voor de zekerheid

 • Dennis

  Goedenmiddag

  alle beste wensen allen

  mijn desktop was overleden en draai nu op mijn laptop

  merk alleen dat de cpu veel aan t werk is bij geen gebruik

  kan de oog van de meester ff mijn logjes bekijken voor de zkerheid

  gr Dennis,

  Logfile of random's system information tool 1.09 (written by random/random)

  Run by Dennis at 2014-01-03 13:08:00

  Microsoft Windows 7 Ultimate Service Pack 1

  System drive C: has 144 GB (75%) free of 191 GB

  Total RAM: 1014 MB (37% free)

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 13:08:17, on 3-1-2014

  Platform: Windows 7 SP1 (WinNT 6.00.3505)

  MSIE: Internet Explorer v11.0 (11.00.9600.16428)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\taskhost.exe

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Program Files\Microsoft Security Client\msseces.exe

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\Program Files\Synaptics\SynTP\SynToshiba.exe

  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

  C:\Program Files\Internet Explorer\iexplore.exe

  C:\Users\Dennis\Downloads\RSIT.exe

  C:\Program Files\trend micro\Dennis.exe

  C:\Windows\system32\DllHost.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

  O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

  O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

  O4 - .DEFAULT User Startup: RUN.CMD (User ‘Default user’)

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

  O11 - Options group: Accelerated graphics

  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  End of file - 4131 bytes

  ======Scheduled tasks folder======

  C:\Windows\tasks\Adobe Flash Player Updater.job

  ======Registry dump======

  Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

  Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll

  Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll

  “Driver Genius”=

  “MSC”=c:\Program Files\Microsoft Security Client\msseces.exe

  “IgfxTray”=C:\Windows\system32\igfxtray.exe

  “HotKeysCmds”=C:\Windows\system32\hkcmd.exe

  “Persistence”=C:\Windows\system32\igfxpers.exe

  “SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  “GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\Program Files\Common Files\Java\Java Update\jusched.exe

  C:\Windows\system32\igfxdev.dll

  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

  “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

  “SecurityProviders”=credssp.dll

  “ConsentPromptBehaviorAdmin”=0

  “ConsentPromptBehaviorUser”=0

  “EnableLUA”=0

  “EnableUIADesktopToggle”=0

  “dontdisplaylastusername”=0

  “legalnoticecaption”=

  “legalnoticetext”=

  “shutdownwithoutlogon”=1

  “undockwithoutlogon”=1

  “NoDriveTypeAutoRun”=145

  “NoResolveSearch”=1

  “NoResolveTrack”=1

  “vidc.mrle”=msrle32.dll

  “vidc.msvc”=msvidc32.dll

  “msacm.imaadpcm”=imaadp32.acm

  “msacm.msg711”=msg711.acm

  “msacm.msgsm610”=msgsm32.acm

  “msacm.msadpcm”=msadp32.acm

  “midimapper”=midimap.dll

  “wavemapper”=msacm32.drv

  “vidc.uyvy”=msyuv.dll

  “vidc.yuy2”=msyuv.dll

  “vidc.yvyu”=msyuv.dll

  “vidc.iyuv”=iyuv_32.dll

  “vidc.i420”=iyuv_32.dll

  “vidc.yvu9”=tsbyuv.dll

  “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

  “vidc.cvid”=iccvid.dll

  “msacm.l3pacm”=l3codecp.acm

  “msacm.aacacm”=AACACM.acm

  “msacm.lameacm”=lameACM.acm

  “msacm.ac3acm”=ac3acm.acm

  “VIDC.LAGS”=lagarith.dll

  “VIDC.FFDS”=ff_vfw.dll

  “VIDC.X264”=x264vfw.dll

  “msacm.ac3filter”=ac3filter.acm

  “VIDC.MLCY”=mlc.dll

  “wave”=wdmaud.drv

  “midi”=wdmaud.drv

  “mixer”=wdmaud.drv

  “aux”=wdmaud.drv

  ======File associations======

  .js - edit - C:\Windows\System32\Notepad.exe %1

  .js - open - C:\Windows\System32\WScript.exe “%1” %*

  ======List of files/folders created in the last 1 month======

  2014-01-03 13:08:01 —-D—- C:\Program Files\trend micro

  2014-01-03 13:08:00 —-D—- C:\rsit

  2014-01-03 13:00:55 —-D—- C:\AdwCleaner

  2013-12-18 19:59:27 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

  2013-12-18 19:59:24 —-A—- C:\Windows\system32\drivers\terminpt.sys

  2013-12-18 19:59:24 —-A—- C:\Windows\system32\drivers\rdpvideominiport.sys

  2013-12-18 19:59:22 —-A—- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

  2013-12-18 19:59:21 —-A—- C:\Windows\system32\RdpGroupPolicyExtension.dll

  2013-12-18 19:59:19 —-A—- C:\Windows\system32\drivers\TsUsbGD.sys

  2013-12-18 19:59:19 —-A—- C:\Windows\system32\drivers\TsUsbFlt.sys

  2013-12-18 19:59:15 —-A—- C:\Windows\system32\wksprtPS.dll

  2013-12-18 19:59:15 —-A—- C:\Windows\system32\TsUsbGDCoInstaller.dll

  2013-12-18 19:59:15 —-A—- C:\Windows\system32\tsgqec.dll

  2013-12-18 19:59:15 —-A—- C:\Windows\system32\MsRdpWebAccess.dll

  2013-12-18 19:59:14 —-A—- C:\Windows\system32\TSWbPrxy.exe

  2013-12-18 19:59:14 —-A—- C:\Windows\system32\rdpudd.dll

  2013-12-18 19:59:14 —-A—- C:\Windows\system32\aaclient.dll

  2013-12-18 19:59:13 —-A—- C:\Windows\system32\wksprt.exe

  2013-12-18 19:59:13 —-A—- C:\Windows\system32\rdpendp_winip.dll

  2013-12-18 19:59:10 —-A—- C:\Windows\system32\mstsc.exe

  2013-12-18 19:59:06 —-A—- C:\Windows\system32\rdpcorets.dll

  2013-12-18 19:58:51 —-A—- C:\Windows\system32\mstscax.dll

  2013-12-15 19:30:34 —-D—- C:\Users\Dennis\AppData\Roaming\Malwarebytes

  2013-12-15 19:30:13 —-D—- C:\ProgramData\Malwarebytes

  2013-12-15 19:30:10 —-D—- C:\Program Files\Malwarebytes' Anti-Malware

  2013-12-15 19:30:10 —-A—- C:\Windows\system32\drivers\mbam.sys

  2013-12-15 19:25:09 —-D—- C:\Program Files\CCleaner

  2013-12-15 14:55:05 —-A—- C:\Windows\system32\msonpmon.dll

  2013-12-15 14:52:50 —-D—- C:\Program Files\Microsoft Works

  2013-12-15 14:52:07 —-D—- C:\Program Files\Microsoft Visual Studio

  2013-12-15 14:52:07 —-D—- C:\Program Files\Common Files\DESIGNER

  2013-12-15 14:50:52 —-D—- C:\Windows\PCHEALTH

  2013-12-15 14:48:02 —-D—- C:\Program Files\Microsoft Visual Studio 8

  2013-12-15 14:46:31 —-D—- C:\Program Files\Microsoft Office

  2013-12-15 14:46:29 —-D—- C:\ProgramData\Microsoft Help

  2013-12-15 14:44:02 —-RHD—- C:\MSOCache

  2013-12-14 17:16:53 —-D—- C:\ProgramData\Spotnet

  2013-12-14 17:16:53 —-D—- C:\Program Files\Spotnet

  2013-12-14 16:45:06 —-D—- C:\Windows\Migration

  2013-12-14 16:29:12 —-D—- C:\Program Files\InstallShield Installation Information

  2013-12-14 15:53:03 —-A—- C:\Windows\system32\ie4uinit.exe

  2013-12-14 15:53:01 —-A—- C:\Windows\system32\jsproxy.dll

  2013-12-14 15:53:00 —-A—- C:\Windows\system32\ieui.dll

  2013-12-14 15:53:00 —-A—- C:\Windows\system32\ieetwcollectorres.dll

  2013-12-14 15:52:59 —-A—- C:\Windows\system32\jscript9diag.dll

  2013-12-14 15:52:59 —-A—- C:\Windows\system32\iesetup.dll

  2013-12-14 15:52:59 —-A—- C:\Windows\system32\iernonce.dll

  2013-12-14 15:52:59 —-A—- C:\Windows\system32\ieapfltr.dll

  2013-12-14 15:52:58 —-A—- C:\Windows\system32\ieUnatt.exe

  2013-12-14 15:52:58 —-A—- C:\Windows\system32\ieetwproxystub.dll

  2013-12-14 15:52:57 —-A—- C:\Windows\system32\ieetwcollector.exe

  2013-12-14 15:52:56 —-A—- C:\Windows\system32\wininet.dll

  2013-12-14 15:52:55 —-A—- C:\Windows\system32\urlmon.dll

  2013-12-14 15:52:55 —-A—- C:\Windows\system32\iertutil.dll

  2013-12-14 15:52:53 —-A—- C:\Windows\system32\ieframe.dll

  2013-12-14 15:52:51 —-A—- C:\Windows\system32\mshtml.dll

  2013-12-14 15:52:50 —-A—- C:\Windows\system32\jscript9.dll

  2013-12-14 14:53:40 —-HD—- C:\Windows\system32\CanonIJ Uninstaller Information

  2013-12-14 14:53:22 —-HD—- C:\ProgramData\CanonBJ

  2013-12-14 14:52:30 —-A—- C:\Windows\system32\CNMLMA4.DLL

  2013-12-13 20:49:57 —-D—- C:\130a4f8439028997e2812adc

  2013-12-13 20:48:48 —-A—- C:\Windows\system32\drivers\usbhub.sys

  2013-12-13 20:48:48 —-A—- C:\Windows\system32\drivers\usbehci.sys

  2013-12-13 20:48:48 —-A—- C:\Windows\system32\drivers\usbccgp.sys

  2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbuhci.sys

  2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbport.sys

  2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbohci.sys

  2013-12-13 20:48:47 —-A—- C:\Windows\system32\drivers\usbd.sys

  2013-12-13 20:07:58 —-A—- C:\Windows\system32\wmp.dll

  2013-12-13 20:07:55 —-A—- C:\Windows\system32\wmploc.DLL

  2013-12-13 20:02:41 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe

  2013-12-13 20:02:41 —-A—- C:\Windows\system32\elshyph.dll

  2013-12-13 20:02:40 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe

  2013-12-13 20:02:40 —-A—- C:\Windows\system32\msrating.dll

  2013-12-13 20:02:40 —-A—- C:\Windows\system32\msls31.dll

  2013-12-13 20:02:40 —-A—- C:\Windows\system32\jsIntl.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\url.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\mshtmlmedia.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\iedkcs32.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\ieapfltr.dat

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\icardie.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\dxtrans.dll

  2013-12-13 20:02:39 —-A—- C:\Windows\system32\dxtmsft.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\wextract.exe

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\webcheck.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\vbscript.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\mshtmled.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\msfeeds.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\licmgr10.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\inseng.dll

  2013-12-13 20:02:38 —-A—- C:\Windows\system32\iexpress.exe

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\pngfilt.dll

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\occache.dll

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\MshtmlDac.dll

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\mshta.exe

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\msfeedssync.exe

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\msfeedsbs.dll

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\jscript.dll

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\imgutil.dll

  2013-12-13 20:02:37 —-A—- C:\Windows\system32\iepeers.dll

  2013-12-13 20:02:36 —-A—- C:\Windows\system32\SetIEInstalledDate.exe

  2013-12-13 20:02:36 —-A—- C:\Windows\system32\mshtmler.dll

  2013-12-13 20:02:36 —-A—- C:\Windows\system32\iesysprep.dll

  2013-12-13 20:02:36 —-A—- C:\Windows\system32\IEAdvpack.dll

  2013-12-13 20:01:34 —-A—- C:\Windows\system32\tdh.dll

  2013-12-13 20:01:34 —-A—- C:\Windows\system32\ntoskrnl.exe

  2013-12-13 20:01:34 —-A—- C:\Windows\system32\ntkrnlpa.exe

  2013-12-13 20:01:34 —-A—- C:\Windows\system32\ntdll.dll

  2013-12-13 20:01:34 —-A—- C:\Windows\system32\advapi32.dll

  2013-12-13 20:01:22 —-A—- C:\Windows\system32\mswsock.dll

  2013-12-13 20:01:22 —-A—- C:\Windows\system32\drivers\tcpip.sys

  2013-12-13 20:01:22 —-A—- C:\Windows\system32\drivers\afd.sys

  2013-12-13 17:26:55 —-A—- C:\Windows\system32\drivers\tssecsrv.sys

  2013-12-13 16:38:03 —-A—- C:\Windows\system32\comctl32.dll

  2013-12-13 16:38:01 —-A—- C:\Windows\system32\drivers\hidparse.sys

  2013-12-13 16:38:01 —-A—- C:\Windows\system32\drivers\hidclass.sys

  2013-12-13 16:37:56 —-A—- C:\Windows\system32\rpcrt4.dll

  2013-12-13 16:37:49 —-A—- C:\Windows\system32\wintrust.dll

  2013-12-13 16:36:50 —-A—- C:\Windows\system32\authui.dll

  2013-12-13 16:36:49 —-A—- C:\Windows\system32\SmartcardCredentialProvider.dll

  2013-12-13 16:36:49 —-A—- C:\Windows\system32\credui.dll

  2013-12-13 16:35:26 —-A—- C:\Windows\system32\msieftp.dll

  2013-12-13 16:35:24 —-A—- C:\Windows\system32\schannel.dll

  2013-12-13 16:35:23 —-A—- C:\Windows\system32\sspicli.dll

  2013-12-13 16:35:23 —-A—- C:\Windows\system32\ncrypt.dll

  2013-12-13 16:35:23 —-A—- C:\Windows\system32\lsasrv.dll

  2013-12-13 16:35:23 —-A—- C:\Windows\system32\drivers\ksecpkg.sys

  2013-12-13 16:35:23 —-A—- C:\Windows\system32\drivers\ksecdd.sys

  2013-12-13 16:35:23 —-A—- C:\Windows\system32\drivers\cng.sys

  2013-12-13 16:35:22 —-A—- C:\Windows\system32\sspisrv.dll

  2013-12-13 16:35:22 —-A—- C:\Windows\system32\secur32.dll

  2013-12-13 16:35:22 —-A—- C:\Windows\system32\lsass.exe

  2013-12-13 16:35:06 —-A—- C:\Windows\system32\imagehlp.dll

  2013-12-13 16:35:04 —-A—- C:\Windows\system32\wscript.exe

  2013-12-13 16:35:04 —-A—- C:\Windows\system32\scrrun.dll

  2013-12-13 16:35:04 —-A—- C:\Windows\system32\cscript.exe

  2013-12-13 16:35:02 —-A—- C:\Windows\system32\WMPhoto.dll

  2013-12-13 16:34:56 —-A—- C:\Windows\system32\drivers\dxgkrnl.sys

  2013-12-13 16:34:53 —-A—- C:\Windows\system32\tzres.dll

  2013-12-13 16:34:38 —-A—- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

  2013-12-13 16:34:37 —-A—- C:\Windows\system32\dciman32.dll

  2013-12-13 16:34:37 —-A—- C:\Windows\system32\atmfd.dll

  2013-12-13 16:34:36 —-A—- C:\Windows\system32\lpk.dll

  2013-12-13 16:34:36 —-A—- C:\Windows\system32\fontsub.dll

  2013-12-13 16:34:36 —-A—- C:\Windows\system32\atmlib.dll

  2013-12-13 16:34:32 —-A—- C:\Windows\system32\scavengeui.dll

  2013-12-13 16:34:24 —-A—- C:\Windows\system32\win32k.sys

  2013-12-13 16:34:12 —-A—- C:\Windows\system32\WMVDECOD.DLL

  2013-12-13 16:34:09 —-A—- C:\Windows\system32\drivers\portcls.sys

  2013-12-13 16:34:09 —-A—- C:\Windows\system32\drivers\drmk.sys

  2013-12-13 16:34:01 —-A—- C:\Windows\system32\WebClnt.dll

  2013-12-13 16:34:01 —-A—- C:\Windows\system32\drivers\mrxdav.sys

  2013-12-13 16:34:01 —-A—- C:\Windows\system32\davclnt.dll

  2013-12-13 16:34:00 —-A—- C:\Windows\system32\gdi32.dll

  2013-12-13 16:33:49 —-A—- C:\Windows\system32\shell32.dll

  2013-12-13 16:33:48 —-A—- C:\Windows\system32\shdocvw.dll

  2013-12-13 16:33:40 —-A—- C:\Windows\system32\drivers\ataport.sys

  2013-12-13 16:33:38 —-A—- C:\Windows\system32\IKEEXT.DLL

  2013-12-13 16:33:38 —-A—- C:\Windows\system32\FWPUCLNT.DLL

  2013-12-13 16:33:37 —-A—- C:\Windows\system32\nshwfp.dll

  2013-12-13 16:33:29 —-A—- C:\Windows\system32\cryptsvc.dll

  2013-12-13 16:33:29 —-A—- C:\Windows\system32\cryptnet.dll

  2013-12-13 16:33:29 —-A—- C:\Windows\system32\crypt32.dll

  2013-12-13 16:33:23 —-D—- C:\Program Files\Common Files\Java

  2013-12-13 16:33:08 —-A—- C:\Windows\system32\javaws.exe

  2013-12-13 16:33:05 —-A—- C:\Windows\system32\drivers\usbcir.sys

  2013-12-13 16:33:03 —-A—- C:\Windows\system32\drivers\Wdf01000.sys

  2013-12-13 16:32:59 —-A—- C:\Windows\system32\KernelBase.dll

  2013-12-13 16:32:59 —-A—- C:\Windows\system32\kernel32.dll

  2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

  2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

  2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

  2013-12-13 16:32:58 —-AH—- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

  2013-12-13 16:32:58 —-A—- C:\Windows\system32\winsrv.dll

  2013-12-13 16:32:58 —-A—- C:\Windows\system32\conhost.exe

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

  2013-12-13 16:32:57 —-AH—- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

  2013-12-13 16:32:56 —-AH—- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

  2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

  2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

  2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

  2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

  2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

  2013-12-13 16:32:55 —-AH—- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

  2013-12-13 16:32:55 —-A—- C:\Windows\system32\WindowsAccessBridge.dll

  2013-12-13 16:32:55 —-A—- C:\Windows\system32\javaw.exe

  2013-12-13 16:32:55 —-A—- C:\Windows\system32\java.exe

  2013-12-13 16:32:54 —-AH—- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

  2013-12-13 16:32:54 —-AH—- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

  ======List of files/folders modified in the last 1 month======

  2014-01-03 13:08:13 —-D—- C:\Windows\Prefetch

  2014-01-03 13:08:01 —-RD—- C:\Program Files

  2014-01-03 13:07:18 —-D—- C:\Windows\Temp

  2014-01-03 12:58:28 —-D—- C:\Windows\system32\config

  2014-01-03 10:02:13 —-D—- C:\Windows\system32\drivers

  2014-01-02 14:20:30 —-SD—- C:\Users\Dennis\AppData\Roaming\Microsoft

  2014-01-02 11:10:25 —-SHD—- C:\System Volume Information

  2014-01-02 09:33:35 —-D—- C:\Windows

  2014-01-01 16:11:01 —-D—- C:\Program Files\ESET

  2014-01-01 16:04:09 —-D—- C:\Windows\inf

  2014-01-01 16:01:04 —-D—- C:\Windows\System32

  2013-12-29 09:36:27 —-D—- C:\Windows\system32\catroot2

  2013-12-23 23:35:35 —-A—- C:\Windows\system32\PerfStringBackup.INI

  2013-12-19 12:15:15 —-SHD—- C:\Windows\Installer

  2013-12-19 12:14:22 —-A—- C:\Windows\win.ini

  2013-12-18 21:19:21 —-D—- C:\Windows\rescache

  2013-12-18 20:05:29 —-D—- C:\Windows\winsxs

  2013-12-18 20:03:29 —-D—- C:\Windows\system32\wbem

  2013-12-18 20:03:29 —-D—- C:\Windows\system32\nl-NL

  2013-12-18 20:03:29 —-D—- C:\Windows\system32\drivers\nl-NL

  2013-12-18 20:03:29 —-D—- C:\Windows\PolicyDefinitions

  2013-12-18 20:03:27 —-D—- C:\Windows\system32\DriverStore

  2013-12-18 19:59:55 —-D—- C:\Windows\system32\catroot

  2013-12-17 20:22:09 —-D—- C:\Windows\system32\Tasks

  2013-12-16 14:15:43 —-RSD—- C:\Windows\assembly

  2013-12-15 21:14:15 —-D—- C:\ProgramData\Adobe

  2013-12-15 21:12:35 —-D—- C:\Users\Dennis\AppData\Roaming\Adobe

  2013-12-15 19:56:41 —-RSD—- C:\Windows\Fonts

  2013-12-15 19:55:51 —-D—- C:\Program Files\Common Files\microsoft shared

  2013-12-15 19:30:13 —-HD—- C:\ProgramData

  2013-12-15 19:28:03 —-D—- C:\Windows\Panther

  2013-12-15 19:28:03 —-D—- C:\Windows\Logs

  2013-12-15 19:28:03 —-D—- C:\Windows\debug

  2013-12-15 14:52:36 —-D—- C:\Program Files\MSBuild

  2013-12-15 14:52:07 —-D—- C:\Program Files\Common Files

  2013-12-15 14:52:02 —-D—- C:\Windows\ShellNew

  2013-12-15 14:50:52 —-SD—- C:\ProgramData\Microsoft

  2013-12-15 14:50:52 —-D—- C:\Program Files\Microsoft.NET

  2013-12-15 14:47:26 —-D—- C:\Program Files\Common Files\System

  2013-12-15 00:34:50 —-D—- C:\Windows\system32\wdi

  2013-12-14 17:13:21 —-D—- C:\Windows\Microsoft.NET

  2013-12-14 16:46:05 —-D—- C:\Windows\system32\en-US

  2013-12-14 15:56:26 —-D—- C:\Program Files\Internet Explorer

  2013-12-13 20:41:47 —-D—- C:\Program Files\Microsoft Silverlight

  2013-12-13 20:39:28 —-D—- C:\Program Files\Windows Media Player

  2013-12-13 20:39:25 —-D—- C:\Windows\system32\migration

  2013-12-13 20:28:54 —-D—- C:\Program Files\Microsoft Security Client

  2013-12-13 20:18:23 —-D—- C:\Windows\system32\MRT

  2013-12-13 17:54:07 —-A—- C:\Windows\system32\FlashPlayerApp.exe

  2013-12-13 16:32:54 —-D—- C:\Program Files\Java

  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

  R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys

  R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

  R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS

  R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys

  R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

  R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys

  R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys

  R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys

  R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys

  R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys

  R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys

  R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys

  S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys

  S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys

  S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys

  S3 b06diag;Broadcom NetXtreme II Diag Driver; C:\Windows\system32\drivers\bxdiagx.sys

  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys

  S3 BFN7x86;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\Xeno7x86.sys

  S3 BFNVis32;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\XenoVx86.sys

  S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys

  S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys

  S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys

  S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys

  S3 bxfcoe;bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys

  S3 bxois;bxois; C:\Windows\system32\drivers\bxois.sys

  S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys

  S3 E1G60;Stuurprogramma voor Intel(R) PRO/1000 NDIS 6-adapter; C:\Windows\system32\DRIVERS\E1G60I32.sys

  S3 IFCoEMP;IFCoEMP; C:\Windows\system32\drivers\ifM60x32.sys

  S3 IFCoEVB;IFCoEVB; C:\Windows\system32\drivers\ifP60X32.sys

  S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd16032.sys

  S3 ioatdma2;Intel(R) QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd26032.sys

  S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

  S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys

  S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

  S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys

  S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys

  S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys

  S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys

  S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys

  S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys

  S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys

  S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys

  S3 tsusbhub;Remote Deskotop USB Hub; C:\Windows\system32\drivers\tsusbhub.sys

  S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys

  S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys

  S3 ViaC7;Stuurprogramma voor VIA C7-processor; C:\Windows\system32\drivers\viac7.sys

  S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys

  S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys

  ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

  R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe

  R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe

  R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe

  S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

  S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe

  S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

  S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

  S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

  S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

  S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe

  S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe

  S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

  S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

  S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

  S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

  —————–EOF—————–

  # AdwCleaner v3.016 - Report created 03/01/2014 at 13:03:37

  # Updated 23/12/2013 by Xplode

  # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

  # Username : Dennis - DENNIS-PC

  # Running from : C:\Users\Dennis\Downloads\adwcleaner.exe

  # Option : Clean

  ***** *****

  ***** *****

  Folder Deleted : C:\Program Files\driver-soft

  ***** *****

  ***** *****

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}

  Key Deleted : HKLM\Software\Driver-Soft

  ***** *****

  -\\ Internet Explorer v11.0.9600.16428

  *************************

  AdwCleaner.txt - -

  AdwCleaner.txt - -

  ########## EOF - C:\AdwCleaner\AdwCleaner.txt - ##########

  Malwarebytes Anti-Malware 1.75.0.1300

  www.malwarebytes.org

  Databaseversie: v2014.01.03.02

  Windows 7 Service Pack 1 x86 NTFS

  Internet Explorer 11.0.9600.16476

  Dennis :: DENNIS-PC

  3-1-2014 9:53:16

  mbam-log-2014-01-03 (09-53-16).txt

  Scan type: Snelle scan

  Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scan opties: P2P

  Objecten gescand: 199990

  Verstreken tijd: 8 minuut/minuten, 46 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Mappen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  (einde)

 • Ben

  Hallo,

  Download

  Zoek.zip naar het bureaublad.

  Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

  Antivirussoftware uitschakelen

  Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

  Antivirus software uitschakelen

  Antispy & malware software uitschakelen

  Zoek.exe uitvoeren

  Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

  Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".

  Dubbelklik vervolgens op Zoek.exe om de tool te starten.

  Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

  Kopieer nu onderstaande code en plak die in het grote invulvenster:

  Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

  firefoxlook;

  emptyclsid;

  torpigcheck;

  emptyfolderscheck;delete

  chromelook;

  standardsearch;

  filesrcm;

  autoclean;

  startupall;

  Klik nu op de knop "Run script".

  Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

  Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

  Post het geopende logje in het volgende bericht

 • Dennis

  hoi Ben

  logje

  Zoek.exe v5.0.0.0 Updated 02-Januari-2014

  Tool run by Dennis on vr 03-01-2014 at 14:49:07,86.

  Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

  Running in: Normal Mode Internet Access Detected

  Launched: C:\Users\Dennis\Desktop\zoek.scr

  ==== System Restore Info ======================

  3-1-2014 14:50:43 Zoek.exe System Restore Point Created Succesfully.

  ==== Torpig Check ======================

  HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

  HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

  ==== Empty Folders Check ======================

  C:\ProgramData\DriverGenius deleted successfully

  ==== Deleting CLSID Registry Keys ======================

  ==== Deleting CLSID Registry Values ======================

  ==== Running Processes ======================

  C:\Windows\System32\smss.exe

  C:\Windows\system32\csrss.exe

  C:\Windows\system32\csrss.exe

  C:\Windows\system32\wininit.exe

  C:\Windows\system32\services.exe

  C:\Windows\system32\lsass.exe

  C:\Windows\system32\lsm.exe

  C:\Windows\system32\winlogon.exe

  c:\Program Files\Microsoft Security Client\MsMpEng.exe

  C:\Windows\System32\spoolsv.exe

  C:\Windows\system32\taskhost.exe

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  C:\Program Files\Microsoft Security Client\msseces.exe

  C:\Windows\System32\igfxtray.exe

  C:\Windows\System32\hkcmd.exe

  C:\Windows\System32\igfxpers.exe

  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  C:\Windows\system32\igfxsrvc.exe

  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

  C:\Program Files\Synaptics\SynTP\SynToshiba.exe

  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

  C:\Windows\system32\conhost.exe

  C:\Windows\system32\conhost.exe

  C:\Windows\system32\svchost.exe -k DcomLaunch

  C:\Windows\system32\svchost.exe -k RPCSS

  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

  C:\Windows\system32\svchost.exe -k LocalService

  C:\Windows\system32\svchost.exe -k netsvcs

  C:\Windows\system32\svchost.exe -k GPSvcGroup

  C:\Windows\system32\svchost.exe -k NetworkService

  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

  C:\Windows\system32\svchost.exe -k imgsvc

  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

  ==== Deleting Services ======================

  ==== System Specs ======================

  Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)

  Memory (RAM): 1015 MB

  CPU Info: Genuine Intel(R) CPU T2080 @ 1.73GHz

  CPU Speed: 808,1 MHz

  Sound Card: Hoofdtelefoon (High Definition |

  Luidsprekers (High Definition A |

  Display Adapters: Mobile Intel(R) 945 Express Chipset Family | Mobile Intel(R) 945 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

  Monitors: 1x; Algemeen PnP-beeldscherm |

  Screen Resolution: 1280 X 800 - 32 bit

  Network: Network Present

  Network Adapters: Realtek PCIe FE Family Controller | Atheros AR5006X Wireless Network Adapter

  CD / DVD Drives: 1x (D: | ) D: TSSTcorpCD/DVDW TS-L632D

  Ports: COM3 LPT Port NOT Present.

  Mouse: 5 Button Wheel Mouse Present

  Hard Disks: C: 186,3GB

  Hard Disks - Free: C: 140,0GB

  Manufacturer *: TOSHIBA

  BIOS Info: AT/AT COMPATIBLE | 03/26/07 | TOSCPL - 6040000

  Time Zone: West-Europa (standaardtijd)

  Motherboard *: TOSHIBA ISKAE

  Country: Nederland

  Language: NLD

  ==== System Specs (Software) ======================

  Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)

  Anti-Spyware: Windows Defender disabled (Outdated)

  Anti-Spyware: Microsoft Security Essentials disabled (Outdated)

  Internet Explorer Version: 11.0.9600.16476

  Adobe Reader version: 11.0.04.63

  Sun Java version: 1.7.0_45 (32-bit)

  Flash Player version: 11.9.900.170

  Shockwave Player version: 11.6.5r635

  ==== Files Recently Created / Modified ======================

  ====== C:\Windows ====

  ====== C:\Users\Dennis\AppData\Local\Temp ====

  2014-01-01 14:25:33 E97973FB5A6873A04AF061446049C1DF 642096 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tscdll32.dll

  2014-01-01 14:25:33 5B0514235274FF4C84DC87DE7AF96294 91552 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\BPMNT.dll

  2014-01-01 14:25:33 144B85F2E6937EF8E0375E851CC66805 1782808 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\vsapi32.dll

  2014-01-01 14:25:08 EE9BF48743DCCEF46527C54BBD8BA5AE 528384 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\libcurl.dll

  2014-01-01 14:25:08 DF6FEFE6F98FAFD3E5CE55C81079AF23 315392 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\ssleay32.dll

  2014-01-01 14:25:08 DECA60F8772002CB8A7F7215814DDF77 151552 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\libexpatw.dll

  2014-01-01 14:25:08 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmcomm.sys

  2014-01-01 14:25:08 ACC5FAD1798DBC029D77F08081E268B9 550416 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmfbeng.dll

  2014-01-01 14:25:08 A38C1A1003C76E5EEBDAE66B0C7B844F 890192 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmufeng.dll

  2014-01-01 14:25:08 9AA69A2F61E7C4F1C6D94A6C3E3680E0 1249280 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\libeay32.dll

  2014-01-01 14:25:08 743F1AEFBFEA418A1B80566B22BBAB68 181776 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll

  2014-01-01 14:25:08 148D2019D0E7C718793F0E68A87F2FFA 58632 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\utilClientLoader.dll

  2014-01-01 14:25:08 0BC449E397A3A82FD48636BFFE19403E 263728 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\TmEngDrv.dll

  2014-01-01 14:25:07 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\bspatch.exe

  2014-01-01 14:25:07 9B165FA638E01D5CFEBEEB2C7C29244B 1586224 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\hc_core.dll

  2014-01-01 14:25:07 75676CFB7D636406059C49280BB00791 824848 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\ICRCHdler.dll

  2014-01-01 14:24:56 A7A0791ECADCF96CAEE258033A2D3878 2445744 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HCBackup\hcpackage.exe

  ====== Java Cache =====

  ====== C:\Windows\system32 =====

  ====== C:\Windows\system32\drivers =====

  2013-12-18 18:59:24 E951866BAC5A23403F62A349EDBB6EEB 24064 —-a-w- C:\Windows\System32\drivers\terminpt.sys

  2013-12-18 18:59:24 65375DF758CA1872AB7EBBBA457FD5E6 14848 —-a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

  2013-12-18 18:59:19 9CE253214ACAA5A7D323327D2055EFAA 49664 —-a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

  2013-12-18 18:59:19 57C527AF84748B5C2F5178C499C0B81F 27136 —-a-w- C:\Windows\System32\drivers\TsUsbGD.sys

  2013-12-15 18:30:10 4470E3C1E0C3378E4CAB137893C12C3A 22856 —-a-w- C:\Windows\System32\drivers\mbam.sys

  2013-12-13 19:48:48 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 —-a-w- C:\Windows\System32\drivers\usbehci.sys

  2013-12-13 19:48:48 86AA95ACB611001E26CD2C0145F2225A 258560 —-a-w- C:\Windows\System32\drivers\usbhub.sys

  2013-12-13 19:48:48 71D97F1A3CC47A56728F7A400A3F8295 76288 —-a-w- C:\Windows\System32\drivers\usbccgp.sys

  2013-12-13 19:48:47 FDA6F2BB7FA034D95863ED8788B4E416 284672 —-a-w- C:\Windows\System32\drivers\usbport.sys

  2013-12-13 19:48:47 DCDF9855145A14DFCA0AB32308871961 20480 —-a-w- C:\Windows\System32\drivers\usbohci.sys

  2013-12-13 19:48:47 8E51D04175BAA14C4F79AA5F6D248770 24064 —-a-w- C:\Windows\System32\drivers\usbuhci.sys

  2013-12-13 19:48:47 6FB17D7A2E76B838886E5E8C60239DAE 6016 —-a-w- C:\Windows\System32\drivers\usbd.sys

  2013-12-13 19:01:22 F81BB7E487EDCEAB630A7EE66CF23913 338944 —-a-w- C:\Windows\System32\drivers\afd.sys

  2013-12-13 19:01:22 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 —-a-w- C:\Windows\System32\drivers\tcpip.sys

  2013-12-13 16:26:55 B37B08F2E5EEB1A37E448E09BACE1101 31232 —-a-w- C:\Windows\System32\drivers\tssecsrv.sys

  2013-12-13 15:38:01 F1B27299F547D452EDAEF01FC187CB91 25728 —-a-w- C:\Windows\System32\drivers\hidparse.sys

  2013-12-13 15:38:01 50ABE682EBE752EAF62B18790D6D491C 55808 —-a-w- C:\Windows\System32\drivers\hidclass.sys

  2013-12-13 15:35:23 F286830298323272260332D6ABC905C1 67520 —-a-w- C:\Windows\System32\drivers\ksecdd.sys

  2013-12-13 15:35:23 D7C760D57B1656DD748B9E4AB6CB5A51 136640 —-a-w- C:\Windows\System32\drivers\ksecpkg.sys

  2013-12-13 15:35:23 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 —-a-w- C:\Windows\System32\drivers\cng.sys

  2013-12-13 15:34:56 71BC35067CABC02C9453AEAA42B2E43E 729024 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys

  2013-12-13 15:34:09 EB6137D696A9B4E9718AC6F8641CB4C9 177152 —-a-w- C:\Windows\System32\drivers\portcls.sys

  2013-12-13 15:34:09 9842041E2F5ACE1E2F5FB4EF02053DC8 81408 —-a-w- C:\Windows\System32\drivers\drmk.sys

  2013-12-13 15:34:01 21F4B24ACFC79A483515BD986DD9043F 115712 —-a-w- C:\Windows\System32\drivers\mrxdav.sys

  2013-12-13 15:33:40 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 —-a-w- C:\Windows\System32\drivers\ataport.sys

  2013-12-13 15:33:05 2352AB5F9F8F097BF9D41D5A4718A041 86016 —-a-w- C:\Windows\System32\drivers\usbcir.sys

  2013-12-13 15:33:03 25944D2CC49E0A6C581D02A74B7D6645 527064 —-a-w- C:\Windows\System32\drivers\Wdf01000.sys

  ====== C:\Windows\Tasks ======

  2013-12-14 15:21:59 DE6602B8DE62695983E0B1A4336A430E 2944 —-a-w- C:\Windows\system32\Tasks\{0209CE6B-9D6E-4FB1-951A-DE78D1F7E339}

  ====== C:\Windows\Temp ======

  ======= C:\Program Files =====

  2014-01-03 12:08:01 ——– d—–w- C:\Program Files\trend micro

  2013-12-15 13:52:50 ——– d—–w- C:\Program Files\Microsoft Works

  2013-12-15 13:52:07 ——– d—–w- C:\Program Files\Microsoft Visual Studio

  2013-12-15 13:52:07 ——– d—–w- C:\Program Files\Common Files\DESIGNER

  2013-12-15 13:48:02 ——– d—–w- C:\Program Files\Microsoft Visual Studio 8

  2013-12-15 13:46:31 ——– d—–w- C:\Program Files\Microsoft Office

  2013-12-14 16:16:53 ——– d—–w- C:\Program Files\Spotnet

  2013-12-14 15:29:12 ——– d—–w- C:\Program Files\InstallShield Installation Information

  2013-12-13 15:33:23 ——– d—–w- C:\Program Files\Common Files\Java

  ======= C: =====

  ====== C:\Users\Dennis\AppData\Roaming ======

  2014-01-01 14:56:41 68D52AC035A6D4B58B1C9361BC81AD25 211577 —-a-w- C:\Users\Dennis\AppData\Local\census.cache

  2014-01-01 14:56:24 D7724F63BAB3990F4F1852F8E8F28F49 105240 —-a-w- C:\Users\Dennis\AppData\Local\ars.cache

  2014-01-01 14:24:56 6DB9D4EA0C15108F943D3AEAED7E2797 36 —-a-w- C:\Users\Dennis\AppData\Local\housecall.guid.cache

  2013-12-15 20:12:35 ——– d—–w- C:\Users\Dennis\AppData\Locallow\Adobe

  2013-12-15 18:29:57 ——– d—–w- C:\Users\Dennis\AppData\Local\Programs

  2013-12-15 13:46:49 ——– d—–w- C:\Users\Dennis\AppData\Local\Microsoft Help

  2013-12-14 16:18:00 ——– d—–w- C:\Users\Dennis\AppData\Local\Spotnet

  ====== C:\Users\Dennis ======

  2014-01-03 12:07:03 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Dennis\Downloads\RSIT.exe

  2014-01-03 12:00:04 AF5C84446657B48C9B9B870C46438261 1233962 —-a-w- C:\Users\Dennis\Downloads\adwcleaner.exe

  2013-12-15 13:55:57 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

  2013-12-15 13:46:29 ——– d—–w- C:\ProgramData\Microsoft Help

  2013-12-15 12:16:16 75493905C9F477E86AD0E0F4EA6103F5 31 —-a-w- C:\ProgramData\anwbbrom2010.cfg

  2013-12-14 16:17:02 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet

  2013-12-14 16:16:53 ——– d—–w- C:\ProgramData\Spotnet

  2013-12-14 13:53:22 ——– d–h–w- C:\ProgramData\CanonBJ

  2013-12-13 15:32:55 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

  ====== C: exe-files ==

  2014-01-03 12:08:01 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Dennis.exe

  2014-01-03 12:07:03 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Dennis\Downloads\RSIT.exe

  2014-01-03 12:00:04 AF5C84446657B48C9B9B870C46438261 1233962 —-a-w- C:\Users\Dennis\Downloads\adwcleaner.exe

  2014-01-02 15:59:08 574B62CAD5B2F34A29C2E2AA1D1A16B1 681984 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\setup.exe

  2014-01-02 15:57:00 B88B8DA6B88D10319658833BF4C01CFD 62751 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\Name Reverse.2013-QoQ\Setup.exe

  2014-01-01 15:11:09 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

  2014-01-01 15:11:09 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

  2014-01-01 15:11:08 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

  2014-01-01 15:11:08 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files\ESET\ESET Online Scanner\ESETSmartInstaller.exe

  2014-01-01 15:11:08 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

  2014-01-01 14:25:07 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\bspatch.exe

  2014-01-01 14:24:56 A7A0791ECADCF96CAEE258033A2D3878 2445744 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HCBackup\hcpackage.exe

  2013-12-27 20:52:32 574B62CAD5B2F34A29C2E2AA1D1A16B1 681984 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\setup.exe

  2013-12-27 20:52:16 B88B8DA6B88D10319658833BF4C01CFD 62751 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\Name Reverse.2013-QoQ\Setup.exe

  === C: other files ==

  2014-01-03 13:47:05 143D175CE810CD8A686D3D58FBDC83F1 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$IS4Y3HO.zip

  2014-01-03 13:42:47 A236007C84A201C15095826B46DF1E46 544 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$I7DJ7DR.zip

  2014-01-03 13:42:22 3E02820FF89462348EF711F79FB726D9 4079821 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$RS4Y3HO.zip

  2014-01-03 13:42:22 3E02820FF89462348EF711F79FB726D9 4079821 —-a-w- C:\$Recycle.Bin\S-1-5-21-1347400070-404431353-3123817296-1000\$R7DJ7DR.zip

  2014-01-02 15:59:10 59484751E6DC9C9897D0B44D7A862CCC 14631 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbv10.xpi

  2014-01-02 15:59:10 559B4BBBAD699005F7559395BDEE9D09 22290 —-a-w- C:\Users\Dennis\Downloads\You're Next (2011) AC3 DD20 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbChrome.crx

  2014-01-01 14:25:09 9F8A46D82CA977A74002FEF0A8B0EC73 2570 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip

  2014-01-01 14:25:08 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Users\Dennis\AppData\Local\Temp\HouseCall\tmcomm.sys

  2013-12-27 20:52:35 559B4BBBAD699005F7559395BDEE9D09 22290 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbChrome.crx

  2013-12-27 20:52:34 59484751E6DC9C9897D0B44D7A862CCC 14631 —-a-w- C:\Users\Dennis\Downloads\The Banshee Chapter (2013) HQ AC3 DD51 (Ingebakken Subs)\INFO HANNES3\Busca Plugins\Busca Plugins\BuscaNzbv10.xpi

  ==== Startup Registry Enabled ======================

  “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

  “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

  “mctadmin”=“C:\Windows\System32\mctadmin.exe”

  “mctadmin”=“C:\Windows\System32\mctadmin.exe”

  “MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”

  “IgfxTray”=“C:\Windows\system32\igfxtray.exe”

  “HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”

  “Persistence”=“C:\Windows\system32\igfxpers.exe”

  “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”

  “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

  ==== Startup Registry Disabled ======================

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“Adobe ARM”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“GrooveMonitor”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\“”

  “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

  “item”=“SunJavaUpdateSched”

  “hkey”=“HKLM”

  “command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”

  ==== Startup Folders ======================

  2012-07-11 20:01:57 306 —-a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD

  2012-07-11 20:01:57 306 —-a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD

  ==== Task Scheduler Jobs ======================

  C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  ==== Other Scheduled Tasks ======================

  “C:\Windows\system32\tasks\Adobe Flash Player Updater”

  “C:\Windows\system32\tasks\CCleanerSkipUAC”

  “C:\Windows\system32\tasks\{0209CE6B-9D6E-4FB1-951A-DE78D1F7E339}”

  ==== Folders in C:\ProgramData 0-6 Months Old ======================

  2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Bureaublad

  2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Documenten

  2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Favorieten

  2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Menu Start

  2013-07-11 19:23:44 ——– d-sh–we C:\ProgramData\Sjablonen

  2013-07-11 21:47:47 ——– d—–w- C:\ProgramData\Adobe

  2013-12-14 13:53:22 ——– d–h–w- C:\ProgramData\CanonBJ

  2013-12-14 16:16:53 ——– d—–w- C:\ProgramData\Spotnet

  2013-12-15 13:46:29 ——– d—–w- C:\ProgramData\Microsoft Help

  2013-12-15 18:30:13 ——– d—–w- C:\ProgramData\Malwarebytes

  ==== Set IE to Default ======================

  Old Values:

  “Start Page”=“http://www.google.nl/”

  “Search Page”=“http://www.google.nl”

  “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”

  New Values:

  “Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

  “Start Page”=“http://www.google.nl/”

  “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

  ==== All HKCU SearchScopes ======================

  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

  {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR”

  {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

  ==== HijackThis Entries ======================

  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

  O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey

  O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe

  O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe

  O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe

  O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

  O4 - HKLM\..\Run: “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

  O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

  O4 - .DEFAULT User Startup: RUN.CMD (User ‘Default user’)

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

  O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

  O11 - Options group: Accelerated graphics

  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  ==== Empty IE Cache ======================

  C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

  ==== Empty FireFox Cache ======================

  No FireFox Profiles found

  ==== Empty Chrome Cache ======================

  No Chrome User Data found

  ==== Empty All Flash Cache ======================

  Flash Cache Emptied Successfully

  ==== Empty All Java Cache ======================

  Java Cache cleared successfully

  ==== C:\zoek_backup content ======================

  C:\zoek_backup (files=0 folders=0 0 bytes)

  ==== Empty Temp Folders ======================

  C:\Users\Default\AppData\Local\Temp emptied successfully

  C:\Users\Default User\AppData\Local\Temp emptied successfully

  C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

  C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

  C:\Users\Dennis\AppData\Local\Temp will be emptied at reboot

  C:\Windows\Temp will be emptied at reboot

  ==== After Reboot ======================

  ==== Empty Temp Folders ======================

  C:\Windows\Temp successfully emptied

  C:\Users\Dennis\AppData\Local\Temp successfully emptied

  ==== Empty Recycle Bin ======================

  C:\$RECYCLE.BIN successfully emptied

  ==== EOF on vr 03-01-2014 at 15:06:03,44 ======================

 • Ben

  Hallo,

  Dit ziet er allemaal netjes uit.

  Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.

  Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:

  Download

  Delfix by Xplode naar het bureaublad.

  Dubbelklik op Delfix.exe om de tool te starten.

  Zet nu vinkjes voor de volgende items:

  Remove disinfection tools

  Purge System Restore

  Reset system settings

  Klik nu op "Run" en wacht geduldig tot de tool gereed is.

  Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.

  Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.

 • Dennis

  Gedaan

  bedankt Ben

  gr Dennis,

 • Ben

  Hallo,

  Bedankt en graag gedaan.

 • fazantje

  Omdat dit topic is opgelost word het gesloten.

  Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).

  Zij zullen dan het “slotje” er van af halen en het topic is weer open.

  Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.