Mededeling

**Emphyrio** · 01-12-13, 15:36

Hoi roadie en welkom op Nucia Security Forum,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner
Klik op Scan
Klik op Clean

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Enkel de log na de "clean" optie heb ik nodig.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

AdwCleaner
Een verse DDS log
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**roadie** · 01-12-13, 19:19

Hey Emphyrio, bedankt voor de hulp reeds. Hieronder de logs.

1) ADW Cleaner

# AdwCleaner v3.014 - Report created 01/12/2013 at 20:04:06
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8 Pro (64 bits)
# Username : HenkA - PC-HENKA
# Running from : C:\Users\henka\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
File Deleted : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\searchplugins\ask-search.xml
File Deleted : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v25.0.1 (nl)

[ File : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\9h7cjww5.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.51252cfaca6d9.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.c om'.indexOf(window.self.location.hostname)>-1) return;}c

Line Deleted : user_pref("extensions.5affxtbr-bs@MyWebFace_5a.com.install-event-fired", true);
Line Deleted : user_pref("extensions.5affxtbr@MyWebFace_5a.com.install-event-fired", true);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=2912_2&babsrc=NT_ss&mntrId=2806ba6400000000000000ff5065ff05");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.babylon.com/?affID=110819&tt=2912_2&babsrc=KW_ss&mntrId=2806ba6400000000000000ff5065ff05&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=29980FD8-59B6-403A-8569-513478F1B4BC&n=77ee610b&ptnrS=HJxdm060YYbe");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", -270650968);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012111115");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm060YYbe");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "29980FD8-59B6-403A-8569-513478F1B4BC");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1352643811518");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "gangnam style");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=B06A844F-6F6E-48B4-8701-6CB079AC7BB6&n=77ee1228&ptnrS=GRxdm057YYbe&si=73190");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.installDate", "2012090920");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.partnerId", "GRxdm057YYbe");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.partnerSubId", "73190");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.installation.toolbarId", "B06A844F-6F6E-48B4-8701-6CB079AC7BB6");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.lastActivePing", "1347216541883");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.tab.date", "1347216541345");
Line Deleted : user_pref("extensions.toolbar.mindspark._5aMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.owner", "[email protected]");
Line Deleted : user_pref("extensions.toolbar.mindspark.tab.enabled", true);
Line Deleted : user_pref("extensi[email protected]", true);
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.pu-results.info/?pid=34&r=2013/02/20&hid=740632495&lg=EN&cc=BE&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ File : C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\cckv0ky6.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPD6649B4C-B3A6-4230-B250-D0178328FA51");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\henka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\henka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9226 octets] - [01/12/2013 20:03:13]
AdwCleaner[S0].txt - [9198 octets] - [01/12/2013 20:04:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9258 octets] ##########

2) DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
Run by HenkA at 20:14:18 on 2013-12-01
Microsoft Windows 8 Pro 6.2.9200.0.1252.32.1033.18.3958.2559 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\BtwRSupportService.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://intranet.transics.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
StartupFolder: C:\Users\henka\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://transics-mon3:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslhq.transics.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 195.130.131.133 195.130.130.5
TCP: Interfaces\{1D7D32D9-BA5C-4D80-94FB-2DA02F4ABE83} : DHCPNameServer = 195.130.131.133 195.130.130.5
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 193.67.165.96 tx-social-test.transics.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\henka\AppData\Roaming\Mozilla\Firefox\Profiles\cckv0ky6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2011-12-15 2246184]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-22 701512]
R2 rimspci;rimspci;C:\Windows\System32\Drivers\rimspe64.sys [2013-11-4 61952]
R2 risdpcie;risdpcie;C:\Windows\System32\Drivers\risdpe64.sys [2013-11-4 79360]
R2 rixdpcie;rixdpcie;C:\Windows\System32\Drivers\rixdpe64.sys [2013-11-4 55808]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2012-7-17 344864]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2012-7-17 42272]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-4 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 2045232]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\Drivers\HECIx64.sys [2009-9-17 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-22 25928]
R3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2009-7-15 917768]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\Drivers\yk63x64.sys [2012-10-2 295792]
S3 bluekey;Transics TX-MAX Key;C:\Windows\System32\Drivers\bluekeyusb64.sys [2013-11-6 55872]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2012-7-25 5632]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-01 19:02:55 -------- d-----w- C:\AdwCleaner
2013-11-27 11:08:34 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-11-27 11:08:33 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-11-27 11:08:33 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-27 11:08:26 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-27 11:08:17 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-27 11:08:17 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-27 11:07:29 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-27 11:07:29 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-27 11:04:42 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-27 11:04:42 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-26 14:37:59 -------- d-----w- C:\Program Files (x86)\Transics
2013-11-25 21:10:50 -------- d-----w- C:\Users\henka\AppData\Local\ElevatedDiagnostics
2013-11-24 11:55:32 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-23 19:10:18 -------- d-----w- C:\Program Files\Enigma Software Group
2013-11-23 19:09:21 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-23 19:09:16 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-11-22 18:35:29 -------- d-----w- C:\Users\henka\AppData\Roaming\Malwarebytes
2013-11-22 18:35:14 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-22 18:35:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-22 18:35:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-22 18:35:00 -------- d-----w- C:\Users\henka\AppData\Local\Programs
2013-11-22 15:31:00 447320 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-11-22 15:31:00 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-11-22 15:28:09 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-22 15:28:08 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-22 15:23:49 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-11-22 15:23:49 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-20 12:09:59 -------- d-----w- C:\TimeWriterV4
2013-11-20 10:53:58 -------- d-----w- C:\TimeWriterV5
2013-11-18 10:09:41 -------- d-----w- C:\Users\henka\AppData\Local\IsolatedStorage
2013-11-08 07:01:28 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-11-07 20:31:35 -------- d-----w- C:\Users\henka\AppData\Roaming\uTorrent
2013-11-06 14:39:01 598016 ----a-w- C:\Windows\SysWow64\sqliteodbc2008.dll
2013-11-06 14:38:56 -------- d-----w- C:\Windows\SysWow64\SQLite2008Pro
2013-11-06 14:38:56 -------- d-----w- C:\Program Files (x86)\Osen Kusnadi
2013-11-06 11:05:32 55872 ----a-w- C:\Windows\System32\drivers\bluekeyusb64.sys
2013-11-05 20:26:08 -------- d-----w- C:\Users\henka\AppData\Roaming\ClassicShell
2013-11-05 20:24:41 -------- d-----w- C:\Program Files\Classic Shell
2013-11-05 15:56:35 186880 ----a-w- C:\Windows\POWERPRN.DLL
2013-11-05 15:56:32 147456 ----a-w- C:\Windows\DLLTRACE.DLL
2013-11-05 15:56:30 319488 ----a-w- C:\Windows\SCard32.dll
2013-11-05 15:54:24 -------- d-----w- C:\ProgramData\SQL Anywhere 10
2013-11-05 15:39:07 -------- d-----w- C:\Users\henka\sybase
2013-11-05 15:38:47 -------- d-----w- C:\ProgramData\Sybase Central 5.0.0
2013-11-05 15:36:40 44544 ------w- C:\Windows\SysWow64\msxml4a.dll
2013-11-05 15:35:42 -------- d-----w- C:\Program Files\SQL Anywhere 10
2013-11-05 15:34:11 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2013-11-05 15:34:11 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-11-05 15:34:10 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-11-05 15:34:10 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-11-05 15:34:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-11-05 15:34:10 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-11-05 15:34:10 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-11-05 15:34:02 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-11-05 15:34:01 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-11-05 14:26:58 -------- d-----w- C:\TISNEW
2013-11-05 13:50:31 -------- d-----w- C:\Users\henka\AppData\Local\Macromedia
2013-11-05 12:54:53 -------- d-----w- C:\ProgramData\Brother
2013-11-05 12:12:56 -------- d-----w- C:\Users\henka\AppData\Roaming\OpenVPN Technologies
2013-11-05 12:12:56 -------- d-----w- C:\Users\henka\AppData\Local\OpenVPN Technologies
2013-11-05 09:59:06 -------- d-----w- C:\Users\henka\AppData\Local\Transics
2013-11-05 09:24:59 -------- d-----w- C:\Users\henka\AppData\Local\Microsoft_Corporation
2013-11-05 09:13:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-11-05 09:13:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-05 09:13:31 -------- d-----w- C:\Windows\SysWow64\1033
2013-11-05 09:13:31 -------- d-----w- C:\Windows\System32\1033
2013-11-05 09:05:02 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-11-05 08:50:58 -------- d-----r- C:\TXconnect
2013-11-05 08:28:06 -------- d-----w- C:\Program Files (x86)\visionapp
2013-11-05 08:19:04 -------- d-----w- C:\Training
2013-11-05 08:18:49 -------- d-----w- C:\Tools
2013-11-05 07:59:45 -------- d-----w- C:\Users\henka\AppData\Local\Deployment
2013-11-05 07:36:26 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-05 07:36:23 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-04 17:43:51 -------- d-----w- C:\Windows\Panther
2013-11-04 16:34:33 -------- d-----w- C:\Users\henka\AppData\Local\FrontRange_Solutions_Inc
2013-11-04 16:34:14 -------- d-----w- C:\Temp
2013-11-04 16:33:53 -------- d-----w- C:\sqlserver
2013-11-04 16:33:39 -------- d-----r- C:\Sourcesafe
2013-11-04 16:33:29 -------- d-----w- C:\sky.app
2013-11-04 16:32:14 -------- d-----w- C:\SKY
2013-11-04 16:31:50 -------- d-----w- C:\Shared
2013-11-04 16:23:41 -------- d-----w- C:\SD_Operations
2013-11-04 16:11:32 -------- d-----w- C:\Users\henka\AppData\Local\Google
2013-11-04 15:16:24 -------- d-----w- C:\Users\henka\AppData\Local\Mozilla
2013-11-04 15:16:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-04 15:11:39 -------- d-----w- C:\Programs
2013-11-04 15:03:49 -------- d-----w- C:\Personal
2013-11-04 15:02:01 -------- d-----w- C:\Installaties
2013-11-04 15:01:33 -------- d-----w- C:\History
2013-11-04 15:00:59 -------- d-----w- C:\Foto's
2013-11-04 14:58:55 -------- d-----r- C:\EXPORT
2013-11-04 14:53:45 -------- d-----w- C:\Documents
2013-11-04 14:53:34 -------- d-----w- C:\Database & planning
2013-11-04 14:53:14 -------- d-----r- C:\Buggit
2013-11-04 13:21:14 -------- d-----w- C:\Users\henka\AppData\Local\DataRecommendation
2013-11-04 13:21:08 -------- d-----w- C:\Users\henka\AppData\Roaming\DataRecommendations
2013-11-04 13:18:47 -------- d-----w- C:\Program Files\Microsoft Dynamics AX
2013-11-04 13:18:39 -------- d-----w- C:\Program Files (x86)\Microsoft Dynamics AX
2013-11-04 13:12:26 -------- d-----w- C:\Users\henka\AppData\Local\ITSMAppStorage
2013-11-04 13:09:53 -------- d-----w- C:\ProgramData\FrontRange Solutions USA Inc
2013-11-04 13:09:53 -------- d-----w- C:\Program Files (x86)\FrontRange Solutions
2013-11-04 13:09:53 -------- d-----w- C:\Program Files (x86)\Common Files\Outlook Security Manager
2013-11-04 12:19:57 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-04 12:19:56 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-04 12:11:43 -------- d-----r- C:\Windows\BrowserChoice
2013-11-04 12:05:13 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-11-04 12:01:33 94208 ----a-w- C:\Windows\System32\synceng.dll
2013-11-04 12:01:33 72192 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-11-04 11:55:46 74240 ----a-w- C:\Program Files\Windows Defender\MsMpCom.dll
2013-11-04 11:52:54 81408 ----a-w- C:\Windows\System32\setupcln.dll
2013-11-04 11:51:11 652288 ----a-w- C:\Windows\System32\comctl32.dll
2013-11-04 11:51:11 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-11-04 11:47:15 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-11-04 11:47:15 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-11-04 11:47:15 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-11-04 11:47:14 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-11-04 11:47:14 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-11-04 11:47:14 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-11-04 11:47:14 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-11-04 11:42:59 -------- d-----w- C:\Windows\System32\MRT
2013-11-04 11:36:56 656896 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-11-04 11:34:55 77312 ----a-w- C:\Windows\System32\openfiles.exe
2013-11-04 11:31:36 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll
2013-11-04 11:31:36 677888 ----a-w- C:\Windows\System32\mfnetcore.dll
2013-11-04 11:31:36 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll
2013-11-04 11:31:36 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll
2013-11-04 11:31:36 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
2013-11-04 11:31:36 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll
2013-11-04 11:19:54 27880 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-11-04 11:11:18 566784 ----a-w- C:\Windows\System32\wvc.dll
2013-11-04 11:11:18 462336 ----a-w- C:\Windows\System32\sysmon.ocx
2013-11-04 11:11:18 437248 ----a-w- C:\Windows\SysWow64\wvc.dll
2013-11-04 11:11:18 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx
2013-11-04 11:11:18 1374208 ----a-w- C:\Windows\System32\wdc.dll
2013-11-04 11:11:18 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll
2013-11-04 11:08:59 1184256 ----a-w- C:\Windows\System32\Display.dll
2013-11-04 11:08:59 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2013-11-04 11:07:02 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
2013-11-04 11:03:30 3265256 ----a-w- C:\Windows\System32\drivers\evbda.sys
2013-11-04 11:02:59 634880 ----a-w- C:\Windows\System32\apphelp.dll
2013-11-04 11:01:38 301568 ----a-w- C:\Windows\System32\newdev.dll
2013-11-04 11:01:38 275968 ----a-w- C:\Windows\SysWow64\newdev.dll
2013-11-04 11:01:37 76288 ----a-w- C:\Windows\System32\newdev.exe
2013-11-04 11:01:37 75264 ----a-w- C:\Windows\System32\ndadmin.exe
2013-11-04 11:01:37 74240 ----a-w- C:\Windows\SysWow64\newdev.exe
2013-11-04 11:01:37 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe
2013-11-04 10:35:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-04 10:35:26 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-04 10:01:43 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2013-11-04 10:01:43 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2013-11-04 09:57:56 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-11-04 09:57:56 54488 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-11-04 09:57:04 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-11-04 09:57:04 32768 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2013-11-04 09:57:04 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-11-04 09:57:04 25600 ----a-w- C:\Windows\System32\drivers\usbprint.sys
2013-11-04 09:56:47 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-11-04 09:56:46 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-11-04 09:54:15 99328 ----a-w- C:\Windows\System32\drivers\usbcir.sys
2013-11-04 09:54:15 210560 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2013-11-04 09:54:15 121984 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys
2013-11-04 09:49:43 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-11-04 09:49:43 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-11-04 09:46:54 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-11-04 09:46:54 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-11-04 09:46:54 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-11-04 09:46:54 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-11-04 09:46:46 589896 ----a-w- C:\Windows\SysWow64\dsNcSmartCardProv.dll
2013-11-04 09:46:45 421448 ----a-w- C:\Windows\SysWow64\dsNcCredProv.dll
2013-11-04 09:46:40 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-11-04 09:46:09 -------- d-----w- C:\Program Files (x86)\Juniper Networks
2013-11-04 09:44:33 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-11-04 09:44:33 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-11-04 09:44:26 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-11-04 09:44:26 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-11-04 09:42:59 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-11-04 09:42:59 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-11-04 09:42:56 1838080 ----a-w- C:\Windows\System32\DWrite.dll
2013-11-04 09:42:56 1421312 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-11-04 09:42:03 79192 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-04 09:42:03 623448 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-04 09:42:03 498008 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-04 09:42:03 32256 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-04 09:42:03 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-04 09:42:03 21848 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-04 09:42:03 120832 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-04 09:41:51 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-11-04 09:41:24 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-11-04 09:41:24 112872 ----a-w- C:\Windows\System32\consent.exe
2013-11-04 09:39:57 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-11-04 09:39:57 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-11-04 09:39:57 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-11-04 09:39:57 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-11-04 09:39:53 733184 ----a-w- C:\Windows\System32\win32spl.dll
2013-11-04 09:38:37 -------- d-----w- C:\Windows\System32\appmgmt
2013-11-04 09:38:08 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-11-04 09:38:08 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-11-04 09:38:05 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-11-04 09:38:05 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-11-04 09:38:05 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-11-04 09:38:05 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-11-04 09:38:05 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-11-04 09:38:05 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-11-04 09:38:05 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-11-04 09:36:48 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-11-04 09:33:57 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll
2013-11-04 09:30:27 -------- d-----w- C:\ProgramData\Oracle
2013-11-04 09:30:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-04 09:29:01 -------- d-----w- C:\Program Files (x86)\MSECache
2013-11-04 09:28:41 -------- d-----w- C:\Users\henka\AppData\Local\Apps
2013-11-04 09:25:01 -------- d-----w- C:\Windows\PCHEALTH
2013-11-04 09:25:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-11-04 09:23:32 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-11-04 09:22:56 -------- d-----w- C:\Users\henka\AppData\Local\Microsoft Help
2013-11-04 09:21:52 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-11-04 09:21:45 -------- d-----w- C:\Intel
2013-11-04 09:21:11 -------- d-----w- C:\Program Files\Validity Sensors
2013-11-04 09:20:09 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-11-04 09:18:35 -------- d-----w- C:\Program Files (x86)\Tim Heuer
2013-11-04 09:17:18 -------- d-----w- C:\Windows\System32\log
2013-11-04 09:16:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-11-04 09:15:40 -------- d-----w- C:\Program Files (x86)\vnc
2013-11-04 09:15:09 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2013-11-04 09:15:09 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2013-11-04 09:15:09 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2013-11-04 09:15:06 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2013-11-04 09:15:06 -------- d-----w- C:\Program Files (x86)\PDFCreator
2013-11-04 09:14:43 -------- d-----w- C:\Program Files (x86)\FileZilla
2013-11-04 09:13:44 -------- d-----w- C:\Users\henka\AppData\Local\Diagnostics
2013-11-04 09:12:23 -------- d-----w- C:\Users\henka\AppData\Roaming\hpqlog
2013-11-04 09:12:04 -------- d-----r- C:\Users\henka\Searches
2013-11-04 09:12:04 -------- d-----r- C:\Users\henka\Contacts
2013-11-04 09:07:12 90112 ----a-w- C:\Windows\System32\snymsico.dll
2013-11-04 09:07:12 79360 ----a-w- C:\Windows\System32\drivers\risdpe64.sys
2013-11-04 09:07:12 61952 ----a-w- C:\Windows\System32\drivers\rimspe64.sys
2013-11-04 09:07:12 55808 ----a-w- C:\Windows\System32\drivers\rixdpe64.sys
2013-11-04 09:07:12 196608 ----a-w- C:\Windows\System32\RiSDIcon.dll
2013-11-04 09:07:12 188416 ----a-w- C:\Windows\System32\RiMMCIcon.dll
2013-11-04 09:07:12 172032 ----a-w- C:\Windows\System32\rixdicon.dll
2013-11-04 09:07:12 114688 ----a-w- C:\Windows\SysWow64\RicohMediadriverVer.dll
2013-11-04 09:06:35 -------- d-----w- C:\swsetup
2013-11-04 08:56:59 -------- d-----w- C:\Program Files\Windows Identity Foundation
2013-11-04 08:56:40 -------- d-----w- C:\Program Files\Synaptics
2013-11-04 08:52:12 -------- d-----w- C:\Windows\wlansvc
2013-11-04 08:51:49 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2013-11-04 08:51:48 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2013-11-04 08:51:47 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2013-11-04 08:51:45 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2013-11-04 08:48:23 -------- d-----w- C:\ProgramData\PRICache
2013-11-04 08:44:52 0 ----a-w- C:\Windows\ativpsrm.bin
.
==================== Find3M ====================
.
2013-10-20 16:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll
2013-10-20 16:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-09-28 05:48:00 778752 ----a-w- C:\Windows\System32\oleaut32.dll
2013-09-28 03:58:44 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-09-24 22:18:27 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-09-19 07:32:10 1455448 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
.
============= FINISH: 20:16:49,00 ===============

**roadie** · 01-12-13, 19:19

3) checkup

Results of screen317's Security Check version 0.99.77
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Trend Micro OfficeScan Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Adobe Flash Player 11.9.900.117
Mozilla Firefox (25.0.1)
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Trend Micro OfficeScan Client pccntmon.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Trend Micro OfficeScan Client ntrtscan.exe
Trend Micro OfficeScan Client tmlisten.exe
Trend Micro OfficeScan Client CNTAoSMgr.exe
Trend Micro OfficeScan Client TmProxy.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

**Emphyrio** · 01-12-13, 22:39

Hoe is het nu?

**roadie** · 02-12-13, 07:06

Net eens getest en probleem doet zich nog steeds voor. Wat ik nog niet vermeld had is dat hij ook vaak als ik iets open doe in firefox een extra tabpage opendoet naar deze site (zopas dus ook) :

http://rvzr-a.akamaihd.net/sd/wrap-0.01.html?u=http%3A%2F%2Fwww.adcash.com%2Fscript%2Fpop_packcpm.php%3Fk%3D529c30b52750399580.296464%26h%3D75992c42451b00a2f70fbf7c2ed54b9a56111db0%26id%3D0%26ban%3D99580%26r%3D195299%26ref%3Dh%26data%3D%26subid%3D

**Emphyrio** · 02-12-13, 17:26

Herintializeer je Firefox.

Volg daarvoor deze handleiding: http://support.mozilla.org/nl/kb/fir...emen-verhelpen

**roadie** · 02-12-13, 18:26

Hey, dit heb ik uitgevoerd en op het eerste zicht lijkt het probleem opgelost. Net wat zaken zitten opendoen in Firefox en waar ik normaal al lang een popup of extra tab zou krijgen, kreeg ik die nu niet.
Ik ga hem morgen weer ganse dag gebruiken op het werk. Als het dan nog steeds goed is, dan zal het wel in orde zijn. Ik laat dan nog iets weten.

**Emphyrio** · 02-12-13, 18:35

Mooi zo

Nog even dit:

Download of Update Ccleaner

Start CCleaner op.
.

Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
Selecteer het tabblad Instellingen
Haal het vinkje weg bij "Computer automatisch schoonmaken...."
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK

Je pc is clean.
1) Je mag alle losse bestanden en tools die we hebben gebruikt verwijderen.

2) Om herbesmetting te vermijden, kan je deze tips eens nalezen:

Het voorkomen van spyware-infecties en browserhijacking en Hoe voorkom ik een nieuwe infectie?

3) Om je PC een snelle onderhoudbeurt te geven, kan je deze tips eens lezen: Handleiding voor een schone PC

4) Allerlei tips en hints kan je hier raadplegen.

Ik zet het topic op opgelost.

Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden
naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk
Dit is gedaan om het forum netjes en overzichtelijk te houden.

Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

Hebben we je goed geholpen? Overweeg eens een (vrijblijvende) donatie aan Nucia

Emphyrio

Mededeling

Advanced system protector

Advanced system protector

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment