Trojan horse volgens Ziggo

lg

13-11-2013 11:18

Volgens ziggo zou deze pc een trojan horse bevatten
Hierbij de logfiles.
LG
# AdwCleaner v3.012 - Report created 13/11/2013 at 08:53:34
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : boss - MONIQUE-PC
# Running from : C:\Users\boss\Desktop\Spy\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\BetterSoft
Folder Deleted : C:\ProgramData\continuetosave
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\Bcool
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\continuetosave
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\PricePeep
Folder Deleted : C:\Program Files\SimpleSpeedy
Folder Deleted : C:\Program Files\uTorrentBar_NL
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\boss\AppData\Local\apn
Folder Deleted : C:\Users\boss\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\boss\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\boss\AppData\LocalLow\continuetosave
Folder Deleted : C:\Users\boss\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\boss\AppData\LocalLow\Bcool
Folder Deleted : C:\Users\boss\AppData\LocalLow\uTorrentBar_NL
Folder Deleted : C:\Users\boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkfbfkpphccedfpngbngolemlhgmhcjj
File Deleted : C:\END
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hkfbfkpphccedfpngbngolemlhgmhcjj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2653DF2-91E7-4B24-8FD4-6122BB664E98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2653DF2-91E7-4B24-8FD4-6122BB664E98}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_7699c875
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_minecraft_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_minecraft_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_tunngle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_tunngle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger-2009_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_windows-live-messenger-2009_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34F570EB-71EE-043E-ED05-DE968BE23986}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87775FDB-6972-41F9-AE51-8326E38CB206}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34F570EB-71EE-043E-ED05-DE968BE23986}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775FDB-6972-41F9-AE51-8326E38CB206}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34F570EB-71EE-043E-ED05-DE968BE23986}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775FDB-6972-41F9-AE51-8326E38CB206}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34F570EB-71EE-043E-ED05-DE968BE23986}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E87EA0C-D5FA-4BD8-A9E1-C341F4B798F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2290363-FDA4-474C-BA0B-75D12BF05F4E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CBD3F5A-AF51-40BB-AA1A-85C16C6924EB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar_NL
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\uTorrentBar_NL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - c:\progra~1\simple~1\sprote~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - c:\progra~1\contin~1\sprote~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v30.0.1599.101
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.11.13.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
boss :: MONIQUE-PC
13-11-2013 8:57:42
mbam-log-2013-11-13 (08-57-42).txt
Scan type: Volledige scan (C:\|D:\|E:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 447602
Verstreken tijd: 1 uur/uren, 10 minuut/minuten, 35 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 1
C:\ProgramData\2683\wsse.dll (Trojan.Agent) -> Zal worden verwijderd tijdens het herstarten.
Registersleutels gedetecteerd: 2
HKCR\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1882} (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\teeveewatchSA (Adware.HotBar.TVW) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: c:\users\boss\dxunffmxe.exe -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: (“regedit.exe” “%1”) Goed: (regedit.exe “%1”) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 14
C:\ProgramData\2683\wsse.dll (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptimizerPro.exe.vir (PUP.Optional.OptimizePro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProGuard.exe.vir (PUP.Optional.OptimizerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProLauncher.exe.vir (PUP.Optional.OptimizePro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProStart.exe.vir (PUP.Optional.OptimizerPro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\Program Files\PricePeep\pricepeep.dll.vir (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\ProgramData\Bcool\505be3491829a.dll.vir (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\AdwCleaner\Quarantine\C\ProgramData\continuetosave\uninstall.exe.vir (PUP.Optional.SilentInstall.A) -> Succesvol in quarantaine geplaatst en verwijderd.
D:\$RECYCLE.BIN\S-1-5-21-299695330-1076281928-2988451671-1001\$RTTC19V.exe (PUP.KeyLogger.ARC) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\Tasks\OptimizerPro1UpdaterTask{CF7F1189-FEB5-46DB-87DD-0CF00627F9CD}.job (PUP.Optional.Optimizerpro) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\Tasks\schedule!1143840799.job (PUP.Optional.OptimizerPro.A) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by boss at 2013-11-13 11:07:23
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 25 GB (27%) free of 92 GB
Total RAM: 3583 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:13, on 13-11-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
D:\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\boss\Desktop\Spy\RSIT.exe
C:\Program Files\trend micro\boss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe” –auto-start
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.140.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
–
End of file - 6919 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
“MSC”=C:\Program Files\Microsoft Security Client\msseces.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“RIMBBLaunchAgent.exe”=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
“”=
“CanonMyPrinter”=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
“CanonSolutionMenuEx”=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
“IJNetworkScannerSelectorEX”=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
“LogMeIn Hamachi Ui”=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
D:\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\boss\AppData\Roaming\Spotify\Spotify.exe
C:\Users\boss\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\boss\AppData\Roaming\Dropbox\bin\Dropbox.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“msacm.siren”=sirenacm.dll
“msacm.vorbis”=vorbis.acm
“vidc.VP60”=C:\Windows\system32\vp6vfw.dll
“vidc.VP61”=C:\Windows\system32\vp6vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-11-13 11:07:23 —-D—- C:\rsit
2013-11-13 11:07:23 —-D—- C:\Program Files\trend micro
2013-11-13 10:38:29 —-D—- C:\Windows\pss
2013-11-13 08:52:30 —-D—- C:\AdwCleaner
2013-11-13 08:51:31 —-D—- C:\Users\boss\AppData\Roaming\Malwarebytes
2013-11-13 08:51:16 —-D—- C:\ProgramData\Malwarebytes
2013-11-13 08:51:15 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-13 08:51:15 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-11-06 17:43:00 —-D—- C:\Program Files\Mozilla Firefox
2013-11-04 17:30:47 —-D—- C:\Program Files\LogMeIn Hamachi
2013-10-26 13:06:23 —-D—- C:\ProgramData\Oracle
2013-10-26 13:06:20 —-D—- C:\Program Files\Common Files\Java
2013-10-26 13:06:11 —-A—- C:\Windows\system32\javaws.exe
2013-10-26 13:06:05 —-A—- C:\Windows\system32\WindowsAccessBridge.dll
2013-10-26 13:06:05 —-A—- C:\Windows\system32\javaw.exe
2013-10-26 13:06:05 —-A—- C:\Windows\system32\java.exe
======List of files/folders modified in the last 1 month======
2013-11-13 11:07:23 —-RD—- C:\Program Files
2013-11-13 11:06:23 —-D—- C:\Windows\Temp
2013-11-13 11:03:38 —-D—- C:\Windows\System32
2013-11-13 11:03:38 —-D—- C:\Windows\inf
2013-11-13 11:03:38 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-11-13 11:03:31 —-D—- C:\Windows\Logs
2013-11-13 11:03:03 —-SHD—- C:\System Volume Information
2013-11-13 11:02:47 —-D—- C:\Windows\Prefetch
2013-11-13 10:58:57 —-D—- C:\Windows\winsxs
2013-11-13 10:58:38 —-D—- C:\Windows\Panther
2013-11-13 10:58:17 —-D—- C:\Windows\system32\config
2013-11-13 10:58:15 —-D—- C:\Windows
2013-11-13 10:58:14 —-D—- C:\ProgramData\NVIDIA
2013-11-13 10:57:58 —-D—- C:\Program Files\Google
2013-11-13 10:57:07 —-D—- C:\Windows\system32\nl-NL
2013-11-13 10:57:07 —-D—- C:\Windows\system32\migration
2013-11-13 10:57:07 —-D—- C:\Windows\system32\en-US
2013-11-13 10:57:07 —-D—- C:\Windows\PolicyDefinitions
2013-11-13 10:57:07 —-D—- C:\Program Files\Internet Explorer
2013-11-13 10:57:03 —-D—- C:\Users\boss\AppData\Roaming\uTorrent
2013-11-13 10:53:26 —-D—- C:\Windows\system32\catroot
2013-11-13 10:53:17 —-D—- C:\Windows\system32\catroot2
2013-11-13 10:52:00 —-SHD—- C:\Windows\Installer
2013-11-13 10:52:00 —-D—- C:\Windows\Tasks
2013-11-13 10:52:00 —-D—- C:\Windows\system32\Tasks
2013-11-13 10:51:56 —-D—- C:\Users\boss\AppData\Roaming\Skype
2013-11-13 10:50:03 —-D—- C:\Program Files\Steam
2013-11-13 10:46:18 —-HD—- C:\ProgramData
2013-11-13 10:46:18 —-D—- C:\ProgramData\InstallMate
2013-11-13 10:41:47 —-D—- C:\Program Files\Common Files\Adobe
2013-11-13 10:41:21 —-D—- C:\Program Files\Adobe
2013-11-13 10:41:19 —-D—- C:\ProgramData\Adobe
2013-11-13 10:40:41 —-D—- C:\Users\boss\AppData\Roaming\Adobe
2013-11-13 10:31:50 —-D—- C:\Users\boss\AppData\Roaming\Spotify
2013-11-13 10:27:18 —-D—- C:\Users\boss\AppData\Roaming\Dropbox
2013-11-13 10:25:55 —-D—- C:\Windows\system32\drivers
2013-11-13 10:24:17 —-D—- C:\Windows\Resources
2013-11-13 08:50:53 —-D—- C:\ProgramData\604a80df-0d73-4921-bd24-5fdd2f1f6224
2013-11-13 08:41:22 —-D—- C:\Program Files\CCleaner
2013-11-07 18:42:26 —-D—- C:\Windows\system32\DriverStore
2013-11-07 18:39:03 —-D—- C:\Users\boss\AppData\Roaming\DAEMON Tools Pro
2013-11-07 18:37:51 —-D—- C:\Windows\debug
2013-11-04 17:36:05 —-D—- C:\ProgramData\CanonIJPLM
2013-10-28 15:56:55 —-D—- C:\ProgramData\Skype
2013-10-28 15:56:52 —-RD—- C:\Program Files\Skype
2013-10-26 14:01:16 —-D—- C:\Users\boss\AppData\Roaming\.minecraft
2013-10-26 13:06:20 —-D—- C:\Program Files\Common Files
2013-10-26 13:06:05 —-D—- C:\Program Files\Java
2013-10-18 08:23:14 —-D—- C:\Windows\system32\sysprep
2013-10-16 20:21:31 —-D—- C:\Program Files\Microsoft Security Client
2013-10-16 17:43:48 —-D—- C:\Program Files\Common Files\Steam
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys
S3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr73.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys
S3 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
S3 XDva399;XDva399; \??\C:\Windows\system32\XDva399.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
—————–EOF—————–
Ben

13-11-2013 11:25

Hallo,
Download
Zoek.zip naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
chromelook;
firefoxlook;
emptyfolderscheck;
startupall;
filesrcm;
torpigcheck;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht.
lg

13-11-2013 11:52

Zoals gevraagd
Zoek.exe Version 4.0.0.5 Updated 09-November-2013
Tool run by boss on wo 13-11-2013 at 11:47:03,74.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\boss\Desktop\zoek.exe
==== System Restore Info ======================
13-11-2013 11:48:04 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\hmwiseoakfqbmwiseoa {118BEDCA-A901-4203-B4F2-ADCB957D1889} undetermined path
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\ncmxitepalvhrdnyjuf {118BEDCA-A901-4203-B4F2-ADCB957D1882} undetermined path
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
2013-09-24 13:14:46 d—–w- C:\ProgramData\2683
2013-09-24 13:14:46 4 —-a-w- 8571F4B45A4B5FDFBB7FD43297941D11 C:\ProgramData\2683\264827.dat
2013-09-24 13:14:46 4 —-a-w- 8571F4B45A4B5FDFBB7FD43297941D11 C:\ProgramData\2683\264827.dll
2013-09-25 15:45:58 1331472 —-a-w- C0E949E2BDF8727CC56A096184310D9E C:\ProgramData\2683\hvqbm.dat
2013-09-24 13:14:55 430080 —-a-w- C0F524DBB057CFEE0FAD14723630A04F C:\ProgramData\2683\xdor.dat
2013-09-24 13:35:55 1381208 —-a-w- B502491CBD8FD25A5D0E5ACE0F563EBF C:\ProgramData\2683\yhsdo.dat
==== Empty Folders Check ======================
C:\Program Files\AGEIA Technologies
C:\Program Files\LoiLoScope FREE trial
C:\Program Files\Origin Games
C:\Program Files\Common Files\WuShu_0.0.1.034
C:\ProgramData\Canon IJ Network Tool
C:\ProgramData\CanonEPP
C:\ProgramData\CanonIJEPPEX2
C:\ProgramData\Oracle
C:\ProgramData\Tunngle
C:\Users\boss\AppData\Roaming\DAEMON Tools Pro
C:\Users\boss\AppData\Local\WarThunder
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\boss\AppData\Local\Temp ====
2013-11-13 07:37:35 BEC326A14CC264FE6D3BB11E861AE2CD 246408 —-a-w- C:\Users\boss\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
2013-11-13 07:37:34 D05D4E7AB2EDC59C27AFA4BDBE8EBC43 176640 —-a-w- C:\Users\boss\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe
2013-11-13 07:37:34 88E3225D42EB43D99A519080E039FEE4 42880 —-a-w- C:\Users\boss\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2013-11-13 09:53:45 5A775CAE7CCCAC581C05B8D2C92C0DF1 305152 —-a-w- C:\Windows\System32\gdi32.dll
2013-11-13 09:53:44 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 —-a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 09:53:44 CE2A48CD0D2B39FB77FA4797C6434E71 656896 —-a-w- C:\Windows\System32\nshwfp.dll
2013-11-13 09:53:44 B9C54120F46392100478F58F374E5709 679424 —-a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-13 09:53:42 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 —-a-w- C:\Windows\System32\crypt32.dll
2013-11-13 09:53:31 EE7CB55F77465CDAC4C80F587FF7C278 1796096 —-a-w- C:\Windows\System32\authui.dll
2013-11-13 09:53:31 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 —-a-w- C:\Windows\System32\credui.dll
2013-11-13 09:53:31 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 —-a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 09:53:29 EF6950D7B24AAF4E477065F5455DD4F8 1038848 —-a-w- C:\Windows\System32\lsasrv.dll
2013-11-13 09:53:29 D89077E2E1C88A29C57F21FAD28DAC45 15872 —-a-w- C:\Windows\System32\sspisrv.dll
2013-11-13 09:53:29 BD6B9BC84D004C6BEE89CF7BDB95E1FC 99840 —-a-w- C:\Windows\System32\sspicli.dll
2013-11-13 09:53:29 AD7FB087A238883D1618F29F7BBBD584 220160 —-a-w- C:\Windows\System32\ncrypt.dll
2013-11-13 09:53:29 AA6F6457116B559B76BC6A012CB4C293 247808 —-a-w- C:\Windows\System32\schannel.dll
2013-11-13 09:53:29 803B370865D907EA21DC0C2B6A8936B5 22016 —-a-w- C:\Windows\System32\lsass.exe
2013-11-13 09:53:29 372948BB5E41CE42341C4398DE572E56 22016 —-a-w- C:\Windows\System32\secur32.dll
====== C:\Windows\system32\drivers =====
2013-11-13 09:53:29 F286830298323272260332D6ABC905C1 67520 —-a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-11-13 09:53:29 D7C760D57B1656DD748B9E4AB6CB5A51 136640 —-a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-11-13 09:53:29 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 —-a-w- C:\Windows\System32\drivers\cng.sys
2013-11-13 09:53:04 FDA6F2BB7FA034D95863ED8788B4E416 284672 —-a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-13 09:53:04 DCDF9855145A14DFCA0AB32308871961 20480 —-a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-13 09:53:04 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 —-a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-13 09:53:04 8E51D04175BAA14C4F79AA5F6D248770 24064 —-a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-13 09:53:04 86AA95ACB611001E26CD2C0145F2225A 258560 —-a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-13 09:53:04 71D97F1A3CC47A56728F7A400A3F8295 76288 —-a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-13 09:53:04 6FB17D7A2E76B838886E5E8C60239DAE 6016 —-a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-13 07:51:15 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-11-13 10:07:23 ——– d—–w- C:\Program Files\trend micro
2013-10-26 12:06:20 ——– d—–w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\boss\AppData\Roaming ======
2013-10-26 13:02:24 ——– d—–w- C:\Users\boss\AppData\Local\Diagnostics
====== C:\Users\boss ======
2013-11-13 07:34:43 76B1717148C114D3A47147B1A5CCFFEA 4379048 —-a-w- C:\Users\boss\Downloads\ccsetup407.exe
2013-10-26 12:06:23 ——– d—–w- C:\ProgramData\Oracle
2013-10-26 12:06:05 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2013-11-13 10:07:47 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\boss.exe
2013-11-13 10:05:44 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\boss\Desktop\Spy\RSIT.exe
2013-11-13 10:01:41 F1B3414A820BCA2907D57808E8461175 25859584 —-a-w- C:\Users\boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PZMCV7R6\IE10-Windows6.1-x86-nl-nl.exe
2013-11-13 09:53:29 803B370865D907EA21DC0C2B6A8936B5 22016 —-a-w- C:\Windows\System32\lsass.exe
2013-11-13 09:53:11 F1B3414A820BCA2907D57808E8461175 25859584 —-a-w- C:\Users\boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZU77DUX\IE10-Windows6.1-x86-nl-nl.exe
2013-11-13 07:50:01 9812917FE2FCDEA2FD800573D7842E5D 1085542 —-a-w- C:\Users\boss\Desktop\Spy\adwcleaner.exe
2013-11-13 07:37:35 BEC326A14CC264FE6D3BB11E861AE2CD 246408 —-a-w- C:\Users\boss\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
2013-11-13 07:37:34 D05D4E7AB2EDC59C27AFA4BDBE8EBC43 176640 —-a-w- C:\Users\boss\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe
2013-11-13 07:37:34 88E3225D42EB43D99A519080E039FEE4 42880 —-a-w- C:\Users\boss\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
2013-11-13 07:34:43 76B1717148C114D3A47147B1A5CCFFEA 4379048 —-a-w- C:\Users\boss\Downloads\ccsetup407.exe
=== C: other files ==
2013-11-13 09:53:29 F286830298323272260332D6ABC905C1 67520 —-a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-11-13 09:53:29 D7C760D57B1656DD748B9E4AB6CB5A51 136640 —-a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-11-13 09:53:29 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 —-a-w- C:\Windows\System32\drivers\cng.sys
2013-11-13 09:53:04 FDA6F2BB7FA034D95863ED8788B4E416 284672 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbport.sys
2013-11-13 09:53:04 FDA6F2BB7FA034D95863ED8788B4E416 284672 —-a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-13 09:53:04 DCDF9855145A14DFCA0AB32308871961 20480 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbohci.sys
2013-11-13 09:53:04 DCDF9855145A14DFCA0AB32308871961 20480 —-a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-13 09:53:04 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbehci.sys
2013-11-13 09:53:04 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 —-a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-13 09:53:04 8E51D04175BAA14C4F79AA5F6D248770 24064 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbuhci.sys
2013-11-13 09:53:04 8E51D04175BAA14C4F79AA5F6D248770 24064 —-a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-13 09:53:04 86AA95ACB611001E26CD2C0145F2225A 258560 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbhub.sys
2013-11-13 09:53:04 86AA95ACB611001E26CD2C0145F2225A 258560 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_ef2e2e69da5c57df\usbhub.sys
2013-11-13 09:53:04 86AA95ACB611001E26CD2C0145F2225A 258560 —-a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-13 09:53:04 71D97F1A3CC47A56728F7A400A3F8295 76288 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_ef2e2e69da5c57df\usbccgp.sys
2013-11-13 09:53:04 71D97F1A3CC47A56728F7A400A3F8295 76288 —-a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-13 09:53:04 6FB17D7A2E76B838886E5E8C60239DAE 6016 —-a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_12acda10f5c2fedf\usbd.sys
2013-11-13 09:53:04 6FB17D7A2E76B838886E5E8C60239DAE 6016 —-a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-13 07:51:15 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“MSC”=“C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“RIMBBLaunchAgent.exe”=“C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe”
“CanonMyPrinter”=“C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon”
“CanonSolutionMenuEx”=“C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon”
“IJNetworkScannerSelectorEX”=“C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“LogMeIn Hamachi Ui”=“C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe –auto-start”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“DAEMON Tools Pro Agent”
“hkey”=“HKCU”
“command”=“\”D:\\DAEMON Tools Pro\\DTAgent.exe\“ -autorun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Skype\\Phone\\Skype.exe\“ /minimized /regrun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Spotify”
“hkey”=“HKCU”
“command”=“\”C:\\Users\\boss\\AppData\\Roaming\\Spotify\\Spotify.exe\“ /uri spotify:autostart”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Spotify Web Helper”
“hkey”=“HKCU”
“command”=“\”C:\\Users\\boss\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“uTorrent”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\uTorrent\\uTorrent.exe\“ /MINIMIZED”
“item”=“Dropbox”
“path”=“C:\\Users\\boss\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk”
“backup”=“C:\\Windows\\pss\\Dropbox.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\Users\\boss\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\system32\tasks\Adobe Flash Player Updater”
“C:\Windows\system32\tasks\CCleanerSkipUAC”
“C:\Windows\system32\tasks\CreateChoiceProcessTask”
“C:\Windows\system32\tasks\{6773A9CE-9191-467F-B5FE-2A04B2387538}”
“C:\Windows\system32\tasks\{EAA63B31-A58F-43F4-8BAC-F980B2E7581E}”
“C:\Windows\system32\tasks\{F8D073D1-4003-4BF1-AF12-E5DB3E8F1455}”
==== Folders in C:\ProgramData 0-6 Months Old ======================
2013-05-20 22:04:54 ——– d—–w- C:\ProgramData\regid.1986-12.com.adobe
2013-07-27 21:59:37 ——– d—–w- C:\ProgramData\Mozilla
2013-08-09 21:04:46 ——– d—–w- C:\ProgramData\WarThunder
2013-09-20 15:28:58 ——– d—–w- C:\ProgramData\Steam
2013-09-24 13:14:46 ——– d—–w- C:\ProgramData\2683
2013-09-24 13:15:01 ——– d—–w- C:\ProgramData\604a80df-0d73-4921-bd24-5fdd2f1f6224
2013-10-02 15:12:47 ——– d—–w- C:\ProgramData\LogMeIn
2013-10-05 10:44:37 ——– d–h–w- C:\ProgramData\CanonBJ
2013-10-05 10:47:08 ——– d—–w- C:\ProgramData\CanonIJWSpt
2013-10-05 11:37:04 ——– d—–w- C:\ProgramData\Canon IJ Network Tool
2013-10-05 11:37:18 ——– d—–w- C:\ProgramData\CanonIJPLM
2013-10-05 11:38:50 ——– d–h–w- C:\ProgramData\CanonEPP
2013-10-05 11:38:50 ——– d–h–w- C:\ProgramData\CanonIJEPPEX2
2013-10-05 11:38:50 ——– d–h–w- C:\ProgramData\CanonIJMyPrinter
2013-10-05 11:38:50 ——– d–h–w- C:\ProgramData\CanonIJSolutionMenuEX
2013-10-26 12:06:23 ——– d—–w- C:\ProgramData\Oracle
2013-11-13 07:51:16 ——– d—–w- C:\ProgramData\Malwarebytes
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Monique\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx
kfkcangbigakljkjeglcofaomihpejif - C:\Users\armand\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx
==== EOF on wo 13-11-2013 at 11:49:49,77 ======================
Ben

13-11-2013 12:32

Hallo,
Hier zit inderdaad Torpig op, doe zoek.exe nogmaals met de volgende code;
;r
{118BEDCA-A901-4203-B4F2-ADCB957D1889};c
;r
{118BEDCA-A901-4203-B4F2-ADCB957D1882};c
C:\ProgramData\2683;fs
C:\ProgramData\604a80df-0d73-4921-bd24-5fdd2f1f6224;fs
Cjofdnhdkbflacojpfpkchgafjahijbb;chr
kfkcangbigakljkjeglcofaomihpejif;chr
emptyclsid;
emptyfolderscheck;delete
autoclean;
lg

13-11-2013 13:30

Zoals gevraagd
Zoek.exe Version 4.0.0.5 Updated 09-November-2013
Tool run by boss on wo 13-11-2013 at 13:17:51,92.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\boss\Desktop\zoek.exe
==== Older Logs ======================
C:\zoek-results2013-11-13-104949.log 15907 bytes
==== Empty Folders Check ======================
C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\LoiLoScope FREE trial deleted successfully
C:\Program Files\Origin Games deleted successfully
C:\Program Files\Common Files\WuShu_0.0.1.034 deleted successfully
C:\ProgramData\Canon IJ Network Tool deleted successfully
C:\ProgramData\CanonEPP deleted successfully
C:\ProgramData\CanonIJEPPEX2 deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\ProgramData\Tunngle deleted successfully
C:\Users\boss\AppData\Roaming\DAEMON Tools Pro deleted successfully
C:\Users\boss\AppData\Local\WarThunder deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-794593668-1802406415-4176556178-1005\Software\Microsoft\Internet Explorer\SearchScopes\{226F1855-CE63-4A47-BC8F-D55ABFD56C28} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-794593668-1802406415-4176556178-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
C:\ProgramData\2683 deleted
C:\ProgramData\604a80df-0d73-4921-bd24-5fdd2f1f6224 deleted
C:\ProgramData\hash.dat deleted
C:\ProgramData\InstallMate deleted
C:\Users\boss\AppData\LocalLow\store-pp.jbs deleted
“C:\ProgramData\bd7a9f73-f68f-4375-9bcd-7800ff6ae8f7” deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Monique\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx
kfkcangbigakljkjeglcofaomihpejif - C:\Users\armand\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startnederland.nl/”
New Values:
“Start Page”=“http://www.startnederland.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A01BEE9C-DA83-BED0-B60E-0341E4885919} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2769195-8BF0-A671-3DB9-96AF3C7299D2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F91A8AE2-A75A-B050-21CB-4DEE729CB3F8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\Cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif deleted successfully
==== Empty IE Cache ======================
C:\Users\boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\boss\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\boss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
==== EOF on wo 13-11-2013 at 13:24:24,19 ======================
Ben

13-11-2013 13:33

Hallo,
Dat is goed gegaan, doe nog een scan met mbam en plaats dat logje.
lg

13-11-2013 13:49

Logfile van de scan.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.11.13.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
boss :: MONIQUE-PC
13-11-2013 13:44:18
mbam-log-2013-11-13 (13-44-18).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 247259
Verstreken tijd: 4 minuut/minuten, 33 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Ben

13-11-2013 13:58

Hallo,
Dat is weer netjes.
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download
Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Activate UAC
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.
Het is ook aanbevolen als er meerder pc's in het zelfde netwerk zitten die ook te laten controleren.
lg

14-11-2013 17:03

Laatste stap uigevoerd.
Er draait nog een pc in het zelfde netwerk.
Die zal ik ook nog nakijken.
Wederom bedankt voor het meedenken.
LG
Ben

14-11-2013 17:24

Hallo,
Oke bedankt en graag gedaan (tu)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Trojan horse volgens Ziggo

lg

Ben

lg

Ben

lg

Ben

lg

Ben

lg

Ben