Ga naar inhoud

gevaarlijk spam probleem

moederjeanne
 Delen

Aanbevolen berichten

  • Reacties 31
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

moederjeanne Enthousiasteling

moederjeanne

Geplaatst:
  • Auteur
Geplaatst:
Logfile of random's system information tool 1.10 (written by random/random)

Run by moederjeanne at 2015-04-24 12:41:23

Microsoft Windows 8.1 

System drive C: has 691 GB (74%) free of 936 GB

Total RAM: 15813 MB (89% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:41:26, on 24/04/2015

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files\trend micro\moederjeanne.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

 

--

End of file - 7775 bytes

 

======Listing Processes======

 

 

 

 

 

wininit.exe

 

winlogon.exe

 

C:\Windows\system32\lsass.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"dwm.exe"

"C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe"

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

atieclxx

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"

"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service

"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service

"C:\Program Files\Elantech\ETDService.exe"

dashost.exe {29856568-bd70-434b-962ff7fc76381898}

"C:\Windows\system32\mfevtps.exe"

"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"

"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"

"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=4332003c-d1c9-4e56-a59b-4c6910c1cf20 /coreSdkOptions=4126 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\790fe54c-2b46-4407-927a-ae639a008519-b14-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" /logPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log\"

"C:\Program Files\Elantech\ETDCtrl.exe"

taskhostex.exe 

C:\Windows\Explorer.EXE

"C:\Program Files\Elantech\ETDTouch.exe" 

"C:\Program Files\Elantech\ETDCtrlHelper.exe" 

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\skydrive.exe -Embedding

"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" 

"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=6e790638-a136-440b-a304-aa27b5226711 /coreSdkOptions=4114 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\35b8534b-66cb-4431-9811-a217cbcdb17a-8b4-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\System32\SettingSyncHost.exe" -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://mail.telenet.be/zimbra/mail?client=advanced&null=#1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5288.0.745755188\845522813" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,41 --gpu-vendor-id=0x1002 --gpu-device-id=0x9830 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.152.1.3000 --ignored=" --type=renderer " /prefetch:822062411

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BackgroundRendererProcesses/Disallow/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Preperiod_A4_StableBookmarksIndexURLs/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UwSInterstitialStatus/On/V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5288 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="5288.1.108222010\864659064" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=nl --force-fieldtrials="BackgroundRendererProcesses/Disallow/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Preperiod_A4_StableBookmarksIndexURLs/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Default/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/*UwSInterstitialStatus/On/*V8CacheOptions/default/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/*Win32kLockdown/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5288 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="5288.2.871167226\519859271" /prefetch:673131151

"C:\Program Files (x86)\Nero\Update\NASvc.exe"

"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" 

 

"C:\Users\moederjeanne\Desktop\map anti virussen\anti spam\RSITx64.exe" 

C:\Windows\system32\wbem\wmiprvse.exe

 

======Scheduled tasks folder======

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-09-06 2890056]

"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-27 13647576]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-09-07 132736]

 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-09-25 766208]

"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-12-16 5188112]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]

 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2013-09-07 132736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLinkedConnections"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"VIDC.YUY2"=msyuv.dll

"vidc.i420"=iyuv_32.dll

"msacm.msgsm610"=msgsm32.acm

"msacm.msg711"=msg711.acm

"VIDC.YVYU"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"wavemapper"=msacm32.drv

"midimapper"=midimap.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"vidc.msvc"=msvidc32.dll

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"VIDC.CFHD"=CFHD.dll

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 month======

 

2015-04-24 11:24:21 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys

2015-04-24 11:24:04 ----D---- C:\ProgramData\Malwarebytes

2015-04-24 11:24:04 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-24 11:24:04 ----A---- C:\Windows\system32\drivers\mwac.sys

2015-04-24 11:24:04 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys

2015-04-24 11:24:04 ----A---- C:\Windows\system32\drivers\mbam.sys

2015-04-24 09:29:03 ----D---- C:\Program Files\trend micro

2015-04-24 09:29:02 ----D---- C:\rsit

2015-04-17 14:16:54 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2015-04-16 21:58:17 ----D---- C:\Windows\system32\appraiser

2015-04-15 09:05:16 ----A---- C:\Windows\system32\ntoskrnl.exe

2015-04-15 09:05:16 ----A---- C:\Windows\system32\ntdll.dll

2015-04-15 09:05:15 ----A---- C:\Windows\SYSWOW64\tdh.dll

2015-04-15 09:05:15 ----A---- C:\Windows\SYSWOW64\ntdll.dll

2015-04-15 09:05:15 ----A---- C:\Windows\system32\tdh.dll

2015-04-15 09:05:15 ----A---- C:\Windows\system32\sechost.dll

2015-04-15 09:05:14 ----A---- C:\Windows\SYSWOW64\sechost.dll

2015-04-15 09:05:14 ----A---- C:\Windows\system32\wow64.dll

2015-04-15 09:05:14 ----A---- C:\Windows\system32\tracerpt.exe

2015-04-15 09:05:14 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll

2015-04-15 09:05:13 ----A---- C:\Windows\SYSWOW64\tracerpt.exe

2015-04-15 09:05:13 ----A---- C:\Windows\system32\wow64cpu.dll

2015-04-15 09:05:04 ----A---- C:\Windows\SYSWOW64\msctf.dll

2015-04-15 09:05:04 ----A---- C:\Windows\system32\msctf.dll

2015-04-15 09:05:02 ----A---- C:\Windows\system32\lsm.dll

2015-04-15 09:05:00 ----A---- C:\Windows\SYSWOW64\pku2u.dll

2015-04-15 09:05:00 ----A---- C:\Windows\system32\pku2u.dll

2015-04-15 09:04:58 ----A---- C:\Windows\system32\drivers\http.sys

2015-04-15 09:04:57 ----A---- C:\Windows\system32\drivers\clfs.sys

2015-04-15 09:04:57 ----A---- C:\Windows\system32\clfsw32.dll

2015-04-15 09:04:56 ----A---- C:\Windows\SYSWOW64\clfsw32.dll

2015-04-15 09:04:48 ----A---- C:\Windows\system32\mshtml.dll

2015-04-15 09:04:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2015-04-15 09:04:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2015-04-15 09:04:43 ----A---- C:\Windows\system32\jscript9.dll

2015-04-15 09:04:42 ----A---- C:\Windows\system32\ieframe.dll

2015-04-15 09:04:41 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2015-04-15 09:04:40 ----A---- C:\Windows\SYSWOW64\wininet.dll

2015-04-15 09:04:40 ----A---- C:\Windows\system32\wininet.dll

2015-04-15 09:04:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2015-04-15 09:04:39 ----A---- C:\Windows\system32\iertutil.dll

2015-04-15 09:04:39 ----A---- C:\Windows\system32\ie4uinit.exe

2015-04-15 09:04:38 ----A---- C:\Windows\SYSWOW64\inetcomm.dll

2015-04-15 09:04:38 ----A---- C:\Windows\system32\urlmon.dll

2015-04-15 09:04:38 ----A---- C:\Windows\system32\mshtmled.dll

2015-04-15 09:04:38 ----A---- C:\Windows\system32\inetcomm.dll

2015-04-15 09:04:37 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2015-04-15 09:04:37 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2015-04-15 09:04:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2015-04-15 09:04:37 ----A---- C:\Windows\SYSWOW64\jscript.dll

2015-04-15 09:04:37 ----A---- C:\Windows\system32\vbscript.dll

2015-04-15 09:04:37 ----A---- C:\Windows\system32\msfeeds.dll

2015-04-15 09:04:37 ----A---- C:\Windows\system32\jscript.dll

2015-04-15 09:04:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2015-04-15 09:04:36 ----A---- C:\Windows\system32\ieapfltr.dll

2015-04-15 09:03:32 ----A---- C:\Windows\system32\wuaueng.dll

2015-04-15 09:03:31 ----A---- C:\Windows\SYSWOW64\wuapi.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\WUSettingsProvider.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\wups2.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\wups.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\wucltux.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\wuauclt.exe

2015-04-15 09:03:31 ----A---- C:\Windows\system32\wuapi.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\wu.upgrade.ps.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\WinSetupUI.dll

2015-04-15 09:03:31 ----A---- C:\Windows\system32\storewuauth.dll

2015-04-15 09:03:30 ----A---- C:\Windows\SYSWOW64\wuwebv.dll

2015-04-15 09:03:30 ----A---- C:\Windows\SYSWOW64\wups.dll

2015-04-15 09:03:30 ----A---- C:\Windows\SYSWOW64\wudriver.dll

2015-04-15 09:03:30 ----A---- C:\Windows\SYSWOW64\wuapp.exe

2015-04-15 09:03:30 ----A---- C:\Windows\system32\wuwebv.dll

2015-04-15 09:03:30 ----A---- C:\Windows\system32\wudriver.dll

2015-04-15 09:03:30 ----A---- C:\Windows\system32\wuapp.exe

2015-04-15 09:03:23 ----A---- C:\Windows\system32\invagent.dll

2015-04-15 09:03:23 ----A---- C:\Windows\system32\generaltel.dll

2015-04-15 09:03:23 ----A---- C:\Windows\system32\devinv.dll

2015-04-15 09:03:23 ----A---- C:\Windows\system32\appraiser.dll

2015-04-15 09:03:23 ----A---- C:\Windows\system32\aepdu.dll

2015-04-15 09:03:23 ----A---- C:\Windows\system32\acmigration.dll

2015-04-15 09:03:22 ----A---- C:\Windows\system32\aepic.dll

2015-04-15 09:03:22 ----A---- C:\Windows\system32\aeinv.dll

2015-04-10 10:28:08 ----D---- C:\ProgramData\GridinSoft

2015-04-09 22:28:43 ----D---- C:\Program Files (x86)\KeeppeorusEXt

2015-04-05 13:01:21 ----SD---- C:\Windows\SYSWOW64\GWX

2015-04-05 13:01:21 ----SD---- C:\Windows\system32\GWX

 

======List of files/folders modified in the last 1 month======

 

2015-04-24 12:37:24 ----D---- C:\Windows\Temp

2015-04-24 12:27:23 ----D---- C:\Windows\Prefetch

2015-04-24 12:16:56 ----D---- C:\Windows\system32\drivers

2015-04-24 12:16:25 ----D---- C:\Windows\twain_32

2015-04-24 12:16:24 ----D---- C:\Program Files (x86)\Mozilla Firefox

2015-04-24 12:00:00 ----D---- C:\Windows\system32\sru

2015-04-24 11:56:24 ----D---- C:\Windows\system32\DriverStore

2015-04-24 11:44:51 ----D---- C:\Windows\system32\config

2015-04-24 11:24:04 ----HD---- C:\ProgramData

2015-04-24 11:24:04 ----D---- C:\Program Files (x86)

2015-04-24 11:14:31 ----D---- C:\ProgramData\MFAData

2015-04-24 10:45:09 ----D---- C:\AdwCleaner

2015-04-24 10:13:07 ----D---- C:\Windows\Microsoft.NET

2015-04-24 09:30:01 ----SHD---- C:\Windows\Installer

2015-04-24 09:30:01 ----SHD---- C:\Config.Msi

2015-04-24 09:29:03 ----RD---- C:\Program Files

2015-04-24 09:25:21 ----D---- C:\Program Files (x86)\Google

2015-04-24 09:25:01 ----D---- C:\Windows\Tasks

2015-04-24 09:25:01 ----D---- C:\Windows\system32\Tasks

2015-04-24 07:43:02 ----D---- C:\Users\moederjeanne\AppData\Roaming\Skype

2015-04-23 19:40:38 ----D---- C:\Windows\rescache

2015-04-23 19:38:54 ----SHD---- C:\System Volume Information

2015-04-23 16:29:54 ----RD---- C:\Windows\System32

2015-04-23 16:29:54 ----D---- C:\Windows\Inf

2015-04-23 16:29:54 ----A---- C:\Windows\system32\PerfStringBackup.INI

2015-04-23 09:34:14 ----HD---- C:\Program Files\WindowsApps

2015-04-23 09:34:14 ----D---- C:\Windows\AppReadiness

2015-04-21 10:57:46 ----RSD---- C:\Windows\assembly

2015-04-21 10:55:46 ----D---- C:\Windows\AppCompat

2015-04-17 19:03:58 ----D---- C:\Users\moederjeanne\AppData\Roaming\uTorrent

2015-04-17 14:16:58 ----D---- C:\Windows\WinSxS

2015-04-17 14:16:54 ----D---- C:\Windows\SysWOW64

2015-04-16 21:58:18 ----D---- C:\Windows\system32\nl-NL

2015-04-16 21:58:18 ----D---- C:\Windows\system32\en-US

2015-04-16 21:58:17 ----SD---- C:\Windows\system32\CompatTel

2015-04-16 21:58:17 ----SD---- C:\ProgramData\Microsoft

2015-04-16 21:58:17 ----D---- C:\Windows\system32\wbem

2015-04-16 21:58:17 ----D---- C:\Windows\apppatch

2015-04-16 21:58:16 ----D---- C:\Windows\SYSWOW64\nl-NL

2015-04-16 21:58:16 ----D---- C:\Program Files\Internet Explorer

2015-04-16 20:59:38 ----D---- C:\Windows\CbsTemp

2015-04-15 17:45:45 ----D---- C:\ProgramData\Microsoft Help

2015-04-15 17:44:59 ----D---- C:\Windows\system32\MRT

2015-04-15 17:36:06 ----A---- C:\Windows\system32\MRT.exe

2015-04-15 17:28:13 ----A---- C:\Windows\win.ini

2015-04-15 09:03:01 ----A---- C:\Windows\system32\wuaext.dll

2015-04-10 11:38:55 ----D---- C:\Windows\debug

2015-04-10 10:59:43 ----D---- C:\Windows

2015-04-09 23:32:08 ----D---- C:\Windows\SoftwareDistribution

2015-04-09 23:12:44 ----D---- C:\Program Files (x86)\AVS4YOU

2015-04-09 23:05:14 ----D---- C:\ProgramData\AVG2014

2015-04-09 23:03:27 ----D---- C:\Users\moederjeanne\AppData\Roaming\DAEMON Tools Lite

2015-04-09 22:53:09 ----D---- C:\ProgramData\Skype

2015-04-09 22:53:03 ----RD---- C:\Program Files (x86)\Skype

2015-04-09 22:49:39 ----D---- C:\Program Files (x86)\Common Files

2015-04-07 11:16:53 ----D---- C:\Windows\system32\catroot2

2015-04-05 13:02:17 ----D---- C:\Windows\Logs

2015-03-30 09:52:45 ----D---- C:\Windows\system32\NDF

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-17 190744]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-06-17 328984]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-10-29 123672]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512]

R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2013-08-07 776168]

R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2013-08-07 343568]

R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-30 152344]

R1 Avgfwfd;@oem24.inf,%AvgfwfdService_Desc%;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-07-21 244504]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-10-24 237848]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-12-08 52000]

R1 Avgwfpa;AVG Firewall Driver; C:\Windows\system32\DRIVERS\avgwfpa.sys [2014-06-30 270104]

R1 dtsoftbus01;@oem20.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2014-07-07 283064]

R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]

R2 APXACC;@oem4.inf,%APPEX_ACC_SERVICE_NAME%;AppEx Networks Accelerator LWF; C:\Windows\system32\DRIVERS\appexDrv.sys [2013-04-18 219360]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-09-26 12533760]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-09-26 619008]

R3 athr;@oem7.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-08-16 3859968]

R3 AtiHDAudioService;@oem3.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWB6.sys [2013-06-23 138240]

R3 BTATH_BUS;@oem8.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-07 34384]

R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-09-07 594120]

R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]

R3 ETD;@oem5.inf,%PS2.DeviceDesc%;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2013-09-06 370504]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-27 3613528]

R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-04-24 129752]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2013-08-07 310224]

R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2013-08-07 519064]

R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]

R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]

S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\Windows\system32\DRIVERS\avgboota.sys [2013-09-04 20496]

S0 mfeelamk;McAfee Inc. mfeelamk; C:\Windows\system32\drivers\mfeelamk.sys [2013-08-07 69264]

S3 AthBTPort;@oem11.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-07 89800]

S3 BTATH_A2DP;@oem10.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-07 338120]

S3 btath_avdt;@oem10.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-07 116424]

S3 BTATH_HCRP;@oem13.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-07 179432]

S3 BTATH_LWFLT;@oem15.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-07 77464]

S3 BTATH_RCP;@oem17.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-07 137928]

S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator-service; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]

S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy-stuurprogramma; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]

S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth-apparaat (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2014-07-24 118272]

S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2014-10-29 1198080]

S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2013-08-07 70112]

S3 dg_ssudbus;@oem21.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]

S3 LMDriver;@oem1.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\Windows\System32\drivers\LMDriver.sys [2013-07-17 21360]

S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2013-08-07 179664]

S3 RadioShim;@oem1.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\Windows\System32\drivers\RadioShim.sys [2013-07-17 14680]

S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]

S3 ssudmdm;@oem23.inf,%ssud.Service.Name%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]

S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver; C:\Windows\system32\DRIVERS\gtkdrv.sys [2015-01-27 17568]

S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Stuurprogramma voor USB-scanner; C:\Windows\System32\drivers\usbscan.sys [2014-10-29 44544]

S3 WDC_SAM;@oem12.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-01-27 14464]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-09-26 239616]

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-09-07 312448]

R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-12-16 1417160]

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-12-16 3247120]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-12-16 289328]

R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]

R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]

R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2013-09-06 101192]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-08-07 219272]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2013-08-07 182752]

R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]

R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24 107848]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]

S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]

S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24 107848]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]

S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

 

-----------------EOF-----------------
Link naar reactie
Delen op andere sites
Jion Grootmeester

Jion

Geplaatst:
Geplaatst:

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie).

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.


C:\Program Files (x86)\KeeppeorusEXt;fs
autoclean;
emptyfolderscheck;delete
emptyclsid;
startupall;
filesrcm;
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.


Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites
moederjeanne Enthousiasteling

moederjeanne

Geplaatst:
  • Auteur
Geplaatst:
Zoek.exe v5.0.0.0 Updated 23-04-2015

Tool run by moederjeanne on vr 24/04/2015 at 14:09:05,08.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\moederjeanne\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

24/04/2015 14:12:22 Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\AVS4YOU deleted successfully

C:\PROGRA~2\WildTangent Games deleted successfully

C:\Program Files\Fotoservice deleted successfully

C:\PROGRA~3\OEM deleted successfully

C:\Users\moederjeanne\AppData\Local\MediaShow deleted successfully

C:\Users\moederjeanne\AppData\Local\MigWiz deleted successfully

C:\Users\moederjeanne\AppData\Local\Unity deleted successfully

C:\Users\ruth\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully

 

==== FireFox Fix ======================

 

ProfilePath: C:\Users\MOEDER~1\AppData\Roaming\Mozilla\Firefox\Profiles\so4plgdq.default

 

user.js not found

---- Lines extensions.096vtznLhtsYeNmi removed from prefs.js ----

user_pref("extensions.096vtznLhtsYeNmi.epoch", "1429946194");


---- FireFox user.js and prefs.js backups ---- 

 

prefs_20152404_1443_.backup

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\AVS4YOU not found

C:\PROGRA~2\WildTangent Games not found

C:\PROGRA~2\KeeppeorusEXt deleted

C:\Users\moederjeanne\AppData\Local\AVG Web TuneUp deleted

C:\Users\ruth\AppData\Local\AVG Web TuneUp deleted

C:\PROGRA~2\AVG Web TuneUp deleted

C:\Program Files\AVG Web TuneUp deleted

C:\Users\moederjeanne\AppData\Roaming\appdataFr3.bin deleted

C:\PROGRA~3\AVG Web TuneUp deleted

C:\PROGRA~3\Avg_Update_0215tb deleted

C:\PROGRA~3\Avg_Update_1214tb deleted

C:\PROGRA~3\Package Cache deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\moederjeanne\Downloads\ReimageRepair.exe deleted

C:\Users\moederjeanne\AppData\LocalLow\AVG Web TuneUp deleted

C:\Users\ruth\AppData\LocalLow\AVG Web TuneUp deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted

C:\Users\MOEDER~1\AppData\Roaming\Mozilla\Firefox\Profiles\so4plgdq.default\extensions\ekWne@1.org deleted

"C:\Windows\Installer\dcbf2.msi" deleted

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\MOEDER~1\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2015-04-17 12:16:54 AF8B7B22592C5AC6319102D5AED5EF84 178168 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-17 12:16:54 14D380006B9105D2E75033566559C593 792056 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-15 07:05:15 374FD87A72F8FEFF75B8AD7BBBF7A7D0 1498872 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2015-04-15 07:05:15 1663E8E480EDD51FEEFDAF46E3949A9C 749568 ----a-w- C:\Windows\SysWOW64\tdh.dll

2015-04-15 07:05:14 A2AE5C4AE0E64B39687EBD015293A531 257216 ----a-w- C:\Windows\SysWOW64\sechost.dll

2015-04-15 07:05:13 C1A8175D03884045F1D266D3D8B902DC 369152 ----a-w- C:\Windows\SysWOW64\tracerpt.exe

2015-04-15 07:05:04 46DE9C72EE0F23B9AB6A625214C16FE3 1124352 ----a-w- C:\Windows\SysWOW64\msctf.dll

2015-04-15 07:05:00 5E88986E655935B4D68B964A47A9BFB7 208896 ----a-w- C:\Windows\SysWOW64\pku2u.dll

2015-04-15 07:04:56 3E8FCF4A26FA1A75AEE64FBDE19A2290 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll

2015-04-15 07:04:46 2F42037DD6F2831332653EB7F35D7E9A 19695616 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2015-04-15 07:04:43 43A5A38E45F0D4FA02A0CCD51244AA17 4305408 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2015-04-15 07:04:41 AE8A9FCDC135F681EFE9135929CF4A7B 12825600 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2015-04-15 07:04:40 C46904F2E9E121A91DDDABB48D7648C3 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll

2015-04-15 07:04:39 77104FDBBD821F2D73338D9370675EF3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2015-04-15 07:04:38 65296F27564BFA862B12D8E42B11D14E 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll

2015-04-15 07:04:37 EC442CB6F2D08F4FAA6BA68A23B82383 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 07:04:37 9DE502561C39D71B174FE24541449F82 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll

2015-04-15 07:04:37 8127C2EE2E287BB3AB7843F9923B62BD 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2015-04-15 07:04:37 7776F3DA2B1AEDC2DA226F726B1E9A01 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2015-04-15 07:04:36 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf

2015-04-15 07:04:36 01C2BB4C13E6E0AF50867BCE8EE8A03E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2015-04-15 07:03:31 1F457FACEBEE5F9C3882163FF9A51AFC 721920 ----a-w- C:\Windows\SysWOW64\wuapi.dll

2015-04-15 07:03:30 A7964350B8F9E26679225CB897A522A4 124928 ----a-w- C:\Windows\SysWOW64\wuwebv.dll

2015-04-15 07:03:30 9C8D7CE66075A93954F3082CD6896F0D 81920 ----a-w- C:\Windows\SysWOW64\wudriver.dll

2015-04-15 07:03:30 307FED3A389198547D6446693E8FEFAA 27136 ----a-w- C:\Windows\SysWOW64\wups.dll

2015-04-15 07:03:30 1DAD87D13FE06EF4ECD873A1DDF445E3 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2015-04-15 07:05:16 7DB50C244AE8F15D62AD044B84824B69 7476032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2015-04-15 07:05:16 18F7A5A02CB66AC3E08B3B5DCD5BDBF4 1733952 ----a-w- C:\Windows\Sysnative\ntdll.dll

2015-04-15 07:05:15 9E23ACF90477AA76857130FD01EAE09B 950784 ----a-w- C:\Windows\Sysnative\tdh.dll

2015-04-15 07:05:15 50C5F7952F821EED8253BDC4203DECDB 360480 ----a-w- C:\Windows\Sysnative\sechost.dll

2015-04-15 07:05:14 D2451F8CF7EAA14531E3731C06D6D27E 246272 ----a-w- C:\Windows\Sysnative\microsoft-windows-system-events.dll

2015-04-15 07:05:14 AF4309E729C1943908E1E10DAEE42413 285184 ----a-w- C:\Windows\Sysnative\wow64.dll

2015-04-15 07:05:14 168ECAC2C72695D6F827050BE5386206 411648 ----a-w- C:\Windows\Sysnative\tracerpt.exe

2015-04-15 07:05:13 DB2A64D1A82226DCEFF4076725BD5577 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll

2015-04-15 07:05:04 3E9BB985DF2FF26CCE840DE1D24E9381 1385256 ----a-w- C:\Windows\Sysnative\msctf.dll

2015-04-15 07:05:02 9A7A7E45DAED2E8C2816716D8D28236A 780800 ----a-w- C:\Windows\Sysnative\lsm.dll

2015-04-15 07:05:00 31E9837295401C2470027AF7DD75C4D2 259072 ----a-w- C:\Windows\Sysnative\pku2u.dll

2015-04-15 07:04:57 EFC011253AE4F21DE600907AD9F0263D 75264 ----a-w- C:\Windows\Sysnative\clfsw32.dll

2015-04-15 07:04:48 DBC0C4554A8B2A81F68690D30F12C99E 24980480 ----a-w- C:\Windows\Sysnative\mshtml.dll

2015-04-15 07:04:43 AA0640B3252BB6E9F90715F79EE77399 6025216 ----a-w- C:\Windows\Sysnative\jscript9.dll

2015-04-15 07:04:42 FA10EC0F44A75511D13F9D93184CFC90 14397440 ----a-w- C:\Windows\Sysnative\ieframe.dll

2015-04-15 07:04:40 77B35D0FC22A2D2EAC8D07C3F9784DBF 2358784 ----a-w- C:\Windows\Sysnative\wininet.dll

2015-04-15 07:04:39 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2015-04-15 07:04:39 50B2A19B2FBFEFE0FFC537C1BA6C5DD9 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll

2015-04-15 07:04:38 EF1A03145BC0F28BC7604207A4CE29AB 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll

2015-04-15 07:04:38 3C9D34F1F5A2C6867ECC60026F1F6CB7 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll

2015-04-15 07:04:38 3457A873B2246B36F1FF58876841D7FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2015-04-15 07:04:37 E593E891B374088572AD021431EBC38B 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll

2015-04-15 07:04:37 9171D1A18B1185A78BA33FEE884B8912 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2015-04-15 07:04:37 2FB7437C878ED672C00C5EC8109411F4 816128 ----a-w- C:\Windows\Sysnative\jscript.dll

2015-04-15 07:04:36 3408F27ABC8B2426481306336F747949 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2015-04-15 07:04:36 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf

2015-04-15 07:03:32 5F3D70B19BCAC985DA90F22CA2FF45E4 3678720 ----a-w- C:\Windows\Sysnative\wuaueng.dll

2015-04-15 07:03:31 DDFFE37C690F8D0AB05309C11AE8A740 52224 ----a-w- C:\Windows\Sysnative\wups2.dll

2015-04-15 07:03:31 A6D023786B16C2C6FEC235A69F60A5B2 15360 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll

2015-04-15 07:03:31 A40A005B63E305A0509A69A604659944 133256 ----a-w- C:\Windows\Sysnative\wuauclt.exe

2015-04-15 07:03:31 8DE0A3EC9024DC2AF1DE8BDCE4AEA2C6 2373632 ----a-w- C:\Windows\Sysnative\wucltux.dll

2015-04-15 07:03:31 49B0AE13918B1456C1EFB284E4DC52D1 408064 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll

2015-04-15 07:03:31 47C04EEA5C1C3D27744E123F3AF25E57 891392 ----a-w- C:\Windows\Sysnative\wuapi.dll

2015-04-15 07:03:31 3BAAE060A97C0F9AD48AFE3330B577E5 267264 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll

2015-04-15 07:03:31 35FAB05339F7083611B12ED7143AFA81 200192 ----a-w- C:\Windows\Sysnative\storewuauth.dll

2015-04-15 07:03:31 1EB1732C67D40598222103776F7AF829 66048 ----a-w- C:\Windows\Sysnative\wups.dll

2015-04-15 07:03:30 BF5F10811E8249075D48153E8766184D 35840 ----a-w- C:\Windows\Sysnative\wuapp.exe

2015-04-15 07:03:30 A6B426B5502174F2FDC5D2CA174E6B6C 95744 ----a-w- C:\Windows\Sysnative\wudriver.dll

2015-04-15 07:03:30 4C6D7A1AA4EB4DA0382484ECF38040A7 140288 ----a-w- C:\Windows\Sysnative\wuwebv.dll

2015-04-15 07:03:23 BA93F0E6B27510746864DA8D26DD3852 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll

2015-04-15 07:03:23 9B8BE8DDC0D9CD6A4D2182196ABE99E2 419328 ----a-w- C:\Windows\Sysnative\devinv.dll

2015-04-15 07:03:23 813906D7D0A35CB7158C45E6568FA3DD 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll

2015-04-15 07:03:23 7F6FF3CFCE8A174BA6635FC1617E0F02 957440 ----a-w- C:\Windows\Sysnative\appraiser.dll

2015-04-15 07:03:23 1C6716A453FEB8DB6EE7A05E02CF5C6A 769024 ----a-w- C:\Windows\Sysnative\invagent.dll

2015-04-15 07:03:23 1588D38241818380E156613D29C1C303 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll

2015-04-15 07:03:22 EE5ED8E6998D7E686F614BA8D876829B 192000 ----a-w- C:\Windows\Sysnative\aepic.dll

2015-04-15 07:03:22 150416EB645442AB9AF3ECC0AA183A92 1111552 ----a-w- C:\Windows\Sysnative\aeinv.dll

====== C:\Windows\Sysnative\drivers =====

2015-04-24 09:24:21 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2015-04-24 09:24:04 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2015-04-24 09:24:04 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2015-04-24 09:24:04 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2015-04-15 07:04:58 E87A6D3B8FECD5B93BC0CFBB48C27970 991552 ----a-w- C:\Windows\Sysnative\drivers\http.sys

2015-04-15 07:04:57 8EB7E70C2D348FE2476A2E3F2D585E3D 377152 ----a-w- C:\Windows\Sysnative\drivers\clfs.sys

====== C:\Windows\Tasks ======

2015-04-24 07:25:01 DF1FAE622BA513B8C5693C6EF1F8553D 3814 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore

2015-04-24 07:25:01 DD9BFE98524023871ED0B230E9FDC243 1074 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-24 07:25:01 AD133ADA2795E09B12656991A40F3BDF 4050 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA

2015-04-24 07:25:01 617A5E362D851C23E1EB9F214DC8E76D 1078 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-10 08:29:56 AACA709BFCFB59B5F053B98F19D533BE 3248 ----a-w- C:\Windows\Sysnative\Tasks\Trojan Killer

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-04-24 07:29:03 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\moederjeanne\AppData\Roaming ======

2015-03-29 16:53:34 -------- d-----w- C:\Users\ruth\AppData\Roaming\WinRAR

====== C:\Users\moederjeanne ======

2015-04-24 07:25:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-04-10 08:28:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

2015-04-10 08:28:08 -------- d-----w- C:\ProgramData\GridinSoft

2015-04-09 20:53:34 -------- d-----w- C:\Users\moederjeanne\Tracing

 

====== C: exe-files ==

2015-04-24 09:23:04 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\moederjeanne\Desktop\map anti virussen\mbam-setup-2.0.0.1000.exe

2015-04-24 08:37:50 BCA7C7F35103894AC6D403C0917DF0F3 2224640 ----a-w- C:\Users\moederjeanne\Desktop\map anti virussen\adwcleaner_4.202 (2).exe

2015-04-24 08:36:50 BCA7C7F35103894AC6D403C0917DF0F3 2224640 ----a-w- C:\Users\moederjeanne\Desktop\map anti virussen\adwcleaner_4.202 (1).exe

2015-04-24 08:34:38 BCA7C7F35103894AC6D403C0917DF0F3 2224640 ----a-w- C:\Users\moederjeanne\Desktop\map anti virussen\adwcleaner_4.202.exe

2015-04-24 07:29:17 4B52FD2C7B9675D2BBD9A8F80508A61E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3968276687-3847870925-728767108-1001\$IP1RPCG.exe

2015-04-24 07:29:03 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\moederjeanne.exe

2015-04-24 07:28:26 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\moederjeanne\Desktop\map anti virussen\anti spam\RSITx64.exe

2015-04-24 07:25:15 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----a-w- C:\Program Files (x86)\Google\Update\Install\{23B65E7B-8B0F-4C1C-BA02-DA6D8AAB2F22}\42.0.2311.90_chrome_installer.exe

2015-04-24 07:25:13 3F41E4BC551B4C913BAD2F4340D79B60 41815632 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.90\42.0.2311.90_chrome_installer.exe

2015-04-24 07:25:00 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe

2015-04-24 07:25:00 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe

2015-04-24 07:25:00 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe

2015-04-24 07:25:00 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe

2015-04-24 07:24:59 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

2015-04-24 07:24:57 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe

2015-04-24 07:24:57 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe

2015-04-24 07:24:57 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

2015-04-24 07:24:57 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

2015-04-24 07:24:51 F6414DD3B23979312F8EBB91DE794178 11080 ----a-w- C:\Users\moederjeanne\AppData\Local\Apps\2.0\ZK6VKCB9.OPQ\X54WGVGL.142\inst...app_86fd5b6b43e66935_0001.0003_8cc1e8369c183a46\clickonce_bootstrap.exe

2015-04-24 07:24:51 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\moederjeanne\AppData\Local\Apps\2.0\ZK6VKCB9.OPQ\X54WGVGL.142\inst...app_86fd5b6b43e66935_0001.0003_8cc1e8369c183a46\GoogleUpdateSetup.exe

2015-04-24 07:24:51 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\moederjeanne\AppData\Local\Apps\2.0\ZK6VKCB9.OPQ\X54WGVGL.142\clic...exe_86fd5b6b43e66935_0001.0003_none_f263691f58f224f9\GoogleUpdateSetup.exe

2015-04-24 06:38:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\$Recycle.Bin\S-1-5-21-3968276687-3847870925-728767108-1001\$RP1RPCG.exe

2015-04-24 06:07:04 4BBD71FB0B84DE9F61EE22D528944C6A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3968276687-3847870925-728767108-1001\$IFC2457.exe

2015-04-24 06:05:32 CD2F181EF015F7B3D397DEF900E503EC 355840 ----a-w- C:\$Recycle.Bin\S-1-5-21-3968276687-3847870925-728767108-1001\$RFC2457.exe

=== C: other files ==

2015-04-24 09:24:21 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-04-24 09:24:04 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-04-24 09:24:04 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-04-24 09:24:04 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-04-24 07:29:11 79E4DB1EBF1F77D4195DD9E16955819C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3968276687-3847870925-728767108-1001\$IOWEO4J.zip

2015-04-24 06:13:54 F4705EDB00E570CD82C961F4C70561C1 307075 ----a-w- C:\$Recycle.Bin\S-1-5-21-3968276687-3847870925-728767108-1001\$ROWEO4J.zip

 

==== Startup Registry Enabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/04/2015 09:24]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe]

"C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Trojan Killer" ["C:\Users\moederjeanne\Desktop\anti spam\trojankiller.exe"]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{82B7F595-5AE2-407C-9927-19E0A68E3980}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{962602FA-6334-4D12-AC80-1D8392B9923C}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

"C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe]

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\MOEDER~1\AppData\Roaming\Mozilla\Firefox\Profiles\so4plgdq.default

user_pref("browser.startup.homepage", "www.google.be");

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [23/04/2014 22:29]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\MOEDER~1\AppData\Roaming\Mozilla\Firefox\Profiles\so4plgdq.default

- ActiveDeals - C:\Users\moederjeanne\AppData\Roaming\Mozilla\Firefox\Profiles\so4plgdq.default\extensions\_uaxtxwuvcgsdkz@lwgjsimhnldoaqw.com

- ActiveDeals - %ProfilePath%\extensions\_uaxtxwuvcgsdkz@lwgjsimhnldoaqw.com

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\moederjeanne\AppData\Roaming\Mozilla\Firefox\Profiles\so4plgdq.default

BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)

EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)

96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)

F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin

 

 

==== Chromium Look ======================

 

Google Chrome Version: 42.0.2311.90 (Latest Stable version: 42.0.2311.90) [z-db]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

 

Bookmark Manager - moederjeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

RealDownloader - moederjeanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

DeaLSSpaacea - ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnjdpjpcamfeeiikdfmmcidbdbingoc

RealDownloader - ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji

Tumblr Shortcuts - ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeaoiimgjnefgefklfijghnlngmkcgom

 

==== Chromium Fix ======================

 

C:\Users\moederjeanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

C:\Users\moederjeanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

C:\Users\ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnjdpjpcamfeeiikdfmmcidbdbingoc deleted successfully

C:\Users\ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeaoiimgjnefgefklfijghnlngmkcgom deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


"Start Page"="http://www.google.be/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]





[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]





 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{FA489A03-530C-4BC9-B000-AD47AAD15937} Unknown  Url="Not_Found"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3968276687-3847870925-728767108-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FA489A03-530C-4BC9-B000-AD47AAD15937} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FA489A03-530C-4BC9-B000-AD47AAD15937} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA489A03-530C-4BC9-B000-AD47AAD15937} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\moederjeanne\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\moederjeanne\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Users\ruth\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\ruth\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\moederjeanne\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\moederjeanne\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Users\ruth\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\ruth\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\moederjeanne\AppData\Local\Mozilla\Firefox\Profiles\so4plgdq.default\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\moederjeanne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\ruth\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=721 folders=104 591920568 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\moederjeanne\AppData\Local\Temp will be emptied at reboot

C:\Users\ruth\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\MOEDER~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

 

==== EOF on vr 24/04/2015 at 15:25:27,95 ======================
Link naar reactie
Delen op andere sites
Jion Grootmeester

Jion

Geplaatst:
Geplaatst:

Graag gedaan, om af te sluiten mag je het volgende nog uitvoeren:
 

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.
 
 
Tot ziens! :ciao:

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.