Mededeling

Collapse
No announcement yet.

PUM.UserWLoad & Trojan.Ransom

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • PUM.UserWLoad & Trojan.Ransom

    Goedemorgen,

    Ik krijg de bovengenoemde problemen niet van mijn laptop af. Heb al meerdere scans gedaan met Malwarebytes, deze vind ze en verwijderd ze maar na reboot vind hij ze weer en staan er 2 icoontjes op mijn d en e schijf "explorer".

    Kan iemand mij helpen dit te verwijderen?

    bvd

  • #2
    Download Zoek.zip naar het bureaublad.
    1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
    2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

    • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
      Code:
      [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers];e
      torpigcheck;
      emptyclsid;
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      autoclean; 
      iedefaults; 
      filesrcm;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Beste Juisterr,

      Als ik dat doe krijg ik de melding dat hij bezig is en vervolgens verschijnt er alleen een txt bestand. Ik heb nergens de mogelijkheid om wat in te vullen..

      Comment


      • #4
        Hoi ik bemoei me er even mee

        2 mogelijke oplossingen:

        1. Zoek.exe in veilige modus opstarten
        2. analyse.exe gebruiken, de downloadlink daarvan staat op de zelfde pagina dan die van zoek.zip
        Als je analyse.exe hernoemd naar autoclean.exe dan wordt er meteen een opschoning uitgevoerd.

        Comment


        • #5
          Sorry ik was iets te snel, na een aantal reboots heeft het gewerkt:


          Zoek.exe Version 4.0.0.5 Updated 30-November-2013
          Tool run by Jonathan on do 05-12-2013 at 15:49:57,25.
          Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
          Running in: Normal Mode Internet Access Detected
          Launched: C:\Users\Jonathan\Desktop\zoek.exe [Script inserted]

          ==== Older Logs ======================

          C:\zoek-results2013-12-05-143106.log 313 bytes
          C:\zoek-results2013-12-05-143256.log 313 bytes
          C:\zoek-results2013-12-05-143636.log 361 bytes

          ==== Torpig Check ======================

          HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
          HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll


          ==== Empty Folders Check ======================

          C:\PROGRA~2\Comodo deleted successfully
          C:\PROGRA~2\PokerStars.EU deleted successfully
          C:\ProgramData\Oracle deleted successfully
          C:\Users\Jonathan\AppData\Local\ms-drivers deleted successfully
          C:\Users\Jonathan\AppData\Local\PokerStars.EU deleted successfully

          ==== Creating Sample_05-12-2013_1557.zip ======================

          Copied file C:\Users\Jonathan\Nero_BurningROM2014-15.0.03600_trial.exe to sample\Nero_BurningROM2014-15.0.03600_trial.exe
          Copied file C:\Users\Jonathan\updatev2.exe to sample\updatev2.exe
          Copied file C:\ProgramData\cis2638.exe to sample\cis2638.exe
          sample\cis2638.exe renamed to 0AC6CDDC08818DC98D97519F61D6F60C
          sample\Nero_BurningROM2014-15.0.03600_trial.exe renamed to DAC49AB7892AACA9D03F20695ACE3FF7
          sample\updatev2.exe renamed to 7AEE07E0D6733838254E4302706FBFC5

          C:\Users\Public\Desktop\sample_05-12-2013_1557.zip created successfully

          ==== Deleting CLSID Registry Keys ======================


          ==== Deleting CLSID Registry Values ======================


          ==== Deleting Services ======================


          ==== FireFox Fix ======================

          ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\dpwuqvvr.default

          user.js not found
          ---- Lines imesh removed from prefs.js ----
          user_pref("[email protected]_DE_UNI122_106847_Units_Ship", "{\"version\":1,\"33644281\":{\"timeShip\":23015893}}");
          user_pref("[email protected]_NL_UNI107_100027_Units_Ship", "{\"version\":1,\"33620210\":{\"203\":500,\"210\":100,\"212\":827,\
          user_pref("[email protected]_NL_UNI107_100189_Units_Ship", "{\"version\":1,\"33620372\":{\"203\":400,\"210\":105,\"212\":995,\
          user_pref("[email protected]_NL_UNI1_171716_Units_Ship", "{\"version\":1,\"34717220\":{\"210\":14,\"212\":1200,\"timeShip\":23
          user_pref("[email protected]_NL_UNI3_148878_Units_Ship", "{\"version\":1,\"34388272\":{\"timeShip\":23012704},\"34451357\":{\"
          ---- FireFox user.js and prefs.js backups ----

          prefs_05-12-2013_1557_.backup

          ==== Deleting Files \ Folders ======================

          C:\Users\Jonathan\AppData\Roaming\ParetoLogic deleted
          C:\Users\Jonathan\AppData\Roaming\DriverCure deleted
          C:\ProgramData\ParetoLogic deleted
          C:\Users\Jonathan\Nero_BurningROM2014-15.0.03600_trial.exe deleted
          C:\Users\Jonathan\updatev2.exe deleted
          C:\ProgramData\cis2638.exe deleted

          ==== Registry Exports ======================

          [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers]

          [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
          @="{217FC9C0-3AEA-1069-A2DB-08002B30309D}"

          [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
          @="{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"


          ==== Registry Exports x64 ======================

          [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers]

          [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
          @="{217FC9C0-3AEA-1069-A2DB-08002B30309D}"

          [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
          @="{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"


          ==== Files Recently Created / Modified ======================

          ====== C:\Windows ====
          2013-12-04 20:30:30 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagerr.xml
          2013-12-04 20:30:30 BCDEA76A1C4D4E400357A3F2988B255E 2562 ----a-w- C:\Windows\diagwrn.xml
          ====== C:\Users\Jonathan\AppData\Local\Temp ====
          2013-12-04 21:33:49 D79F070423FDD3F01CE8C2BA3FBBC8ED 32768 --sha-w- C:\Users\Jonathan\AppData\Local\Temp\msozurxap.exe
          2013-12-03 15:39:04 F9633132CA8F2D23A3D10FFCAEE5A662 20472 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\x64\Teamviewer_PrintProcessor.dll
          2013-12-03 15:39:04 E3D8ED6BFB16807A7512F68FC3ABDD27 321376 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\outlook\TeamViewerMeetingAddIn.dll
          2013-12-03 15:39:04 A6069A05933CB45AEE3D229639ED2FDE 3009888 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_StaticRes.dll
          2013-12-03 15:39:04 69C802B621D2102625B7094EE8F42DE3 114016 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\tv_x64.dll
          2013-12-03 15:39:04 32815AC1E225CF9613763D1B338167C3 370016 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Resource_nl.dll
          2013-12-03 15:39:04 2065D81BA8A73EFC2D27397C803DD8F0 343904 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Resource_en.dll
          2013-12-03 15:39:04 13BDE657EAC492D047CCCDC69882EB35 95584 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\tv_w32.dll
          2013-12-03 15:39:03 E3D0F35027BCA5AF7275DBC06A22E831 232800 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe
          2013-12-03 15:39:03 9CC341BE32EEC138702795768DE9DE99 5316448 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service.exe
          2013-12-03 15:39:03 48404DF4B2E0279AF22F96BEBC514E91 462480 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\uninstall.exe
          2013-12-03 15:39:03 3C60ABF0D4A10AA2D994F327990B0CF4 195936 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
          2013-12-03 15:39:03 2B004F62CB93417AB5A92ECCE351A511 13464928 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
          2013-12-03 15:39:03 1F5FC36326A64507E4C846B3324B6CE5 4666208 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
          2013-12-02 20:05:37 FFF958A8B476A2FDD97A3A83EDA4591B 866816 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\burningromh elpchm\nero.burningromhelpchm.msi
          2013-12-02 20:05:37 60A4D52756B66471C69949371CFB3828 3689984 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\burningcore \nero.burningcore.msi
          2013-12-02 20:05:37 32699978B4B1D3D0E4CD189A7D3E0766 4019712 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\burningrom\ nero.burningrom.msi
          2013-12-02 20:05:35 C4DCFC4316FC0B1DFBE0E6816BD40A04 2143232 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\controlcent er\nero.controlcenter.msi
          2013-12-02 20:05:35 AAA66E9F2C20EBFFF88915B583F8F2D0 867328 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\controlcent erhelpchm\nero.controlcenterhelpchm.msi
          2013-12-02 20:05:34 75361F09BA980B0B77AB60A6A8B92B36 2602496 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\corecompone nts\nero.corecomponents.msi
          2013-12-02 20:05:33 DCF07996347AE673AED11350505B7E7C 1164800 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\prerequisit es\nero.prerequisites.msi
          2013-12-02 20:05:32 9ED48DD28862B05798C6561B740856D4 867328 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\sharedvideo codecs\nero.sharedvideocodecs.msi
          2013-12-02 20:05:32 484FFB097DA921660C64E414549043FD 1291776 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\applications\update\Nero .Update.msi
          2013-12-02 20:05:31 F4C3B67E5392B5926C3AAAA302EECC50 11838976 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\LS_HSI.msi
          2013-12-02 20:05:31 92A1B1C178AF342AD1E85CEE782ED046 81920 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\LSDriveDetect.exe
          2013-12-02 20:05:30 CEDE02D7AF62449A2C38C49ABECC0CD3 4995416 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\mic rosoftVcRedist2010Sp1X86\vcredist_x86.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindowsxpX86\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindows6.0X86\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindows6.0X64\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\mic rosoftVcRedist2010Sp1X86\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\PRQStarter-1.exe
          2013-12-02 20:05:30 A525514358477366B548299468A77EAD 90384 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\LS_LAUNCHER.exe
          2013-12-02 20:05:29 943566945E7CE22ADB1701A44FE745A2 1503568 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\ope ncandy\InstallHelper.exe
          2013-12-02 20:05:29 448447E0BA4560CD558EDDB5F5B0809E 3327000 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindowsxpX86\WindowsXP-KB942288-v3-x86.exe
          2013-12-02 20:05:28 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\sys temRequirementValidator\PRQStarter-1.exe
          2013-12-02 20:05:28 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\reb ootValidator\PRQStarter-1.exe
          2013-12-02 20:05:28 3FCCD20F89D4D186890128EF3F878366 2566416 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\sys temRequirementValidator\NeroOSValidator.exe
          2013-12-02 20:05:27 21AF85AD8FDE5193D46320DDE22C07D5 26379264 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\nero.neroburningrom2014. msi
          2013-12-02 20:05:26 3565A8C54A405F7C332F39254D3C8AB9 727968 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\setup.exe
          2013-12-02 10:52:14 3D00A66C3DE393872E15EB41E7FCE502 5899504 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_.exe
          2013-11-27 19:43:39 EBAA82794DC2B1F387ECC14D5A7AF3EC 77712 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpvplui09.dll
          2013-11-27 19:43:39 CE1CF05A6C743DD1ECC6ABFA4D58FE45 622992 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\drivers\scanner\x64\HPWia2_PS6510.dll
          2013-11-27 19:43:39 C023536D564E601DD501192829412059 617360 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\drivers\scanner\x64\HPWia1_PS6510.dll
          2013-11-27 19:43:39 B41F2737A7C600BE8093DE3B2E988040 499088 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\drivers\scanner\x32\HPWia2_PS6510.dll
          2013-11-27 19:43:39 B3E573761417F4E69F60E3853934712B 762368 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\unires.dll
          2013-11-27 19:43:39 99413578E13C886F588A6A028C7CAB48 74640 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpvplui09.dll
          2013-11-27 19:43:39 8B43B71E6D946C4F5531981FC146A102 375296 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\unidrv.dll
          2013-11-27 19:43:39 70A72FC276267DBFDB39AC1FD358CFE0 884224 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\unidrvui.dll
          2013-11-27 19:43:39 6B7622CA9F9E218B37A4CA89CCD2BD3C 747520 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\unidrvui.dll
          2013-11-27 19:43:39 683A1A283E35024BE0AC868F22EAE3A4 237456 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpvplres09.dll
          2013-11-27 19:43:39 416EDAF698AE65E4A0E744299B259361 762368 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\unires.dll
          2013-11-27 19:43:39 3120C6545F49B9B396A817236873F4BA 495504 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\drivers\scanner\x32\HPWia1_PS6510.dll
          2013-11-27 19:43:39 23254504715304230075FDD8E4A8410E 237456 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpvplres09.dll
          2013-11-27 19:43:39 10082D5492C7BD118FE703AC6CCB8AFC 479232 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\unidrv.dll
          2013-11-27 19:43:38 FD9E709D6107F039A9533DE5FE316E73 324152 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\utils\x86\DIFxAPI.dll
          2013-11-27 19:43:38 EB2D0DF175A4B9EC7A99E781EFEA0477 556432 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpfime51.dll
          2013-11-27 19:43:38 DD9923AED4D2EFC0E40358A0582940BD 268688 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpinkstsA511LM.dll
          2013-11-27 19:43:38 AFE4BF5F69104C811C5BFFEBD87C9F89 661904 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpinkstsA511.dll
          2013-11-27 19:43:38 AD585A28F3751990456F6FDAD74FEBA5 269712 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpinkcoiA511.dll
          2013-11-27 19:43:38 94A13BB15B305F12D6991830E072EE15 2729872 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\drivers\scanner\x64\HPScanTRDrv_PS6510.dll
          2013-11-27 19:43:38 7A59F8C2A9F0210CABD3445EAAED9C5A 538512 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpfime51.dll
          2013-11-27 19:43:38 70A5E495BD4D6E3AC4A6B49DC6051F14 505232 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpvpldrv09.dll
          2013-11-27 19:43:38 6BA173CCFE3D6C512B1331649CA40424 590224 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpvpldrv09.dll
          2013-11-27 19:43:38 585D2EB9FBED6B7B9D0107BFB5C94043 531512 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\utils\x64\DIFxAPI.dll
          2013-11-27 19:43:38 561CB3293B381D4E223457202F11E795 331664 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpinkstsA511LM.dll
          2013-11-27 19:43:38 50BB37944696B2CDEA1708BB1B170A15 529808 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpinkstsA511.dll
          2013-11-27 19:43:38 488697A005102B0E452566C14E5B01FC 1985424 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\drivers\scanner\x32\HPScanTRDrv_PS6510.dll
          2013-11-27 19:43:38 166AD61D2055F8577C39EF494D0A9FAB 220560 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpinkcoiA511.dll
          2013-11-27 19:43:37 E48077AAE55A33AE3F8C59D293A88E6B 890272 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Toolbar\smartprintsetup.exe
          2013-11-27 19:43:37 E0F71158825F5E0A94A6829D2BAF31B7 1719912 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Setup.exe
          2013-11-27 19:43:32 FB0D5236CB97604C26E4ED0EE3561461 2873232 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\amd64\hpinkinsA511.exe
          2013-11-27 19:43:32 E4848F7374052BB6569E81063E18B125 2216336 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\i386\hpinkinsA511.exe
          2013-11-27 19:43:32 BE215EB72965C7A198479085195C877D 5671192 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Toolbar\BingBarSetup.exe
          2013-11-27 19:43:32 BBC82E175B89511A97C69339D3E6E2E9 307304 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\utils\x64\RemovePreinstalledDrivers.exe
          2013-11-27 19:43:32 AE2A23229873B9CDC2E9E319BD692B20 1773672 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Optional\RLBootstrap.exe
          2013-11-27 19:43:32 98FE94DC34015805C20DB7E0AF75A920 255592 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\utils\x86\RemovePreinstalledDrivers.exe
          2013-11-27 19:43:32 2A03C3ED11EE3B3029DE485A7250B0A1 11502184 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\HP-DQEX5.exe
          2013-11-27 19:43:32 0A30836BCD754C2CED78706FDF69EC42 198248 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\utils\hpUrlLauncher.exe
          2013-11-27 19:43:29 F701865EE85146072FFF412B2B28C82C 126976 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Optional\lp-ps6510MSI.msi
          2013-11-27 19:43:29 94D51E5DEADDA681517C463D0C2858A4 964096 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Optional\HP Update.msi
          2013-11-27 19:43:29 8469E01FF0406350C982C503ADC93657 3039232 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\P6510x86.msi
          2013-11-27 19:43:29 6016E55D7620E2FB9CA4ABD4F0174411 3239936 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\P6510x64.msi
          2013-11-27 19:43:29 595B85DBB11E139643DCE81FE3F47AE8 245760 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Optional\P651Ux64.msi
          2013-11-27 19:43:29 1D7840A4932970086D9E16C5E64759F2 245760 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\7zS5678\Optional\P651Ux86.msi
          ====== Java Cache =====
          ====== C:\Windows\SysWOW64 =====
          2013-12-05 14:43:58 D0AAAE16BA162DD89D646887F1539855 1700352 ----a-w- C:\Windows\SysWOW64\gdiplus.dll
          2013-12-05 14:43:58 CA2F560921B7B8BE1CF555A5A18D54C3 348160 ----a-w- C:\Windows\SysWOW64\msvcr71.dll
          2013-12-05 14:43:58 1FD3F9722119BDF7B8CFF0ECD1E84EA6 1060864 ----a-w- C:\Windows\SysWOW64\mfc71.dll
          2013-12-03 10:08:15 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\Windows\SysWOW64\elshyph.dll
          2013-12-03 10:08:14 F705F52FC41577641E82B9934728B02C 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll
          2013-12-03 10:08:14 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
          2013-12-03 10:08:14 B68750104FBA545C633B7E9AEA660208 2166272 ----a-w- C:\Windows\SysWOW64\iertutil.dll
          2013-12-03 10:08:14 B5EB5BD3066959611E1F7A80FD6CC172 1818112 ----a-w- C:\Windows\SysWOW64\wininet.dll
          2013-12-03 10:08:14 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\Windows\SysWOW64\jsIntl.dll
          2013-12-03 10:08:14 4A7956EE34BE56D20C54CF6A47693C25 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
          2013-12-03 10:08:14 44D5C650C971910827EA65B4D989ED94 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
          2013-12-03 10:08:14 2EE1E467D73642AFDDB03019F58C252B 1156608 ----a-w- C:\Windows\SysWOW64\urlmon.dll
          2013-12-03 10:08:14 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\Windows\SysWOW64\msls31.dll
          2013-12-03 10:08:14 22868FAAF9C851BFA924B8D7EDB6CBC1 11220992 ----a-w- C:\Windows\SysWOW64\ieframe.dll
          2013-12-03 10:08:13 FB0D1CC2911A0645DDA6C0608473EB55 34816 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
          2013-12-03 10:08:13 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\SysWOW64\ieuinit.inf
          2013-12-03 10:08:13 EC7038154490E50ACD405A022F51B204 83456 ----a-w- C:\Windows\SysWOW64\inseng.dll
          2013-12-03 10:08:13 D9F12F54E3B5A092F1D5F191F5286E53 337408 ----a-w- C:\Windows\SysWOW64\html.iec
          2013-12-03 10:08:13 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\Windows\SysWOW64\url.dll
          2013-12-03 10:08:13 C3B0DBD04CC18574B0706CA119902474 367104 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
          2013-12-03 10:08:13 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat
          2013-12-03 10:08:13 BE8B10D84DDD8F43A32EE013B54F5287 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
          2013-12-03 10:08:13 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\Windows\SysWOW64\licmgr10.dll
          2013-12-03 10:08:13 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\Windows\SysWOW64\tdc.ocx
          2013-12-03 10:08:13 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe
          2013-12-03 10:08:13 81A605B0F3A29A117AB83A08D40F772F 1926656 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
          2013-12-03 10:08:13 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe
          2013-12-03 10:08:13 6922D7ED84AE102504174922D5D42F49 238288 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
          2013-12-03 10:08:13 64831CAD496A073398853A34A5813675 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
          2013-12-03 10:08:13 5DFE55E0221F0C5FA4D6CECFA72B1D78 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
          2013-12-03 10:08:13 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll
          2013-12-03 10:08:13 433161597584186EF806EFC8EA530433 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
          2013-12-03 10:08:13 2AF48780D879AFC43733159CB29CD8BD 1051136 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
          2013-12-03 10:08:13 08B56CF57B7CE44315034247CC76D0F1 244736 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
          2013-12-03 10:08:13 03B3541AE6986602CF9CB5B3AD169C33 208384 ----a-w- C:\Windows\SysWOW64\webcheck.dll
          2013-12-03 10:08:12 F9F114B2A6F876C92D317A755494F233 17142784 ----a-w- C:\Windows\SysWOW64\mshtml.dll
          2013-12-03 10:08:12 F8DE2F74CD4323BABBDACAADD9A39254 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
          2013-12-03 10:08:12 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll
          2013-12-03 10:08:12 BC2C13A3B664B686DA52D558FE5502FC 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
          2013-12-03 10:08:12 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll
          2013-12-03 10:08:12 AE254DBF16E3E3D7C35ED017B4B55EC6 4240384 ----a-w- C:\Windows\SysWOW64\jscript9.dll
          2013-12-03 10:08:12 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe
          2013-12-03 10:08:12 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe
          2013-12-03 10:08:12 83F49FD1BC0A999B006D564C540C7258 86016 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
          2013-12-03 10:08:12 809804D8AED97AEA96B3D4B66A4C5C70 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
          2013-12-03 10:08:12 779E142FE2159935E78C0FA2E190FF1E 610304 ----a-w- C:\Windows\SysWOW64\jscript.dll
          2013-12-03 10:08:12 71144A47CD02FDDC77DDF5EB5315767F 523776 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
          2013-12-03 10:08:12 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\Windows\SysWOW64\imgutil.dll
          2013-12-03 10:08:12 6A794439B6612E43FEDE0217C919B652 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
          2013-12-03 10:08:12 5EC13202430A3EB68DFF44CF1FEEA2BE 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
          2013-12-03 10:08:12 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
          2013-12-03 10:08:12 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
          2013-12-03 10:08:12 4D4726D1AD5ED1590A62685F92900594 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
          2013-12-03 10:08:12 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\Windows\SysWOW64\pngfilt.dll
          2013-12-03 10:08:12 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\Windows\SysWOW64\iepeers.dll
          2013-12-03 10:08:12 1200D9C7DB0ADC1B8143A0A9921BF7DA 127488 ----a-w- C:\Windows\SysWOW64\occache.dll
          ====== C:\Windows\SysWOW64\drivers =====
          ====== C:\Windows\Sysnative =====
          2013-12-03 10:08:15 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
          2013-12-03 10:08:14 8F7FBD0177F79727CF945ABDA657A0AC 235008 ----a-w- C:\Windows\Sysnative\elshyph.dll
          2013-12-03 10:08:12 6F1AF8E1206E92256459E3012C20472A 942592 ----a-w- C:\Windows\Sysnative\jsIntl.dll
          2013-12-03 10:08:11 FB9459892AF2AD60BDA98F820C1A28C3 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
          2013-12-03 10:08:11 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\Sysnative\ieuinit.inf
          2013-12-03 10:08:11 E6CB36B85BE59095337427E853A5B65A 2332160 ----a-w- C:\Windows\Sysnative\wininet.dll
          2013-12-03 10:08:11 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\Sysnative\msfeedssync.exe
          2013-12-03 10:08:11 E36FDC470352C8F351F31959619CADD8 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
          2013-12-03 10:08:11 D6C88A6094D1FDAC56A186BBD7F06357 40448 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
          2013-12-03 10:08:11 D36A88D22B843C3812B501434E5A67A0 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
          2013-12-03 10:08:11 D31AE751B6DACAFD0D7CC99EAE9606C2 131072 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll
          2013-12-03 10:08:11 CE8831D2DCB5803A4CBC8EDCCBBC2A05 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx
          2013-12-03 10:08:11 C70F72684CDCF9BB142F50F98BB1DD9C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll
          2013-12-03 10:08:11 C6ECA2F7A1B189025171E6A29F2605AA 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
          2013-12-03 10:08:11 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\Sysnative\ieapfltr.dat
          2013-12-03 10:08:11 B99C7CC6ED6917E3035A12171F40D240 5765120 ----a-w- C:\Windows\Sysnative\jscript9.dll
          2013-12-03 10:08:11 95951E6A277F78FA13A85F2F408F4C0B 12995584 ----a-w- C:\Windows\Sysnative\ieframe.dll
          2013-12-03 10:08:11 5FAC15F872026BBC31C11D3A32B84624 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
          2013-12-03 10:08:11 5BECC17076F1806F60BB259B654FAC5C 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
          2013-12-03 10:08:11 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe
          2013-12-03 10:08:11 43D9CE875F8FC8370C6BA2F74D50D01C 1394176 ----a-w- C:\Windows\Sysnative\urlmon.dll
          2013-12-03 10:08:11 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
          2013-12-03 10:08:11 3A4FD19F13F8809BA08E9F76C0E38832 413696 ----a-w- C:\Windows\Sysnative\html.iec
          2013-12-03 10:08:11 3168FA85740503BAE77DB821CB3EE4FB 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
          2013-12-03 10:08:11 2EBD0C5B090125AECF017C57344C45AB 247808 ----a-w- C:\Windows\Sysnative\msls31.dll
          2013-12-03 10:08:11 2405D24AA28CCC4CC7E0CC0AE008746F 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll
          2013-12-03 10:08:11 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 105984 ----a-w- C:\Windows\Sysnative\iesysprep.dll
          2013-12-03 10:08:11 0A9D5716CB1F3AFA73703F39647BB8C2 81408 ----a-w- C:\Windows\Sysnative\icardie.dll
          2013-12-03 10:08:11 092F3E7D054FDF779054E29A0A0D4267 2764288 ----a-w- C:\Windows\Sysnative\iertutil.dll
          2013-12-03 10:08:11 05018A4E76F1636EFBB7DCB76900872A 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
          2013-12-03 10:08:11 038ABC9BCC86DFF9E181D44E43E2CEBA 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll
          2013-12-03 10:08:11 0134898497B6C6CD50F7FC5DE85712A6 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll
          2013-12-03 10:08:10 FD61D51199F3FC9EB0023FBF405EAAD0 147968 ----a-w- C:\Windows\Sysnative\occache.dll
          2013-12-03 10:08:10 F34C20D099CF94A606A2B5B0C668B570 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
          2013-12-03 10:08:10 F00AE7B953ABEF1B53FBBA187DFC8238 243200 ----a-w- C:\Windows\Sysnative\webcheck.dll
          2013-12-03 10:08:10 EE10AB99A480875E012CA339EC48F02B 1228800 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
          2013-12-03 10:08:10 E949B344680691F255C0E662D4B5BFF1 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
          2013-12-03 10:08:10 E70D4270C43CE6C46841B684315B9EFF 62464 ----a-w- C:\Windows\Sysnative\pngfilt.dll
          2013-12-03 10:08:10 D233E1A32CE6AF918C9DE1BC44AFEB2A 23212032 ----a-w- C:\Windows\Sysnative\mshtml.dll
          2013-12-03 10:08:10 CC84F4E36AA96810AD766C88DD657ADB 626176 ----a-w- C:\Windows\Sysnative\msfeeds.dll
          2013-12-03 10:08:10 C92173481A58935BE15172079CF122B8 235520 ----a-w- C:\Windows\Sysnative\url.dll
          2013-12-03 10:08:10 BB6DEAFAC5F0AAEC37FEAF3F3AA48347 774144 ----a-w- C:\Windows\Sysnative\jscript.dll
          2013-12-03 10:08:10 ADA5C3D49A12CED9F07913DC00E547A8 48128 ----a-w- C:\Windows\Sysnative\imgutil.dll
          2013-12-03 10:08:10 A8C830CABD7640EE8E6F0F1019F91E83 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll
          2013-12-03 10:08:10 9870EC900829595D191BB03C6C48B479 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
          2013-12-03 10:08:10 9675B272086CF5D22B83B541FAA8D4EA 30208 ----a-w- C:\Windows\Sysnative\licmgr10.dll
          2013-12-03 10:08:10 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\Sysnative\mshta.exe
          2013-12-03 10:08:10 77FBE2E014EFB93FD037FA33AB8C7D6E 263376 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
          2013-12-03 10:08:10 68899208A26E4522D25DBA87FF2E98D1 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll
          2013-12-03 10:08:10 612DC699EBF0AA1AAA065898D33B553A 1993728 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
          2013-12-03 10:08:10 5BBDBE5EBB49EA7C76A2EE7490A45D68 101376 ----a-w- C:\Windows\Sysnative\inseng.dll
          2013-12-03 10:08:10 5A54ED24D5D42102A64904809215E0DC 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
          2013-12-03 10:08:10 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe
          2013-12-03 10:08:10 45152BA21450811F4619C9C1790E7353 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
          2013-12-03 10:08:10 3AFA03119583647136C49B80DAD38F19 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
          2013-12-03 10:08:10 1FCBE949A67939ADEAE7279E423AA684 135680 ----a-w- C:\Windows\Sysnative\iepeers.dll
          2013-12-03 10:08:10 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\Sysnative\wextract.exe
          ====== C:\Windows\Sysnative\drivers =====
          2013-12-04 21:22:07 8F387587271C95DA01E561E61249A828 1474832 ----a-w- C:\Windows\Sysnative\drivers\sfi.dat
          2013-11-17 14:27:28 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
          2013-11-17 14:27:21 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
          2013-11-17 14:27:20 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
          2013-11-17 14:27:20 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
          ====== C:\Windows\Tasks ======
          ====== C:\Windows\Temp ======
          ======= C:\Program Files =====
          2013-12-04 21:20:57 -------- d-----w- C:\Program Files\COMODO
          2013-12-04 19:37:42 -------- d-----w- C:\Program Files\Common Files\Lavasoft
          ======= C:\PROGRA~2 =====
          2013-12-02 20:28:25 -------- d-----w- C:\PROGRA~2\VSO
          2013-12-02 20:08:23 -------- d-----w- C:\PROGRA~2\COMMON~1\Nero
          2013-11-27 19:44:46 -------- d-----w- C:\PROGRA~2\Microsoft
          2013-11-27 19:41:22 -------- d-----w- C:\PROGRA~2\Hp
          ======= C: =====
          ====== C:\Users\Jonathan\AppData\Roaming ======
          2013-12-04 21:21:07 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\COMODO
          2013-12-04 19:41:01 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\LavasoftStatistics
          2013-12-02 20:28:34 AF7CE12C4F3DC8CB2B07685C916BBCFE 82816 ----a-w- C:\Users\Jonathan\AppData\Roaming\pcouffin.sys
          2013-12-02 20:28:34 7F13C6D2AE5F9D8B41E9D7D6CAD16EAA 1167 ----a-w- C:\Users\Jonathan\AppData\Roaming\pcouffin.inf
          2013-12-02 20:28:34 1E7BDB2AC98BCE13AE85C0F6DB1ECCB8 7859 ----a-w- C:\Users\Jonathan\AppData\Roaming\pcouffin.cat
          2013-12-02 20:28:34 16E53BFC96CE14021C0E07EB1C198478 99384 ----a-w- C:\Users\Jonathan\AppData\Roaming\inst.exe
          2013-12-02 20:27:41 -------- d-----w- C:\Users\Jonathan\AppData\Local\Programs
          2013-12-02 20:14:04 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Nero
          2013-11-27 19:39:57 -------- d-----w- C:\Users\Jonathan\AppData\Local\ElevatedDiagnostics
          ====== C:\Users\Jonathan ======
          2013-12-04 21:21:05 -------- d-----w- C:\ProgramData\COMODO
          2013-12-04 21:20:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
          2013-12-04 21:20:18 -------- d-----w- C:\ProgramData\Comodo Downloader
          2013-12-04 19:36:44 -------- d-----w- C:\ProgramData\Lavasoft
          2013-12-02 20:28:25 -------- d-----w- C:\ProgramData\VSO
          2013-12-02 20:08:07 -------- d-----w- C:\ProgramData\Nero
          2013-12-02 20:05:21 D41D8CD98F00B204E9800998ECF8427E 0 --sha-w- C:\Users\Jonathan\k76391lD.txt
          2013-12-02 20:05:18 959B4CB216A4C734E5ECF4FB46248FBE 850212 ----a-w- C:\Users\Jonathan\Q19W\explorer.exe
          2013-12-02 20:05:18 -------- d-sh--w- C:\Users\Jonathan\Q19W
          2013-12-02 19:48:30 -------- d-----w- C:\ProgramData\DVD Shrink
          2013-11-27 19:44:43 -------- d-----w- C:\ProgramData\Visan

          ====== C: exe-files ==
          2013-12-04 21:33:49 D79F070423FDD3F01CE8C2BA3FBBC8ED 32768 --sha-w- C:\Users\Jonathan\AppData\Local\Temp\msozurxap.exe
          2013-12-04 21:19:48 61AB175718EF5E9F69F163B16C8FFDA3 12809376 ----a-w- C:\ProgramData\Comodo Downloader\cis\download\installs\xml_binaries\privdog\privdog.exe
          2013-12-04 21:19:43 E5DFEB91445838850ED7747C35516382 40522032 ----a-w- C:\ProgramData\Comodo Downloader\cis\download\installs\xml_binaries\dragon\dragonsetup.exe
          2013-12-03 15:39:03 E3D0F35027BCA5AF7275DBC06A22E831 232800 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe
          2013-12-03 15:39:03 9CC341BE32EEC138702795768DE9DE99 5316448 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service.exe
          2013-12-03 15:39:03 48404DF4B2E0279AF22F96BEBC514E91 462480 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\uninstall.exe
          2013-12-03 15:39:03 3C60ABF0D4A10AA2D994F327990B0CF4 195936 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
          2013-12-03 15:39:03 2B004F62CB93417AB5A92ECCE351A511 13464928 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
          2013-12-03 15:39:03 1F5FC36326A64507E4C846B3324B6CE5 4666208 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
          2013-12-03 10:08:15 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
          2013-12-03 10:08:14 C8A8321292A459B0A17FB39A782A5C74 806096 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
          2013-12-03 10:08:14 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
          2013-12-03 10:08:13 ED45D1C3FDA215374FBCFC161A57AA80 467456 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
          2013-12-03 10:08:13 CC02FE4520CA886508069245D9A6962F 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
          2013-12-03 10:08:13 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe
          2013-12-03 10:08:13 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe
          2013-12-03 10:08:12 F8DE2F74CD4323BABBDACAADD9A39254 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
          2013-12-03 10:08:12 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe
          2013-12-03 10:08:12 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe
          2013-12-03 10:08:12 7F7F391491C315A4A72EFCAC0D34FA93 25600 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
          2013-12-03 10:08:12 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
          2013-12-03 10:08:12 0685765C0CBE095BA0C6C8790BAE21EF 804560 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
          2013-12-03 10:08:11 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\System32\msfeedssync.exe
          2013-12-03 10:08:11 D68007F924B9F387AA7C76F48D0A260A 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
          2013-12-03 10:08:11 70D721CC971A9EFFCF7845CEFBB02704 480256 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
          2013-12-03 10:08:11 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
          2013-12-03 10:08:11 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
          2013-12-03 10:08:11 41F922D6A794C0F8425C8436D7077C84 359632 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
          2013-12-03 10:08:11 05018A4E76F1636EFBB7DCB76900872A 218624 ----a-w- C:\Windows\System32\ie4uinit.exe
          2013-12-03 10:08:10 E949B344680691F255C0E662D4B5BFF1 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
          2013-12-03 10:08:10 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\System32\mshta.exe
          2013-12-03 10:08:10 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\System32\iexpress.exe
          2013-12-03 10:08:10 3AFA03119583647136C49B80DAD38F19 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
          2013-12-03 10:08:10 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\System32\wextract.exe
          2013-12-02 20:28:34 16E53BFC96CE14021C0E07EB1C198478 99384 ----a-w- C:\Users\Jonathan\AppData\Roaming\inst.exe
          2013-12-02 20:28:27 DC14972F6C25CE8D38E6777D3801857A 1985848 ----a-w- C:\Program Files (x86)\VSO\common\VsoRep\vsorep.exe
          2013-12-02 20:05:31 92A1B1C178AF342AD1E85CEE782ED046 81920 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\LSDriveDetect.exe
          2013-12-02 20:05:30 CEDE02D7AF62449A2C38C49ABECC0CD3 4995416 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\mic rosoftVcRedist2010Sp1X86\vcredist_x86.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindowsxpX86\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindows6.0X86\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindows6.0X64\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\mic rosoftVcRedist2010Sp1X86\PRQStarter-1.exe
          2013-12-02 20:05:30 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\PRQStarter-1.exe
          2013-12-02 20:05:30 A525514358477366B548299468A77EAD 90384 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\lig htscribeSystemSoftware\LS_LAUNCHER.exe
          2013-12-02 20:05:29 943566945E7CE22ADB1701A44FE745A2 1503568 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\ope ncandy\InstallHelper.exe
          2013-12-02 20:05:29 448447E0BA4560CD558EDDB5F5B0809E 3327000 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\msi 4.5ForWindowsxpX86\WindowsXP-KB942288-v3-x86.exe
          2013-12-02 20:05:28 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\sys temRequirementValidator\PRQStarter-1.exe
          2013-12-02 20:05:28 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\reb ootValidator\PRQStarter-1.exe
          2013-12-02 20:05:28 3FCCD20F89D4D186890128EF3F878366 2566416 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\ISSetupPrerequisites\sys temRequirementValidator\NeroOSValidator.exe
          2013-12-02 20:05:26 3565A8C54A405F7C332F39254D3C8AB9 727968 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\NeroInstallFiles\NERO20131126075306525\setup.exe
          2013-12-02 20:05:18 959B4CB216A4C734E5ECF4FB46248FBE 850212 ----a-w- C:\Users\Jonathan\Q19W\explorer.exe
          2013-12-02 10:52:14 3D00A66C3DE393872E15EB41E7FCE502 5899504 ----a-w- C:\Users\Jonathan\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_.exe
          === C: other files ==
          2013-12-05 14:57:18 FF8AC4F0C1666FA5B85E6CFCBDC1D669 82788666 ----a-w- C:\Users\Public\Desktop\sample_05-12-2013_1557.zip
          2013-12-02 20:28:34 AF7CE12C4F3DC8CB2B07685C916BBCFE 82816 ----a-w- C:\Users\Jonathan\AppData\Roaming\pcouffin.sys

          ==== Folders in C:\ProgramData 0-6 Months Old ======================

          2013-07-29 12:33:56 -------- d-----w- C:\ProgramData\HP
          2013-11-02 08:51:09 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
          2013-11-27 19:44:43 -------- d-----w- C:\ProgramData\Visan
          2013-12-02 19:48:30 -------- d-----w- C:\ProgramData\DVD Shrink
          2013-12-02 20:08:07 -------- d-----w- C:\ProgramData\Nero
          2013-12-02 20:28:25 -------- d-----w- C:\ProgramData\VSO
          2013-12-03 17:54:26 -------- d-----w- C:\ProgramData\Malwarebytes
          2013-12-04 19:36:44 -------- d-----w- C:\ProgramData\Lavasoft
          2013-12-04 21:20:18 -------- d-----w- C:\ProgramData\Comodo Downloader
          2013-12-04 21:21:05 -------- d-----w- C:\ProgramData\COMODO

          ==== Firefox Extensions ======================

          ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\dpwuqvvr.default
          - AntiGameOrigin - %ProfilePath%\extensions\[email protected]
          - Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

          AppDir: C:\Program Files (x86)\Mozilla Firefox
          - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

          ==== Firefox Plugins ======================

          Profilepath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\dpwuqvvr.default
          EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash


          ==== Set IE to Default ======================

          Old Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="https://www.google.nl/"

          New Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="https://www.google.nl/"

          ==== All HKCU SearchScopes ======================

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
          "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
          {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
          {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

          ==== Empty IE Cache ======================

          C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
          C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

          ==== Empty FireFox Cache ======================

          C:\Users\Jonathan\AppData\Local\Mozilla\Firefox\Profiles\dpwuqvvr.default\Cache emptied successfully

          ==== Empty Chrome Cache ======================

          No Chrome User Data found

          ==== Empty All Flash Cache ======================

          Flash Cache Emptied Successfully

          ==== Empty All Java Cache ======================

          Java Cache cleared successfully

          ==== After Reboot ======================

          ==== Empty Temp Folders ======================

          C:\Windows\Temp successfully emptied
          C:\Users\Jonathan\AppData\Local\Temp successfully emptied

          ==== Empty Recycle Bin ======================

          C:\$RECYCLE.BIN successfully emptied

          ==== EOF on do 05-12-2013 at 16:03:07,53 ======================

          Comment


          • #6
            Even een toevoeging, ik heb zelf het idee dat het met Nero mee is gekomen!

            Comment


            • #7
              Zo te zien was die geïnfecteerd, er is een sample van gemaakt en die staat op je bureaublad.
              Wil je die uploaden mbv http://www.mijnbestand.nl/ en de link hier even plaatsen aub.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                http://www.mijnbestand.nl/Bestand-CFJZ4R3UXHSS.zip

                Comment


                • #9
                  Dank u, mag ik vragen hoe het nu gaat ?

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    De .exe ( explorer icoon ) op mijn d en e schijf zijn inmiddels wel weg!

                    Het valt mij wel op dat mijn laptop een stuk trager is geworden..
                    Last edited by ExXx; 05-12-13, 18:07.

                    Comment


                    • #11
                      Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
                      Klik hier voor een uitgebreide handleiding van HitmanPro.
                      • Dubbelklik op "HitmanPro.exe" en klik op "volgende"
                      • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
                      • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
                      • Als de scan klaar is klik je op "volgende"
                      • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
                      • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
                      • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
                        Post dit logje in het volgende bericht.
                      • Klik nu op de knop "Herstarten".

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Net nog even een scan gedaan met malware:

                        Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
                        www.malwarebytes.org

                        Databaseversie: v2013.12.05.05

                        Windows 7 Service Pack 1 x64 NTFS
                        Internet Explorer 11.0.9600.16428
                        Jonathan :: JONATHAN-PC [administrator]

                        Bescherming: Uitgeschakeld

                        5-12-2013 19:08:20
                        mbam-log-2013-12-05 (19-08-20).txt

                        Scan type: Snelle scan
                        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                        Uitgeschakelde scan opties: P2P
                        Objecten gescand: 229340
                        Verstreken tijd: 2 minuut/minuten, 50 seconde(n)

                        Geheugenprocessen gedetecteerd: 0
                        (Geen kwaadaardige objecten gedetecteerd)

                        Geheugenmodulen gedetecteerd: 0
                        (Geen kwaadaardige objecten gedetecteerd)

                        Registersleutels gedetecteerd: 0
                        (Geen kwaadaardige objecten gedetecteerd)

                        Registerwaarden gedetecteerd: 2
                        HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Jonathan\LOCALS~1\Temp\msarjeii.scr -> Zal worden verwijderd tijdens het herstarten.
                        HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Jonathan\LOCALS~1\Temp\msarjeii.scr -> Zal worden verwijderd tijdens het herstarten.

                        Registerdata gedetecteerd: 0
                        (Geen kwaadaardige objecten gedetecteerd)

                        Mappen gedetecteerd: 0
                        (Geen kwaadaardige objecten gedetecteerd)

                        Bestanden gedetecteerd: 0
                        (Geen kwaadaardige objecten gedetecteerd)

                        (einde)

                        Comment


                        • #13
                          Code:
                          HitmanPro 3.7.8.208
                          www.hitmanpro.com
                          
                             Computer name . . . . : JONATHAN-PC
                             Windows . . . . . . . : 6.1.1.7601.X64/8
                             User name . . . . . . : Jonathan-PC\Jonathan
                             UAC . . . . . . . . . : Enabled
                             License . . . . . . . : Trial (30 days left)
                          
                             Scan date . . . . . . : 2013-12-05 19:24:48
                             Scan mode . . . . . . : Normal
                             Scan duration . . . . : 2m 47s
                             Disk access mode  . . : Direct disk access (SRB)
                             Cloud . . . . . . . . : Internet
                             Reboot  . . . . . . . : No
                          
                             Threats . . . . . . . : 1
                             Traces  . . . . . . . : 6
                          
                             Objects scanned . . . : 1.264.684
                             Files scanned . . . . : 16.882
                             Remnants scanned  . . : 268.853 files / 978.949 keys
                          
                          Malware _____________________________________________________________________
                          
                             C:\Users\Jonathan\Q19W\explorer.exe -> Quarantined
                                Size . . . . . . . : 850.212 bytes
                                Age  . . . . . . . : 2.9 days (2013-12-02 21:05:18)
                                Entropy  . . . . . : 7.0
                                SHA-256  . . . . . : A386BBFE9725301895D08F349AE4B1A29EBE8A25257BAEEB9263CBDB880DAF1E
                              > Kaspersky  . . . . : Backdoor.Win32.Androm.bipg
                                Fuzzy  . . . . . . : 115.0
                          
                          
                          Potential Unwanted Programs _________________________________________________
                          
                             HKLM\SOFTWARE\Classes\speedupmypc\ (SpeedUpMyPC)
                             HKU\S-1-5-21-3061135764-1939043229-3278341092-1000\Software\Softonic\ (Softonic)
                          
                          Cookies _____________________________________________________________________
                          
                             C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Cookies\9EX30173.txt
                             C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\dpwuqvvr.default\cookies.sqlite:ads.creative-serving.com
                             C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\dpwuqvvr.default\cookies.sqlite:doubleclick.net

                          Comment


                          • #14
                            Wil je nu malwarebytes nog eens runnen, verwijder alles wat het vind en start opnieuw op. Vertel nu even hoe het gaat.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Gedaan, er worden nog steeds 2 bestanden gevonden..

                              Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300
                              www.malwarebytes.org

                              Databaseversie: v2013.12.05.05

                              Windows 7 Service Pack 1 x64 NTFS
                              Internet Explorer 11.0.9600.16428
                              Jonathan :: JONATHAN-PC [administrator]

                              Bescherming: Ingeschakeld

                              5-12-2013 19:41:22
                              mbam-log-2013-12-05 (19-41-22).txt

                              Scan type: Snelle scan
                              Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                              Uitgeschakelde scan opties: P2P
                              Objecten gescand: 229339
                              Verstreken tijd: 3 minuut/minuten, 11 seconde(n)

                              Geheugenprocessen gedetecteerd: 0
                              (Geen kwaadaardige objecten gedetecteerd)

                              Geheugenmodulen gedetecteerd: 0
                              (Geen kwaadaardige objecten gedetecteerd)

                              Registersleutels gedetecteerd: 0
                              (Geen kwaadaardige objecten gedetecteerd)

                              Registerwaarden gedetecteerd: 2
                              HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Jonathan\LOCALS~1\Temp\msarjeii.scr -> Zal worden verwijderd tijdens het herstarten.
                              HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Jonathan\LOCALS~1\Temp\msarjeii.scr -> Zal worden verwijderd tijdens het herstarten.

                              Registerdata gedetecteerd: 0
                              (Geen kwaadaardige objecten gedetecteerd)

                              Mappen gedetecteerd: 0
                              (Geen kwaadaardige objecten gedetecteerd)

                              Bestanden gedetecteerd: 0
                              (Geen kwaadaardige objecten gedetecteerd)

                              (einde)

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X