Ga naar inhoud

logje nazien a.u.b.


Aanbevolen berichten

Dit is de pc van mijn vrouw en ze zegt dat ze vorige week ineens een beest op het scherm zag.Ik heb het zelf niet gezien want in paniek heeft ze het direct weggeklikt.Ik heb malwarebytes en adwcleaner al gebruikt.Malwarebytes heeft niets gevonden en adwcleaner heeft een paar dingen verwijdert.Kan iemand dit logje eens nazien of er misschien nog iets niet juist is.

Alvast bedankt

mvg Jopke

 

ALogfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-12-15 03:31:33
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 409 GB (88%) free of 463 GB
Total RAM: 2815 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:43, on 15/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HitmanPro.Alert Service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9103 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /service
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
taskeng.exe {60DD1069-3271-480F-B834-B83E48301B6A}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 408
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d157441e-3642-4b4c-abc3-648771cf8c9e -SystemEventPortName:HostProcess-88c85263-23f9-4554-9769-ef994d6d017d -IoCancelEventPortName:HostProcess-e8da7a15-28ab-4336-af3a-56592285dcd1 -NonStateChangingEventPortName:HostProcess-aad02706-e4bd-4922-9b2e-c4f9638de851 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b38c8dae-29d1-4676-9bd8-d4d9b8687c96 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://www.pc-helpforum.be/forum/"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\User\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\Windows\tasks\PCDRScheduledMaintenance.job - C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe  -fh scripts\monthly.xml -st PCDRScheduledMaintenance

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3bcnw6i.default-1399439885221

prefs.js - "browser.startup.homepage" -  "http://preview.msn.com/?FORM=MI1206&OCID=MI1206"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.6.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2014-11-14 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-11-14 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 6133848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 4439128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-05-21 2342800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceOG]
C:\Program Files (x86)\Hercules\Hercules Optical Glass\XtrCtrlEx.exe [2011-09-07 3382568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-05-02 1282120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2010-06-29 1689144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01 22066272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2009-06-22 60464]
"UpdatePRCShortCut"=C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-12-12 5227112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2009-10-23 52272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-15 03:31:34 ----D---- C:\Program Files\trend micro
2014-12-15 03:31:33 ----D---- C:\rsit
2014-12-12 19:46:45 ----D---- C:\Windows\system32\appraiser
2014-12-12 19:37:07 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-12-12 19:37:06 ----A---- C:\Windows\system32\mf.dll
2014-12-12 19:33:22 ----A---- C:\Windows\system32\appraiser.dll
2014-12-12 19:33:22 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-12 19:33:22 ----A---- C:\Windows\system32\aepic.dll
2014-12-12 19:33:21 ----A---- C:\Windows\system32\invagent.dll
2014-12-12 19:33:21 ----A---- C:\Windows\system32\aeinv.dll
2014-12-12 19:33:18 ----A---- C:\Windows\system32\generaltel.dll
2014-12-12 19:33:16 ----A---- C:\Windows\system32\aepdu.dll
2014-12-12 19:33:11 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-12 19:33:09 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-12 19:33:05 ----A---- C:\Windows\system32\drivers\tdx.sys
2014-12-12 19:32:58 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-12 19:32:58 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-12-12 19:32:58 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-12-12 19:32:58 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-12-12 19:32:57 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-12 19:32:57 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-12 19:32:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-12 19:32:56 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-12-12 19:32:56 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-12 19:32:56 ----A---- C:\Windows\system32\iernonce.dll
2014-12-12 19:32:55 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-12 19:32:55 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-12 19:32:55 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 19:32:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-12 19:32:53 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-12 19:32:53 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-12-12 19:32:52 ----A---- C:\Windows\system32\urlmon.dll
2014-12-12 19:32:52 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-12 19:32:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-12 19:32:51 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-12-12 19:32:51 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-12 19:32:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-12 19:32:51 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 19:32:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 19:32:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-12-12 19:32:49 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-12 19:32:49 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-12 19:32:49 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-12 19:32:48 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-12 19:32:48 ----A---- C:\Windows\system32\iesetup.dll
2014-12-12 19:32:47 ----A---- C:\Windows\system32\ieapfltr.dll
2014-12-12 19:32:46 ----A---- C:\Windows\system32\iertutil.dll
2014-12-12 19:32:45 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-12-12 19:32:45 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-12 19:32:44 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-12 19:32:44 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-12-12 19:32:44 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-12 19:32:44 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-12 19:32:43 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-12-12 19:32:42 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-12 19:32:41 ----A---- C:\Windows\system32\ieui.dll
2014-12-12 19:32:41 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-12 19:32:40 ----A---- C:\Windows\system32\ieframe.dll
2014-12-12 19:32:39 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-12-12 19:32:39 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-12 19:32:39 ----A---- C:\Windows\system32\jscript9diag.dll
2014-12-12 19:32:38 ----A---- C:\Windows\system32\vbscript.dll
2014-12-12 19:32:38 ----A---- C:\Windows\system32\jscript9.dll
2014-12-12 19:32:37 ----A---- C:\Windows\system32\wininet.dll
2014-12-12 19:32:34 ----A---- C:\Windows\system32\msrating.dll
2014-12-12 19:32:34 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-12-12 19:32:32 ----A---- C:\Windows\system32\mshtml.dll
2014-12-12 19:31:08 ----A---- C:\Windows\system32\charmap.exe
2014-12-12 19:31:07 ----A---- C:\Windows\SYSWOW64\charmap.exe
2014-12-12 19:31:05 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2014-12-12 19:31:05 ----A---- C:\Windows\system32\WsmWmiPl.dll
2014-12-12 19:31:05 ----A---- C:\Windows\system32\WsmSvc.dll
2014-12-12 19:31:05 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 19:31:05 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2014-12-12 19:31:04 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2014-12-12 19:31:04 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2014-12-12 19:31:04 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2014-12-12 19:31:04 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2014-12-12 19:31:04 ----A---- C:\Windows\system32\WsmAuto.dll
2014-12-12 19:30:54 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-12-12 19:30:54 ----A---- C:\Windows\system32\tzres.dll
2014-12-12 19:21:22 ----A---- C:\Windows\system32\aswBoot.exe
2014-12-10 03:37:09 ----A---- C:\Windows\system32\devinv.dll
2014-12-02 05:44:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-30 10:38:27 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-19 04:05:37 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-11-19 04:05:37 ----A---- C:\Windows\system32\pku2u.dll
2014-11-19 04:05:37 ----A---- C:\Windows\system32\kerberos.dll
2014-11-19 04:05:36 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-18 14:56:48 ----A---- C:\Windows\SYSWOW64\FM20.DLL
2014-11-17 07:51:55 ----HD---- C:\ProgramData\CanonIJMIG
2014-11-17 07:49:28 ----D---- C:\ProgramData\CanonIJPLM
2014-11-17 07:49:11 ----HD---- C:\ProgramData\CanonIJScan
2014-11-17 07:48:59 ----D---- C:\Users\User\AppData\Roaming\Canon
2014-11-17 07:48:56 ----HD---- C:\ProgramData\CanonIJQuickMenu
2014-11-17 07:40:09 ----A---- C:\Windows\SYSWOW64\CNC_BXL.dll
2014-11-17 07:40:08 ----A---- C:\Windows\SYSWOW64\CNHMCA.dll
2014-11-17 07:30:08 ----D---- C:\ProgramData\CanonIJWSpt
2014-11-17 07:27:06 ----D---- C:\Program Files\Canon
2014-11-17 07:26:28 ----HD---- C:\ProgramData\CanonBJ
2014-11-17 07:26:17 ----A---- C:\Windows\system32\CNHMCA6.dll
2014-11-17 07:26:17 ----A---- C:\Windows\system32\CNC_BXL.dll
2014-11-17 07:26:17 ----A---- C:\Windows\system32\CNC_BXI.dll
2014-11-17 07:26:17 ----A---- C:\Windows\system32\CNC_BXC.dll
2014-11-17 07:25:59 ----A---- C:\Windows\system32\CNMLMBX.DLL
2014-11-17 07:25:48 ----HD---- C:\Program Files\CanonBJ
2014-11-17 07:24:15 ----D---- C:\Program Files (x86)\Canon

======List of files/folders modified in the last 1 month======

2014-12-15 03:31:43 ----D---- C:\Windows\Prefetch
2014-12-15 03:31:35 ----D---- C:\Windows\Temp
2014-12-15 03:31:34 ----D---- C:\Program Files
2014-12-15 03:25:26 ----D---- C:\Windows\system32\config
2014-12-13 04:43:37 ----D---- C:\Windows\rescache
2014-12-13 04:40:03 ----D---- C:\Windows\inf
2014-12-12 19:49:02 ----D---- C:\Windows\winsxs
2014-12-12 19:48:24 ----D---- C:\Windows
2014-12-12 19:47:04 ----D---- C:\Windows\system32\catroot
2014-12-12 19:46:45 ----SD---- C:\Windows\system32\CompatTel
2014-12-12 19:46:45 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-12-12 19:46:45 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-12 19:46:45 ----D---- C:\Windows\SysWOW64
2014-12-12 19:46:45 ----D---- C:\Windows\system32\drivers
2014-12-12 19:46:45 ----D---- C:\Windows\System32
2014-12-12 19:46:45 ----D---- C:\Windows\AppCompat
2014-12-12 19:46:45 ----D---- C:\Program Files\Internet Explorer
2014-12-12 19:46:44 ----D---- C:\Windows\system32\nl-NL
2014-12-12 19:46:44 ----D---- C:\Windows\system32\en-US
2014-12-12 19:46:44 ----D---- C:\Windows\PolicyDefinitions
2014-12-12 19:46:44 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-12 19:45:43 ----SHD---- C:\Windows\Installer
2014-12-12 19:45:39 ----D---- C:\ProgramData\Microsoft Help
2014-12-12 19:45:13 ----D---- C:\Windows\system32\MRT
2014-12-12 19:40:27 ----A---- C:\Windows\system32\MRT.exe
2014-12-12 19:34:32 ----SHD---- C:\System Volume Information
2014-12-12 19:26:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-12 19:24:03 ----D---- C:\Windows\system32\catroot2
2014-12-12 19:21:55 ----D---- C:\Windows\system32\Tasks
2014-12-12 19:18:28 ----D---- C:\Windows\system32\wbem
2014-12-12 19:17:47 ----D---- C:\Windows\Tasks
2014-12-12 19:17:47 ----D---- C:\Windows\system32\wfp
2014-12-12 19:17:47 ----D---- C:\Windows\system32\DriverStore
2014-12-12 19:17:43 ----D---- C:\Windows\system32\CodeIntegrity
2014-12-12 19:17:43 ----D---- C:\Windows\servicing
2014-12-12 19:17:42 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-12 19:17:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-12-12 19:17:41 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-12-12 19:17:25 ----D---- C:\Windows\registration
2014-12-12 19:16:33 ----SD---- C:\ProgramData\Microsoft
2014-12-10 04:30:07 ----D---- C:\Windows\debug
2014-12-07 15:20:53 ----D---- C:\Users\User\AppData\Roaming\Skype
2014-12-05 13:51:44 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 19:06:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-02 10:15:05 ----RD---- C:\Program Files (x86)
2014-11-28 04:38:56 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2014-11-17 07:51:55 ----HD---- C:\ProgramData
2014-11-17 07:40:11 ----RSD---- C:\Windows\Media
2014-11-17 07:40:08 ----D---- C:\Windows\twain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-11-14 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-11-14 267632]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-06-22 240672]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-11-14 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-22 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-11-14 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-11-14 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-11-14 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-11-14 116728]
R2 hmpalert;HitmanPro.Alert Support Driver; \??\C:\Windows\system32\drivers\hmpalert.sys [2014-04-09 93144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-20 4720616]
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2009-05-19 339360]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 hxctlflt;hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [2009-02-08 111104]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 SNP2UVC;Hercules Webcam; C:\Windows\system32\DRIVERS\snp2uvc.sys [2011-04-29 3565056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-11-14 50344]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-03-11 241728]
R2 hmpalertsvc;HitmanPro.Alert Service; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-04-09 1876816]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-07-09 124928]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2013-05-14 140936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-01 159336]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-29 3463080]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12 267440]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-02 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
 

Link naar reactie
Delen op andere sites

Het grootste onheil schijnt door de snelle reactie en/of de inmiddels gebruikte tools al verwijderd te zijn. Maar voor de zekerheid gaan we nog even dieper kijken.

 

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
""=-;r64
emptyfolderscheck;delete
startupall;
filesrcm;
  • Klik op de knop "More options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan
  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.
Zoek.exe logbestand plaatsen
  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
aangepast door kape
Link naar reactie
Delen op andere sites

Hallo Kape,alvast bedankt voor de hulp en hier is het logje

 

Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by User on ma 15/12/2014 at  8:54:14,37.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

15/12/2014 8:56:51 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\Users\User\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\User\AppData\Local\Adobe deleted successfully
C:\Users\User\AppData\Local\MigWiz deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1786167400-2633826401-982318652-1000\Software\Microsoft\Internet Explorer\SearchScopes\{81534B13-4FB5-4FCE-B4EC-58511D3C5FA9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\actsc9ga.default

user.js not found
---- Lines iminent modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"webbooster@iminent.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\
---- FireFox user.js and prefs.js backups ----

prefs_20141512_0910_.backup

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3bcnw6i.default-1399439885221

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20141512_0910_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""=-

==== Deleting Files \ Folders ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-12-12 18:37:07    FF0A6E76FAE624AC74780AB008752F98    3209728    ----a-w-    C:\Windows\SysWOW64\mf.dll
2014-12-12 18:33:09    E1456E7396022EBE4E5434188D1AC8B0    1230336    ----a-w-    C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 18:32:58    BB25F69463AD8E7E51B5D9D158B5F8DF    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2014-12-12 18:32:58    2EADED07BDA52C1FC5A6D4E1CC5858F0    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 18:32:57    F25284C763E728E4DAC248C211D1FC5B    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 18:32:56    F98B3860BB47089EA8C1504F043E90E9    342200    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 18:32:56    F34F6DC38A21FCDBB50CDD1EE97B1EA3    1307136    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2014-12-12 18:32:56    2ABC5587D582ACCEA30B4CF968C2A4A5    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 18:32:55    D7A98A4CEA2E89F544065A00BF37FC10    688640    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 18:32:55    69AC6FD5B0B4DC963723E1EBDEE10A2C    285696    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 18:32:54    DEB9476A3CD1A5819DD4504BB7C6BA66    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 18:32:54    220505B0B3E96C857DD01729AF0CD369    19749376    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2014-12-12 18:32:53    F0BCBD8FCDA145EED53ED66C45CC378B    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2014-12-12 18:32:53    41AFA61E061E98E97272AC02184C8C2C    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 18:32:52    543ADCEA31CF9C2B4EEB900D4AAFD0F9    2052096    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 18:32:51    EC5A3E4E21079B9D423AA0760828D678    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 18:32:51    D90585C3BE942DAAFBDC868FDC061844    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 18:32:51    759E2FAD5371512C6679FA346719493E    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 18:32:51    01777AB557997E98691E322225314E57    2277888    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2014-12-12 18:32:49    CF9D05678B02B44FBC8D8AD8C9F30D58    478208    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2014-12-12 18:32:49    35BD045804B67E78F4CAB72CB820AF7F    418304    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 18:32:48    B59E370277EDB6643083B62297175628    12836864    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2014-12-12 18:32:45    F728E7E9937117E0F32F39840EB6D737    4299264    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2014-12-12 18:32:45    2E9E105037AC1274656C3D1125323352    1155072    ----a-w-    C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 18:32:44    5E4E0E43E0A5BF9F089696DFA7A3D677    1888256    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2014-12-12 18:32:44    37F078B5B435AFC6BF316F2AD14B469A    501248    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2014-12-12 18:32:43    29CED1A4777A43526A4ED8A7B6936883    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 18:32:42    930F63D6BC43D4BCD937DFCECDA95F82    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2014-12-12 18:31:07    9EA3783672D21817B9DF1061B54C3B3C    155136    ----a-w-    C:\Windows\SysWOW64\charmap.exe
2014-12-12 18:31:05    1DE9BD23AFA36150586C732D876D9B74    1177088    ----a-w-    C:\Windows\SysWOW64\WsmSvc.dll
2014-12-12 18:31:04    B975C202F590BBC5AA63225FBD148791    198656    ----a-w-    C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 18:31:04    B6AC69FFBAA159DD5CEED814245A286D    214016    ----a-w-    C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-12 18:31:04    5D9A1A3E5824CECE65871C60E5A08A1A    145920    ----a-w-    C:\Windows\SysWOW64\WsmAuto.dll
2014-12-12 18:31:04    2C28FEC61C4AC68480A99CB7AA197FA9    248832    ----a-w-    C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-12 18:30:54    50C73E54062BA252350F3F29580E28DA    2048    ----a-w-    C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-12-12 18:37:06    6E1DDE0E72FB8268F42F6777CE4C5036    4121600    ----a-w-    C:\Windows\Sysnative\mf.dll
2014-12-12 18:33:22    F0356290BA3940F31AFF5566501495F7    192000    ----a-w-    C:\Windows\Sysnative\aepic.dll
2014-12-12 18:33:22    985558125FEEC89AB4AD142158B066D7    830976    ----a-w-    C:\Windows\Sysnative\appraiser.dll
2014-12-12 18:33:22    8E64BB62AB3810D3C29ED50C405AD3BD    1232040    ----a-w-    C:\Windows\Sysnative\aitstatic.exe
2014-12-12 18:33:21    E00981CF227CEEBE7B5A8D99C76D1116    741376    ----a-w-    C:\Windows\Sysnative\invagent.dll
2014-12-12 18:33:21    D257AF48934D2167BE15AA4008176381    1083392    ----a-w-    C:\Windows\Sysnative\aeinv.dll
2014-12-12 18:33:18    DAF13A81A5FC895D68B1D9A72F65F4CB    413184    ----a-w-    C:\Windows\Sysnative\generaltel.dll
2014-12-12 18:33:16    5CD6E919CE938A98AB25A2EA2C8C4EDA    227328    ----a-w-    C:\Windows\Sysnative\aepdu.dll
2014-12-12 18:33:11    A9A0BFD706B3A24C403EEFEB0790D011    1424384    ----a-w-    C:\Windows\Sysnative\WindowsCodecs.dll
2014-12-12 18:32:58    D471F7A428C21DB04D810445D12D68E0    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2014-12-12 18:32:58    0FABE2AB8CA2D5CC7C95798533B4D057    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2014-12-12 18:32:57    39B512C643812FC2D4843C0D4206C759    718848    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2014-12-12 18:32:57    077AEB068A51B396F25BBCAB0944FC3A    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2014-12-12 18:32:56    F987718A5CA053DC23E94A531F1754A4    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2014-12-12 18:32:55    9F07E8FC75C5F98A783ABFD3005EFC22    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-12-12 18:32:52    E7A2061ADF0F4D430FECDA1E8D6B7BA6    1548288    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2014-12-12 18:32:52    5BF0BAA1E5EF724287565E97C9219254    389296    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2014-12-12 18:32:51    B4E481E9498CE22113628C4E9EA24427    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2014-12-12 18:32:50    EBC8C9F61F4C148B8C6A28EDE80C51E4    968704    ----a-w-    C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-12-12 18:32:49    14BA910E7731FC84EB85328BD0F1EE81    800768    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2014-12-12 18:32:49    0AF0AEF0BA9EF6169E61C78504DCAE55    316928    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2014-12-12 18:32:48    23AE7A3B44D5C550B81347288CE3230E    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2014-12-12 18:32:47    EFBA893429814EA3244C87C2D1256618    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2014-12-12 18:32:46    982B871A25B5078093FAD82D0AB0E3FC    2885120    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2014-12-12 18:32:46    3FE71E2A5BD3EC652E64FC8BCEFEDD2C    2125312    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2014-12-12 18:32:44    DFECAE6D925FBC9078870E16F98C471F    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2014-12-12 18:32:44    5F24313333AB409251152CAFADA40015    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2014-12-12 18:32:41    F7CCA58B973FB5EAED8D1F12DD3E51F6    490496    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2014-12-12 18:32:41    8EF01E2EF21D41A23FF70B28179F9ABE    633856    ----a-w-    C:\Windows\Sysnative\ieui.dll
2014-12-12 18:32:40    556D271F4243B273EDA353512BF3608A    14412800    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2014-12-12 18:32:39    DB10D681314714E0D4623E4C0CF6654A    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2014-12-12 18:32:39    7AC115968B8856004920057B2271224C    1359360    ----a-w-    C:\Windows\Sysnative\mshtmlmedia.dll
2014-12-12 18:32:39    021DFF3CB0ADCD19B3AAA00A650FDEE2    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2014-12-12 18:32:38    8D64466AD12CA5677CD0099C43C58569    6039552    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2014-12-12 18:32:38    1D294810D3A8A8F722E86AA001F54DCC    580096    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2014-12-12 18:32:37    4AF089160FE082E5EA5C4AA72782DCA2    2358272    ----a-w-    C:\Windows\Sysnative\wininet.dll
2014-12-12 18:32:34    89296EF4A3729A049DA25B7D67A04078    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2014-12-12 18:32:34    17A157A4225CF562202AC71DB8103177    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2014-12-12 18:32:32    D478A4CF07FB8ADF72FB16B88E8030B8    25059840    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2014-12-12 18:31:08    36E5E9D0400475230A7F57F274B88321    165888    ----a-w-    C:\Windows\Sysnative\charmap.exe
2014-12-12 18:31:05    FDEB5EE2E4DB9DE9251DDAF6A5BCA070    346624    ----a-w-    C:\Windows\Sysnative\WSManMigrationPlugin.dll
2014-12-12 18:31:05    D929ABD465A2DED963DA8B30946A8D5C    2020352    ----a-w-    C:\Windows\Sysnative\WsmSvc.dll
2014-12-12 18:31:05    5C642B7B0365305451D579F3EFAD57D4    310272    ----a-w-    C:\Windows\Sysnative\WsmWmiPl.dll
2014-12-12 18:31:05    41457C1909F6D1100C0F9B9CFF7960FC    266240    ----a-w-    C:\Windows\Sysnative\WSManHTTPConfig.exe
2014-12-12 18:31:04    9B44CABE3536D0E3BF627176318AAFC9    181248    ----a-w-    C:\Windows\Sysnative\WsmAuto.dll
2014-12-12 18:30:54    A026998E927FD2095505154CBD72F35B    2048    ----a-w-    C:\Windows\Sysnative\tzres.dll
2014-12-12 18:21:22    6663B30328C239D2AB10D2583054CF2E    364512    ----a-w-    C:\Windows\Sysnative\aswBoot.exe
2014-12-10 02:37:09    4253086737D81D7C9C160FDE6C037F44    396800    ----a-w-    C:\Windows\Sysnative\devinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-12-12 18:33:05    70988118145F5F10EF24720B97F35F65    119296    ----a-w-    C:\Windows\Sysnative\drivers\tdx.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-15 02:31:34    --------    d-----w-    C:\Program Files\trend micro
2014-11-17 06:27:06    --------    d-----w-    C:\Program Files\Canon
2014-11-17 06:25:48    --------    d--h--w-    C:\Program Files\CanonBJ
======= C:\PROGRA~2 =====
2014-11-30 09:38:27    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
2014-11-17 06:24:15    --------    d-----w-    C:\PROGRA~2\Canon
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2014-11-18 09:37:21    --------    d-sh--w-    C:\Users\User\AppData\Locallow\EmieBrowserModeList
2014-11-17 06:48:59    --------    d-----w-    C:\Users\User\AppData\Roaming\Canon
2014-11-17 06:30:55    --------    d-----w-    C:\Users\User\AppData\Locallow\Canon Easy-WebPrint EX2
2014-11-17 06:30:55    --------    d-----w-    C:\Users\User\AppData\Locallow\Canon Easy-WebPrint EX
2014-11-17 04:44:08    --------    d-sh--w-    C:\Users\User\AppData\Local\EmieBrowserModeList
====== C:\Users\User ======
2014-12-15 02:29:20    8045ABB21A3BDD66A48E1ED5C0F0EF6A    1222144    ----a-w-    C:\Users\User\Downloads\RSITx64.exe
2014-12-14 16:21:07    0A2DC6C6868D071352D25A4B475ECCB2    32814675    ----a-w-    C:\Users\User\Downloads\K-Lite_Codec_Pack_1085_Full.exe
2014-11-17 06:51:55    --------    d--h--w-    C:\ProgramData\CanonIJMIG
2014-11-17 06:49:28    --------    d-----w-    C:\ProgramData\CanonIJPLM
2014-11-17 06:49:11    --------    d--h--w-    C:\ProgramData\CanonIJScan
2014-11-17 06:48:56    --------    d--h--w-    C:\ProgramData\CanonIJQuickMenu
2014-11-17 06:31:06    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG2500 series
2014-11-17 06:30:08    --------    d-----w-    C:\ProgramData\CanonIJWSpt
2014-11-17 06:27:15    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-17 06:26:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series Manual
2014-11-17 06:26:28    --------    d--h--w-    C:\ProgramData\CanonBJ

====== C: exe-files ==
2014-12-15 02:31:34    9A2347903D6EDB84C10F288BC0578C1C    388608    ----a-w-    C:\Program Files\trend micro\User.exe
2014-12-15 02:29:20    8045ABB21A3BDD66A48E1ED5C0F0EF6A    1222144    ----a-w-    C:\Users\User\Downloads\RSITx64.exe
2014-12-14 16:21:07    0A2DC6C6868D071352D25A4B475ECCB2    32814675    ----a-w-    C:\Users\User\Downloads\K-Lite_Codec_Pack_1085_Full.exe
2014-12-12 18:33:22    8E64BB62AB3810D3C29ED50C405AD3BD    1232040    ----a-w-    C:\Windows\System32\aitstatic.exe
2014-12-12 18:33:22    65536EB5F53B76562BBE0DE332A8BA3C    66216    ----a-w-    C:\Windows\System32\CompatTel\diagtrackrunner.exe
2014-12-12 18:33:15    CCEE34CF7D700825AD839FAB298A0129    46760    ----a-w-    C:\Windows\System32\CompatTel\wicainventory.exe
2014-12-12 18:33:15    A192555B09BD2A45940D7E449F311AF6    161960    ----a-w-    C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-12-12 18:32:58    0FABE2AB8CA2D5CC7C95798533B4D057    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-12-12 18:32:57    A8A8FD02E3A9264A603892DE1F522166    221184    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-12-12 18:32:57    39B512C643812FC2D4843C0D4206C759    718848    ----a-w-    C:\Windows\System32\ie4uinit.exe
2014-12-12 18:32:53    B7BCC767AC0E76384BCDC292184DD8C8    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-12 18:32:52    43CE0C99DBC0F96DB2B7259B0BE0930E    468992    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-12-12 18:32:51    D90585C3BE942DAAFBDC868FDC061844    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 18:32:51    A24BFBAE8B50A6780B68FF3673FAB52F    815280    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-12-12 18:32:50    EBC8C9F61F4C148B8C6A28EDE80C51E4    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-12 18:32:47    C3D17F3199D39A2AB85956A63731F188    484352    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-12 18:32:45    2A9DA9E7462EBA3F6D2036E8D18FF773    813744    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-12-12 18:32:44    5F24313333AB409251152CAFADA40015    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-12 18:31:08    36E5E9D0400475230A7F57F274B88321    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-12-12 18:31:07    9EA3783672D21817B9DF1061B54C3B3C    155136    ----a-w-    C:\Windows\SysWOW64\charmap.exe
2014-12-12 18:31:05    41457C1909F6D1100C0F9B9CFF7960FC    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-12-12 18:31:04    B975C202F590BBC5AA63225FBD148791    198656    ----a-w-    C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-12 18:30:54    BE8F985609BE0809B7E29960AC997511    49664    ----a-w-    C:\Windows\servicing\GC64\tzupd.exe
2014-12-12 18:21:22    6663B30328C239D2AB10D2583054CF2E    364512    ----a-w-    C:\Windows\System32\aswBoot.exe
=== C: other files ==
2014-12-12 18:33:05    70988118145F5F10EF24720B97F35F65    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover"
"AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CamserviceOG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CamserviceOG"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hercules\\Hercules Optical Glass\\XtrCtrlEx.exe /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonQuickMenu"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPADVISOR"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/12/2014 19:26]
C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [02/07/2009 12:04]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{30D1319F-78B2-4244-889F-DB8772A05CF6}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [12/12/2014 19:20]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\actsc9ga.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3bcnw6i.default-1399439885221
- Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
- Undetermined - wrc@avast.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\l3bcnw6i.default-1399439885221
424899266BA430CCE5DDB6C1B4BE1B99    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll -    Shockwave Flash
2EE9DCAE1D70ABF4D058688DE35F8221    - C:\Windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.250.16
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[14/11/2014 06:57]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://be.msn.com/default.aspx"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Presario&pf=cndt"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://be.msn.com/default.aspx"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{D8B354F1-BCC9-4537-915B-19C8D6C9F316} Google  Url="http://www.google.nl/search?hl=nl&q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\l3bcnw6i.default-1399439885221\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=2 33224 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 15/12/2014 at  9:22:28,61 ======================
 

Link naar reactie
Delen op andere sites

Nu nog eens AdwCleaner erover ... en het boeltje is clean !

 

Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik op Scan.
  • Klik vervolgens op Clean.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.
Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

  • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.
aangepast door kape
Link naar reactie
Delen op andere sites

Hier het logje van adwcleaner

 

# AdwCleaner v4.105 - Rapport aangemaakt 15/12/2014 op 12:10:17
# Laatste Update 08/12/2014 door Xplode
# Database : 2014-12-13.4 [Live]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : User - USER-PC
# Gestart vanuit : C:\Users\User\Downloads\adwcleaner_4.105.exe
# Optie : Verwijderen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****


***** [ Taken ] *****


***** [ Snelkoppelingen ] *****


***** [ Register ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0 (x86 nl)


*************************

AdwCleaner[R0].txt - [775 octets] - [15/12/2014 12:06:28]
AdwCleaner[s0].txt - [700 octets] - [15/12/2014 12:10:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [759 octets] ##########
 

Link naar reactie
Delen op andere sites

Zo clean als maar zijn kan. Nu nog even de gebruikte tools verwijderen ... en dit zaakje is afgehandeld :D

 

Download delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen

aangepast door kape
Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.