================
“C:\Windows\System32\browserchoice.exe” not deleted
Hallo,
Je zal denken wat zijn we aan het doen maar je had/heb een rouge scanner WinSecureAV
Je kan alvast al je wachtwoorden op via een andere pc veranderen.
Doe op deze pc nog geen bankzaken tot hij schoon is.
Download: Emsisoft Emergency Kit 3.0 Portable
Opmerkingen:de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
Opstarten:
Start door de map "EmsisoftEmergencyKit" te openen
Windows 2000 en Windows XP: dubbelklik op “Start.exe”.
Windows Vista en Windows 7: via rechtsklik op “Start.exe” en kies voor “Als Administrator uitvoeren”.
Scannen:
Klik nu in het keuzescherm op "Emergency Kit Scanner" en aansluitend komt dan de melding,
dat het is aanbevolen om eerst te updaten.
Doe dit dan ook door te klikken op "Ja"
Wanneer het updaten gereed is volgt de melding "Update proces is succesvol afgerond"
Klik nu op"Menu“ en dan op ”Scan PC"
Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
Klik aansluitend op de knop "Scan"
Wees geduldig en doe verder niets met de computer gedurende de scan,
daar de scan geruime tijd kan duren.
Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.
Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "Verwijder geselecteerde" - dan zal de volgende melding komen:
Klik aansluitend dus op "Ja"
Wanneer het verwijderen klaar is, klik dan op de knop "View report" en selecteer het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.
Notabene: Herstart nu de computer.
Gr.Ben
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's