voor de zekerheid

Dennis

03-01-2014 13:13

Goedenmiddag
alle beste wensen allen
mijn desktop was overleden en draai nu op mijn laptop
merk alleen dat de cpu veel aan t werk is bij geen gebruik
kan de oog van de meester ff mijn logjes bekijken voor de zkerheid
gr Dennis,
Logfile of random's system information tool 1.09 (written by random/random)
Run by Dennis at 2014-01-03 13:08:00
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 144 GB (75%) free of 191 GB
Total RAM: 1014 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:17, on 3-1-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dennis\Downloads\RSIT.exe
C:\Program Files\trend micro\Dennis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - .DEFAULT User Startup: RUN.CMD (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
–
End of file - 4131 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
======Registry dump======
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
“Driver Genius”=
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=0
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“NoResolveSearch”=1
“NoResolveTrack”=1
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“msacm.l3pacm”=l3codecp.acm
“msacm.aacacm”=AACACM.acm
“msacm.lameacm”=lameACM.acm
“msacm.ac3acm”=ac3acm.acm
“VIDC.LAGS”=lagarith.dll
“VIDC.FFDS”=ff_vfw.dll
“VIDC.X264”=x264vfw.dll
“msacm.ac3filter”=ac3filter.acm
“VIDC.MLCY”=mlc.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2014-01-03 13:08:01 —-D—- C:\Program Files\trend micro
2014-01-03 13:08:00 —-D—- C:\rsit
2014-01-03 13:00:55 —-D—- C:\AdwCleaner
2013-12-18 19:59:27 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-12-18 19:59:24 —-A—- C:\Windows\system32\drivers\terminpt.sys
2013-12-18 19:59:24 —-A—- C:\Windows\system32\drivers\rdpvideominiport.sys
2013-12-18 19:59:22 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-12-18 19:59:21 —-A—- C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-12-18 19:59:19 —-A—- C:\Windows\system32\drivers\TsUsbGD.sys
2013-12-18 19:59:19 —-A—- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-12-18 19:59:15 —-A—- C:\Windows\system32\wksprtPS.dll
2013-12-18 19:59:15 —-A—- C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-12-18 19:59:15 —-A—- C:\Windows\system32\tsgqec.dll
2013-12-18 19:59:15 —-A—- C:\Windows\system32\MsRdpWebAccess.dll
2013-12-18 19:59:14 —-A—- C:\Windows\system32\TSWbPrxy.exe
2013-12-18 19:59:14 —-A—- C:\Windows\system32\rdpudd.dll
2013-12-18 19:59:14 —-A—- C:\Windows\system32\aaclient.dll
2013-12-18 19:59:13 —-A—- C:\Windows\system32\wksprt.exe
2013-12-18 19:59:13 —-A—- C:\Windows\system32\rdpendp_winip.dll
2013-12-18 19:59:10 —-A—- C:\Windows\system32\mstsc.exe
2013-12-18 19:59:06 —-A—- C:\Windows\system32\rdpcorets.dll
2013-12-18 19:58:51 —-A—- C:\Windows\system32\mstscax.dll
2013-12-15 19:30:34 —-D—- C:\Users\Dennis\AppData\Roaming\Malwarebytes
2013-12-15 19:30:13 —-D—- C:\ProgramData\Malwarebytes
2013-12-15 19:30:10 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-12-15 19:30:10 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-12-15 19:25:09 —-D—- C:\Program Files\CCleaner
2013-12-15 14:55:05 —-A—- C:\Windows\system32\msonpmon.dll
2013-12-15 14:52:50 —-D—- C:\Program Files\Microsoft Works
2013-12-15 14:52:07 —-D—- C:\Program Files\Microsoft Visual Studio
2013-12-15 14:52:07 —-D—- C:\Program Files\Common Files\DESIGNER
2013-12-15 14:50:52 —-D—- C:\Windows\PCHEALTH
2013-12-15 14:48:02 —-D—- C:\Program Files\Microsoft Visual Studio 8
2013-12-15 14:46:31 —-D—- C:\Program Files\Microsoft Office
2013-12-15 14:46:29 —-D—- C:\ProgramData\Microsoft Help
2013-12-15 14:44:02 —-RHD—- C:\MSOCache
2013-12-14 17:16:53 —-D—- C:\ProgramData\Spotnet
2013-12-14 17:16:53 —-D—- C:\Program Files\Spotnet
2013-12-14 16:45:06 —-D—- C:\Windows\Migration
2013-12-14 16:29:12 —-D—- C:\Program Files\InstallShield Installation Information
2013-12-14 15:53:03 —-A—- C:\Windows\system32\ie4uinit.exe
2013-12-14 15:53:01 —-A—- C:\Windows\system32\jsproxy.dll
2013-12-14 15:53:00 —-A—- C:\Windows\system32\ieui.dll
2013-12-14 15:53:00 —-A—- C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 15:52:59 —-A—- C:\Windows\system32\jscript9diag.dll
2013-12-14 15:52:59 —-A—- C:\Windows\system32\iesetup.dll
2013-12-14 15:52:59 —-A—- C:\Windows\system32\iernonce.dll
2013-12-14 15:52:59 —-A—- C:\Windows\system32\ieapfltr.dll
2013-12-14 15:52:58 —-A—- C:\Windows\system32\ieUnatt.exe
2013-12-14 15:52:58 —-A—- C:\Windows\system32\ieetwproxystub.dll
2013-12-14 15:52:57 —-A—- C:\Windows\system32\ieetwcollector.exe
2013-12-14 15:52:56 —-A—- C:\Windows\system32\wininet.dll
2013-12-14 15:52:55 —-A—- C:\Windows\system32\urlmon.dll
2013-12-14 15:52:55 —-A—- C:\Windows\system32\iertutil.dll
2013-12-14 15:52:53 —-A—- C:\Windows\system32\ieframe.dll
2013-12-14 15:52:51 —-A—- C:\Windows\system32\mshtml.dll
2013-12-14 15:52:50 —-A—- C:\Windows\system32\jscript9.dll
2013-12-14 14:53:40 —-HD—- C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-14 14:53:22 —-HD—- C:\ProgramData\CanonBJ
2013-12-14 14:52:30 —-A—- C:\Windows\system32\CNMLMA4.DLL
2013-12-13 20:49:57 —-D—- C:\130a4f8439028997e2812adc
2013-12-13 20:48:48 —-A—- C:\Windows\system32\drivers\usbhub.sys
2013-12-13 20:48:48 —-A—- C:\Windows\system32\drivers\usbehci.sys
2013-12-13 20:48:48 —-A—- C:\Windows\system32\drivers\usbccgp.sys
2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbuhci.sys
2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbport.sys
2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbohci.sys
2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbd.sys
2013-12-13 20:07:58 —-A—- C:\Windows\system32\wmp.dll
2013-12-13 20:07:55 —-A—- C:\Windows\system32\wmploc.DLL
2013-12-13 20:02:41 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-13 20:02:41 —-A—- C:\Windows\system32\elshyph.dll
2013-12-13 20:02:40 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-13 20:02:40 —-A—- C:\Windows\system32\msrating.dll
2013-12-13 20:02:40 —-A—- C:\Windows\system32\msls31.dll
2013-12-13 20:02:40 —-A—- C:\Windows\system32\jsIntl.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\url.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\mshtmlmedia.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\iedkcs32.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\ieapfltr.dat
2013-12-13 20:02:39 —-A—- C:\Windows\system32\icardie.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\dxtrans.dll
2013-12-13 20:02:39 —-A—- C:\Windows\system32\dxtmsft.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\wextract.exe
2013-12-13 20:02:38 —-A—- C:\Windows\system32\webcheck.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\vbscript.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\mshtmled.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\msfeeds.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\licmgr10.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\inseng.dll
2013-12-13 20:02:38 —-A—- C:\Windows\system32\iexpress.exe
2013-12-13 20:02:37 —-A—- C:\Windows\system32\pngfilt.dll
2013-12-13 20:02:37 —-A—- C:\Windows\system32\occache.dll
2013-12-13 20:02:37 —-A—- C:\Windows\system32\MshtmlDac.dll
2013-12-13 20:02:37 —-A—- C:\Windows\system32\mshta.exe
2013-12-13 20:02:37 —-A—- C:\Windows\system32\msfeedssync.exe
2013-12-13 20:02:37 —-A—- C:\Windows\system32\msfeedsbs.dll
2013-12-13 20:02:37 —-A—- C:\Windows\system32\jscript.dll
2013-12-13 20:02:37 —-A—- C:\Windows\system32\imgutil.dll
2013-12-13 20:02:37 —-A—- C:\Windows\system32\iepeers.dll
2013-12-13 20:02:36 —-A—- C:\Windows\system32\SetIEInstalledDate.exe
2013-12-13 20:02:36 —-A—- C:\Windows\system32\mshtmler.dll
2013-12-13 20:02:36 —-A—- C:\Windows\system32\iesysprep.dll
2013-12-13 20:02:36 —-A—- C:\Windows\system32\IEAdvpack.dll
2013-12-13 20:01:34 —-A—- C:\Windows\system32\tdh.dll
2013-12-13 20:01:34 —-A—- C:\Windows\system32\ntoskrnl.exe
2013-12-13 20:01:34 —-A—- C:\Windows\system32\ntkrnlpa.exe
2013-12-13 20:01:34 —-A—- C:\Windows\system32\ntdll.dll
2013-12-13 20:01:34 —-A—- C:\Windows\system32\advapi32.dll
2013-12-13 20:01:22 —-A—- C:\Windows\system32\mswsock.dll
2013-12-13 20:01:22 —-A—- C:\Windows\system32\drivers\tcpip.sys
2013-12-13 20:01:22 —-A—- C:\Windows\system32\drivers\afd.sys
2013-12-13 17:26:55 —-A—- C:\Windows\system32\drivers\tssecsrv.sys
2013-12-13 16:38:03 —-A—- C:\Windows\system32\comctl32.dll
2013-12-13 16:38:01 —-A—- C:\Windows\system32\drivers\hidparse.sys
2013-12-13 16:38:01 —-A—- C:\Windows\system32\drivers\hidclass.sys
2013-12-13 16:37:56 —-A—- C:\Windows\system32\rpcrt4.dll
2013-12-13 16:37:49 —-A—- C:\Windows\system32\wintrust.dll
2013-12-13 16:36:50 —-A—- C:\Windows\system32\authui.dll
2013-12-13 16:36:49 —-A—- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-13 16:36:49 —-A—- C:\Windows\system32\credui.dll
2013-12-13 16:35:26 —-A—- C:\Windows\system32\msieftp.dll
2013-12-13 16:35:24 —-A—- C:\Windows\system32\schannel.dll
2013-12-13 16:35:23 —-A—- C:\Windows\system32\sspicli.dll
2013-12-13 16:35:23 —-A—- C:\Windows\system32\ncrypt.dll
2013-12-13 16:35:23 —-A—- C:\Windows\system32\lsasrv.dll
2013-12-13 16:35:23 —-A—- C:\Windows\system32\drivers\ksecpkg.sys
2013-12-13 16:35:23 —-A—- C:\Windows\system32\drivers\ksecdd.sys
2013-12-13 16:35:23 —-A—- C:\Windows\system32\drivers\cng.sys
2013-12-13 16:35:22 —-A—- C:\Windows\system32\sspisrv.dll
2013-12-13 16:35:22 —-A—- C:\Windows\system32\secur32.dll
2013-12-13 16:35:22 —-A—- C:\Windows\system32\lsass.exe
2013-12-13 16:35:06 —-A—- C:\Windows\system32\imagehlp.dll
2013-12-13 16:35:04 —-A—- C:\Windows\system32\wscript.exe
2013-12-13 16:35:04 —-A—- C:\Windows\system32\scrrun.dll
2013-12-13 16:35:04 —-A—- C:\Windows\system32\cscript.exe
2013-12-13 16:35:02 —-A—- C:\Windows\system32\WMPhoto.dll
2013-12-13 16:34:56 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys
2013-12-13 16:34:53 —-A—- C:\Windows\system32\tzres.dll
2013-12-13 16:34:38 —-A—- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-13 16:34:37 —-A—- C:\Windows\system32\dciman32.dll
2013-12-13 16:34:37 —-A—- C:\Windows\system32\atmfd.dll
2013-12-13 16:34:36 —-A—- C:\Windows\system32\lpk.dll
2013-12-13 16:34:36 —-A—- C:\Windows\system32\fontsub.dll
2013-12-13 16:34:36 —-A—- C:\Windows\system32\atmlib.dll
2013-12-13 16:34:32 —-A—- C:\Windows\system32\scavengeui.dll
2013-12-13 16:34:24 —-A—- C:\Windows\system32\win32k.sys
2013-12-13 16:34:12 —-A—- C:\Windows\system32\WMVDECOD.DLL
2013-12-13 16:34:09 —-A—- C:\Windows\system32\drivers\portcls.sys
2013-12-13 16:34:09 —-A—- C:\Windows\system32\drivers\drmk.sys
2013-12-13 16:34:01 —-A—- C:\Windows\system32\WebClnt.dll
2013-12-13 16:34:01 —-A—- C:\Windows\system32\drivers\mrxdav.sys
2013-12-13 16:34:01 —-A—- C:\Windows\system32\davclnt.dll
2013-12-13 16:34:00 —-A—- C:\Windows\system32\gdi32.dll
2013-12-13 16:33:49 —-A—- C:\Windows\system32\shell32.dll
2013-12-13 16:33:48 —-A—- C:\Windows\system32\shdocvw.dll
2013-12-13 16:33:40 —-A—- C:\Windows\system32\drivers\ataport.sys
2013-12-13 16:33:38 —-A—- C:\Windows\system32\IKEEXT.DLL
2013-12-13 16:33:38 —-A—- C:\Windows\system32\FWPUCLNT.DLL
2013-12-13 16:33:37 —-A—- C:\Windows\system32\nshwfp.dll
2013-12-13 16:33:29 —-A—- C:\Windows\system32\cryptsvc.dll
2013-12-13 16:33:29 —-A—- C:\Windows\system32\cryptnet.dll
2013-12-13 16:33:29 —-A—- C:\Windows\system32\crypt32.dll
2013-12-13 16:33:23 —-D—- C:\Program Files\Common Files\Java
2013-12-13 16:33:08 —-A—- C:\Windows\system32\javaws.exe
2013-12-13 16:33:05 —-A—- C:\Windows\system32\drivers\usbcir.sys
2013-12-13 16:33:03 —-A—- C:\Windows\system32\drivers\Wdf01000.sys
2013-12-13 16:32:59 —-A—- C:\Windows\system32\KernelBase.dll
2013-12-13 16:32:59 —-A—- C:\Windows\system32\kernel32.dll
2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-12-13 16:32:58 —-A—- C:\Windows\system32\winsrv.dll
2013-12-13 16:32:58 —-A—- C:\Windows\system32\conhost.exe
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-12-13 16:32:55 —-A—- C:\Windows\system32\WindowsAccessBridge.dll
2013-12-13 16:32:55 —-A—- C:\Windows\system32\javaw.exe
2013-12-13 16:32:55 —-A—- C:\Windows\system32\java.exe
2013-12-13 16:32:54 —-AH—- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-12-13 16:32:54 —-AH—- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
======List of files/folders modified in the last 1 month======
2014-01-03 13:08:13 —-D—- C:\Windows\Prefetch
2014-01-03 13:08:01 —-RD—- C:\Program Files
2014-01-03 13:07:18 —-D—- C:\Windows\Temp
2014-01-03 12:58:28 —-D—- C:\Windows\system32\config
2014-01-03 10:02:13 —-D—- C:\Windows\system32\drivers
2014-01-02 14:20:30 —-SD—- C:\Users\Dennis\AppData\Roaming\Microsoft
2014-01-02 11:10:25 —-SHD—- C:\System Volume Information
2014-01-02 09:33:35 —-D—- C:\Windows
2014-01-01 16:11:01 —-D—- C:\Program Files\ESET
2014-01-01 16:04:09 —-D—- C:\Windows\inf
2014-01-01 16:01:04 —-D—- C:\Windows\System32
2013-12-29 09:36:27 —-D—- C:\Windows\system32\catroot2
2013-12-23 23:35:35 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-12-19 12:15:15 —-SHD—- C:\Windows\Installer
2013-12-19 12:14:22 —-A—- C:\Windows\win.ini
2013-12-18 21:19:21 —-D—- C:\Windows\rescache
2013-12-18 20:05:29 —-D—- C:\Windows\winsxs
2013-12-18 20:03:29 —-D—- C:\Windows\system32\wbem
2013-12-18 20:03:29 —-D—- C:\Windows\system32\nl-NL
2013-12-18 20:03:29 —-D—- C:\Windows\system32\drivers\nl-NL
2013-12-18 20:03:29 —-D—- C:\Windows\PolicyDefinitions
2013-12-18 20:03:27 —-D—- C:\Windows\system32\DriverStore
2013-12-18 19:59:55 —-D—- C:\Windows\system32\catroot
2013-12-17 20:22:09 —-D—- C:\Windows\system32\Tasks
2013-12-16 14:15:43 —-RSD—- C:\Windows\assembly
2013-12-15 21:14:15 —-D—- C:\ProgramData\Adobe
2013-12-15 21:12:35 —-D—- C:\Users\Dennis\AppData\Roaming\Adobe
2013-12-15 19:56:41 —-RSD—- C:\Windows\Fonts
2013-12-15 19:55:51 —-D—- C:\Program Files\Common Files\microsoft shared
2013-12-15 19:30:13 —-HD—- C:\ProgramData
2013-12-15 19:28:03 —-D—- C:\Windows\Panther
2013-12-15 19:28:03 —-D—- C:\Windows\Logs
2013-12-15 19:28:03 —-D—- C:\Windows\debug
2013-12-15 14:52:36 —-D—- C:\Program Files\MSBuild
2013-12-15 14:52:07 —-D—- C:\Program Files\Common Files
2013-12-15 14:52:02 —-D—- C:\Windows\ShellNew
2013-12-15 14:50:52 —-SD—- C:\ProgramData\Microsoft
2013-12-15 14:50:52 —-D—- C:\Program Files\Microsoft.NET
2013-12-15 14:47:26 —-D—- C:\Program Files\Common Files\System
2013-12-15 00:34:50 —-D—- C:\Windows\system32\wdi
2013-12-14 17:13:21 —-D—- C:\Windows\Microsoft.NET
2013-12-14 16:46:05 —-D—- C:\Windows\system32\en-US
2013-12-14 15:56:26 —-D—- C:\Program Files\Internet Explorer
2013-12-13 20:41:47 —-D—- C:\Program Files\Microsoft Silverlight
2013-12-13 20:39:28 —-D—- C:\Program Files\Windows Media Player
2013-12-13 20:39:25 —-D—- C:\Windows\system32\migration
2013-12-13 20:28:54 —-D—- C:\Program Files\Microsoft Security Client
2013-12-13 20:18:23 —-D—- C:\Windows\system32\MRT
2013-12-13 17:54:07 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2013-12-13 16:32:54 —-D—- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 b06diag;Broadcom NetXtreme II Diag Driver; C:\Windows\system32\drivers\bxdiagx.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 BFN7x86;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\Xeno7x86.sys
S3 BFNVis32;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\XenoVx86.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 bxfcoe;bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys
S3 bxois;bxois; C:\Windows\system32\drivers\bxois.sys
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys
S3 E1G60;Stuurprogramma voor Intel(R) PRO/1000 NDIS 6-adapter; C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 IFCoEMP;IFCoEMP; C:\Windows\system32\drivers\ifM60x32.sys
S3 IFCoEVB;IFCoEVB; C:\Windows\system32\drivers\ifP60X32.sys
S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd16032.sys
S3 ioatdma2;Intel(R) QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd26032.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 tsusbhub;Remote Deskotop USB Hub; C:\Windows\system32\drivers\tsusbhub.sys
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\drivers\viac7.sys
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
# AdwCleaner v3.016 - Report created 03/01/2014 at 13:03:37
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Downloads\adwcleaner.exe
# Option : Clean
***** *****
***** *****
Folder Deleted : C:\Program Files\driver-soft
***** *****
***** *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\Software\Driver-Soft
***** *****
-\\ Internet Explorer v11.0.9600.16428
*************************
AdwCleaner.txt - -
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2014.01.03.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Dennis :: DENNIS-PC
3-1-2014 9:53:16
mbam-log-2014-01-03 (09-53-16).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 199990
Verstreken tijd: 8 minuut/minuten, 46 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Ben

03-01-2014 13:57

Hallo,
Download
Zoek.zip naar het bureaublad.
Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.
Antivirus software uitschakelen
Antispy & malware software uitschakelen
Zoek.exe uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
firefoxlook;
emptyclsid;
torpigcheck;
emptyfolderscheck;delete
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht
Dennis

03-01-2014 15:08

hoi Ben
logje
Zoek.exe v5.0.0.0 Updated 02-Januari-2014
Tool run by Dennis on vr 03-01-2014 at 14:49:07,86.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dennis\Desktop\zoek.scr
==== System Restore Info ======================
3-1-2014 14:50:43 Zoek.exe System Restore Point Created Succesfully.
==== Torpig Check ======================
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll
==== Empty Folders Check ======================
C:\ProgramData\DriverGenius deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
==== Deleting Services ======================
==== System Specs ======================
Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)
Memory (RAM): 1015 MB
CPU Info: Genuine Intel(R) CPU T2080 @ 1.73GHz
CPU Speed: 808,1 MHz
Sound Card: Hoofdtelefoon (High Definition |
Luidsprekers (High Definition A |
Display Adapters: Mobile Intel(R) 945 Express Chipset Family | Mobile Intel(R) 945 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe FE Family Controller | Atheros AR5006X Wireless Network Adapter
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCD/DVDW TS-L632D
Ports: COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 186,3GB
Hard Disks - Free: C: 140,0GB
Manufacturer *: TOSHIBA
BIOS Info: AT/AT COMPATIBLE | 03/26/07 | TOSCPL - 6040000
Time Zone: West-Europa (standaardtijd)
Motherboard *: TOSHIBA ISKAE
Country: Nederland
Language: NLD
==== System Specs (Software) ======================
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Internet Explorer Version: 11.0.9600.16476
Adobe Reader version: 11.0.04.63
Sun Java version: 1.7.0_45 (32-bit)
Flash Player version: 11.9.900.170
Shockwave Player version: 11.6.5r635
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Dennis\AppData\Local\Temp ====
2014-01-01 14:25:33 E97973FB5A6873A04AF061446049C1DF 642096 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tscdll32.dll
2014-01-01 14:25:33 5B0514235274FF4C84DC87DE7AF96294 91552 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\BPMNT.dll
2014-01-01 14:25:33 144B85F2E6937EF8E0375E851CC66805 1782808 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\vsapi32.dll
2014-01-01 14:25:08 EE9BF48743DCCEF46527C54BBD8BA5AE 528384 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\libcurl.dll
2014-01-01 14:25:08 DF6FEFE6F98FAFD3E5CE55C81079AF23 315392 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\ssleay32.dll
2014-01-01 14:25:08 DECA60F8772002CB8A7F7215814DDF77 151552 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\libexpatw.dll
2014-01-01 14:25:08 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmcomm.sys
2014-01-01 14:25:08 ACC5FAD1798DBC029D77F08081E268B9 550416 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmfbeng.dll
2014-01-01 14:25:08 A38C1A1003C76E5EEBDAE66B0C7B844F 890192 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmufeng.dll
2014-01-01 14:25:08 9AA69A2F61E7C4F1C6D94A6C3E3680E0 1249280 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\libeay32.dll
2014-01-01 14:25:08 743F1AEFBFEA418A1B80566B22BBAB68 181776 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll
2014-01-01 14:25:08 148D2019D0E7C718793F0E68A87F2FFA 58632 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\utilClientLoader.dll
2014-01-01 14:25:08 0BC449E397A3A82FD48636BFFE19403E 263728 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\TmEngDrv.dll
2014-01-01 14:25:07 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\bspatch.exe
2014-01-01 14:25:07 9B165FA638E01D5CFEBEEB2C7C29244B 1586224 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\hc_core.dll
2014-01-01 14:25:07 75676CFB7D636406059C49280BB00791 824848 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\ICRCHdler.dll
2014-01-01 14:24:56 A7A0791ECADCF96CAEE258033A2D3878 2445744 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HCBackup\hcpackage.exe
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2013-12-18 18:59:24 E951866BAC5A23403F62A349EDBB6EEB 24064 —-a-w- C:\Windows\System32\drivers\terminpt.sys
2013-12-18 18:59:24 65375DF758CA1872AB7EBBBA457FD5E6 14848 —-a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-12-18 18:59:19 9CE253214ACAA5A7D323327D2055EFAA 49664 —-a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-12-18 18:59:19 57C527AF84748B5C2F5178C499C0B81F 27136 —-a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2013-12-15 18:30:10 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-13 19:48:48 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 —-a-w- C:\Windows\System32\drivers\usbehci.sys
2013-12-13 19:48:48 86AA95ACB611001E26CD2C0145F2225A 258560 —-a-w- C:\Windows\System32\drivers\usbhub.sys
2013-12-13 19:48:48 71D97F1A3CC47A56728F7A400A3F8295 76288 —-a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-12-13 19:48:47 FDA6F2BB7FA034D95863ED8788B4E416 284672 —-a-w- C:\Windows\System32\drivers\usbport.sys
2013-12-13 19:48:47 DCDF9855145A14DFCA0AB32308871961 20480 —-a-w- C:\Windows\System32\drivers\usbohci.sys
2013-12-13 19:48:47 8E51D04175BAA14C4F79AA5F6D248770 24064 —-a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-12-13 19:48:47 6FB17D7A2E76B838886E5E8C60239DAE 6016 —-a-w- C:\Windows\System32\drivers\usbd.sys
2013-12-13 19:01:22 F81BB7E487EDCEAB630A7EE66CF23913 338944 —-a-w- C:\Windows\System32\drivers\afd.sys
2013-12-13 19:01:22 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2013-12-13 16:26:55 B37B08F2E5EEB1A37E448E09BACE1101 31232 —-a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-12-13 15:38:01 F1B27299F547D452EDAEF01FC187CB91 25728 —-a-w- C:\Windows\System32\drivers\hidparse.sys
2013-12-13 15:38:01 50ABE682EBE752EAF62B18790D6D491C 55808 —-a-w- C:\Windows\System32\drivers\hidclass.sys
2013-12-13 15:35:23 F286830298323272260332D6ABC905C1 67520 —-a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-12-13 15:35:23 D7C760D57B1656DD748B9E4AB6CB5A51 136640 —-a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-12-13 15:35:23 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 —-a-w- C:\Windows\System32\drivers\cng.sys
2013-12-13 15:34:56 71BC35067CABC02C9453AEAA42B2E43E 729024 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-12-13 15:34:09 EB6137D696A9B4E9718AC6F8641CB4C9 177152 —-a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-13 15:34:09 9842041E2F5ACE1E2F5FB4EF02053DC8 81408 —-a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-13 15:34:01 21F4B24ACFC79A483515BD986DD9043F 115712 —-a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-12-13 15:33:40 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 —-a-w- C:\Windows\System32\drivers\ataport.sys
2013-12-13 15:33:05 2352AB5F9F8F097BF9D41D5A4718A041 86016 —-a-w- C:\Windows\System32\drivers\usbcir.sys
2013-12-13 15:33:03 25944D2CC49E0A6C581D02A74B7D6645 527064 —-a-w- C:\Windows\System32\drivers\Wdf01000.sys
====== C:\Windows\Tasks ======
2013-12-14 15:21:59 DE6602B8DE62695983E0B1A4336A430E 2944 —-a-w- C:\Windows\system32\Tasks\{0209CE6B-9D6E-4FB1-951A-DE78D1F7E339}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-03 12:08:01 ——– d—–w- C:\Program Files\trend micro
2013-12-15 13:52:50 ——– d—–w- C:\Program Files\Microsoft Works
2013-12-15 13:52:07 ——– d—–w- C:\Program Files\Microsoft Visual Studio
2013-12-15 13:52:07 ——– d—–w- C:\Program Files\Common Files\DESIGNER
2013-12-15 13:48:02 ——– d—–w- C:\Program Files\Microsoft Visual Studio 8
2013-12-15 13:46:31 ——– d—–w- C:\Program Files\Microsoft Office
2013-12-14 16:16:53 ——– d—–w- C:\Program Files\Spotnet
2013-12-14 15:29:12 ——– d—–w- C:\Program Files\InstallShield Installation Information
2013-12-13 15:33:23 ——– d—–w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\Dennis\AppData\Roaming ======
2014-01-01 14:56:41 68D52AC035A6D4B58B1C9361BC81AD25 211577 —-a-w- C:\Users\Dennis\AppData\Local\census.cache
2014-01-01 14:56:24 D7724F63BAB3990F4F1852F8E8F28F49 105240 —-a-w- C:\Users\Dennis\AppData\Local\ars.cache
2014-01-01 14:24:56 6DB9D4EA0C15108F943D3AEAED7E2797 36 —-a-w- C:\Users\Dennis\AppData\Local\housecall.guid.cache
2013-12-15 20:12:35 ——– d—–w- C:\Users\Dennis\AppData\Locallow\Adobe
2013-12-15 18:29:57 ——– d—–w- C:\Users\Dennis\AppData\Local\Programs
2013-12-15 13:46:49 ——– d—–w- C:\Users\Dennis\AppData\Local\Microsoft Help
2013-12-14 16:18:00 ——– d—–w- C:\Users\Dennis\AppData\Local\Spotnet
====== C:\Users\Dennis ======
2014-01-03 12:07:03 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Dennis\Downloads\RSIT.exe
2014-01-03 12:00:04 AF5C84446657B48C9B9B870C46438261 1233962 —-a-w- C:\Users\Dennis\Downloads\adwcleaner.exe
2013-12-15 13:55:57 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2013-12-15 13:46:29 ——– d—–w- C:\ProgramData\Microsoft Help
2013-12-15 12:16:16 75493905C9F477E86AD0E0F4EA6103F5 31 —-a-w- C:\ProgramData\anwbbrom2010.cfg
2013-12-14 16:17:02 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet
2013-12-14 16:16:53 ——– d—–w- C:\ProgramData\Spotnet
2013-12-14 13:53:22 ——– d–h–w- C:\ProgramData\CanonBJ
2013-12-13 15:32:55 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
====== C: exe-files ==
2014-01-03 12:08:01 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Dennis.exe
2014-01-03 12:07:03 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Dennis\Downloads\RSIT.exe
2014-01-03 12:00:04 AF5C84446657B48C9B9B870C46438261 1233962 —-a-w- C:\Users\Dennis\Downloads\adwcleaner.exe
2014-01-02 15:59:08 574B62CAD5B2F34A29C2E2AA1D1A16B1 681984 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\setup.exe
2014-01-02 15:57:00 B88B8DA6B88D10319658833BF4C01CFD 62751 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\Name Reverse.2013-QoQ\Setup.exe
2014-01-01 15:11:09 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-01-01 15:11:09 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-01-01 15:11:08 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-01-01 15:11:08 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-01-01 15:11:08 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-01-01 14:25:07 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\bspatch.exe
2014-01-01 14:24:56 A7A0791ECADCF96CAEE258033A2D3878 2445744 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HCBackup\hcpackage.exe
2013-12-27 20:52:32 574B62CAD5B2F34A29C2E2AA1D1A16B1 681984 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\setup.exe
2013-12-27 20:52:16 B88B8DA6B88D10319658833BF4C01CFD 62751 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\Name Reverse.2013-QoQ\Setup.exe
=== C: other files ==
2014-01-03 13:47:05 143D175CE810CD8A686D3D58FBDC83F1 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$IS4Y3HO.zip
2014-01-03 13:42:47 A236007C84A201C15095826B46DF1E46 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$I7DJ7DR.zip
2014-01-03 13:42:22 3E02820FF89462348EF711F79FB726D9 4079821 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$RS4Y3HO.zip
2014-01-03 13:42:22 3E02820FF89462348EF711F79FB726D9 4079821 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$R7DJ7DR.zip
2014-01-02 15:59:10 59484751E6DC9C9897D0B44D7A862CCC 14631 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbv10.xpi
2014-01-02 15:59:10 559B4BBBAD699005F7559395BDEE9D09 22290 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbChrome.crx
2014-01-01 14:25:09 9F8A46D82CA977A74002FEF0A8B0EC73 2570 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2014-01-01 14:25:08 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmcomm.sys
2013-12-27 20:52:35 559B4BBBAD699005F7559395BDEE9D09 22290 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbChrome.crx
2013-12-27 20:52:34 59484751E6DC9C9897D0B44D7A862CCC 14631 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbv10.xpi
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“GrooveMonitor”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
==== Startup Folders ======================
2012-07-11 20:01:57 306 —-a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD
2012-07-11 20:01:57 306 —-a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==== Other Scheduled Tasks ======================
“C:\Windows\system32\tasks\Adobe Flash Player Updater”
“C:\Windows\system32\tasks\CCleanerSkipUAC”
“C:\Windows\system32\tasks\{0209CE6B-9D6E-4FB1-951A-DE78D1F7E339}”
==== Folders in C:\ProgramData 0-6 Months Old ======================
2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Bureaublad
2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Documenten
2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Favorieten
2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Menu Start
2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Sjablonen
2013-07-11 21:47:47 ——– d—–w- C:\ProgramData\Adobe
2013-12-14 13:53:22 ——– d–h–w- C:\ProgramData\CanonBJ
2013-12-14 16:16:53 ——– d—–w- C:\ProgramData\Spotnet
2013-12-15 13:46:29 ——– d—–w- C:\ProgramData\Microsoft Help
2013-12-15 18:30:13 ——– d—–w- C:\ProgramData\Malwarebytes
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.nl/”
“Search Page”=“http://www.google.nl”
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
New Values:
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Start Page”=“http://www.google.nl/”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - .DEFAULT User Startup: RUN.CMD (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==== Empty IE Cache ======================
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Dennis\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Dennis\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on vr 03-01-2014 at 15:06:03,44 ======================
Ben

03-01-2014 15:16

Hallo,
Dit ziet er allemaal netjes uit.
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download
Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
Dennis

03-01-2014 15:31

Gedaan
bedankt Ben
gr Dennis,
Ben

03-01-2014 15:41

Hallo,
Bedankt en graag gedaan.
fazantje

11-01-2014 20:14

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer open.
Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

voor de zekerheid

Dennis

Ben

Dennis

Ben

Dennis

Ben

fazantje