last van een gijzelvirus a.u.b. logjes nakijken

Rikje

19-07-2012 22:29

Hallo
Mijn partner heeft last van een gijzelvirus
Kreeg een melding dat hij 100 euro moest betalen omdat hij op een kindeporno site of een politiek onjuiste site zou zitten
sindsdien kregen we een bericht dat de IAStorcoIcon zou ontbreken.
Hebben de aanwijzingen gevolgd onder een eerdere melding van 6 juli.
Konden ook geen vasja vinden.
Zijn wel de andere stappen doorgelopen.
hebben inmiddels geen last meer van de melding over het ontbrekende bestand maar zijn er niet gerust op dat alles nu in orde is.
Bijgaand de logjes.
Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 19-7-2012 19:40:50
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Scan archieven: Aan
ADS Scan: Aan
Scan gestart: 19-7-2012 19:41:33
C:\Users\Frans\Documents\Mijn Garmin\Garmin unlock\Garmin Unlock Utility\Original Downloads\Garmin KeyGen v1.2.rar -> Garmin KeyGen v1.2\KeyGen v1.2.exe Ontdekt: Backdoor.Win32.Poison!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin unlock\Garmin Unlock Utility\Original Downloads\GarminKeygen_v1.3+ IMEI Converter v1.0.rar -> GarminKeygen_v1.3+ IMEI Converter v1.0\keygen.exe Ontdekt: not-a-virus.Hacktool.Keygen.garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin unlock\Garmin Unlock Utility\Garmin Keygen v1.5\garmin_kgen.exe Ontdekt: Riskware.Keygen.Garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin Topo France v2\Support\Garmin Keygen v1.5.rar -> Garmin Keygen v1.5\garmin_kgen.exe Ontdekt: not-a-virus.Keygen.Garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin Topo Belgium-Luxembourg\Garmin Keygen 1.5\garmin_kgen.exe Ontdekt: Riskware.Keygen.Garmin!E2
C:\Users\Frans\AppData\Local\Mozilla\Firefox\Profiles\3ejk19s3.default\Cache\E\ED\06359d01 Ontdekt: Exploit.PDF!E2
C:\Users\Frans\AppData\Local\Mozilla\Firefox\Profiles\3ejk19s3.default\Cache\C\2C\6ECBEd01 -> unnamed Ontdekt: Exploit.JS.Blacole!E2
C:\$Recycle.Bin\S-1-5-21-795546400-1110544162-4112724898-1000\$R27UVBN.exe Ontdekt: Riskware.WebToolbar.Win32.InstallCore.AMN!E1
Gescand 719904
Gevonden 8
Scan geëindigd: 19-7-2012 22:06:44
Scantijd: 2:25:11
C:\$Recycle.Bin\S-1-5-21-795546400-1110544162-4112724898-1000\$R27UVBN.exe Verwijderd Riskware.WebToolbar.Win32.InstallCore.AMN!E1
C:\Users\Frans\AppData\Local\Mozilla\Firefox\Profiles\3ejk19s3.default\Cache\C\2C\6ECBEd01 -> unnamed Verwijderd Exploit.JS.Blacole!E2
C:\Users\Frans\AppData\Local\Mozilla\Firefox\Profiles\3ejk19s3.default\Cache\E\ED\06359d01 Verwijderd Exploit.PDF!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin Topo France v2\Support\Garmin Keygen v1.5.rar -> Garmin Keygen v1.5\garmin_kgen.exe Verwijderd not-a-virus.Keygen.Garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin unlock\Garmin Unlock Utility\Garmin Keygen v1.5\garmin_kgen.exe Verwijderd Riskware.Keygen.Garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin Topo Belgium-Luxembourg\Garmin Keygen 1.5\garmin_kgen.exe Verwijderd Riskware.Keygen.Garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin unlock\Garmin Unlock Utility\Original Downloads\GarminKeygen_v1.3+ IMEI Converter v1.0.rar -> GarminKeygen_v1.3+ IMEI Converter v1.0\keygen.exe Verwijderd not-a-virus.Hacktool.Keygen.garmin!E2
C:\Users\Frans\Documents\Mijn Garmin\Garmin unlock\Garmin Unlock Utility\Original Downloads\Garmin KeyGen v1.2.rar -> Garmin KeyGen v1.2\KeyGen v1.2.exe Verwijderd Backdoor.Win32.Poison!E2
Verwijderd 8
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Frans at 22:20:02 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6071.3870
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
K:\EmsisoftEmergencyKit\start.exe
K:\EmsisoftEmergencyKit\Run\a2emergencykit.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
mRun: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
mRun: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
mRun: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”
mRun: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun:
mRun: “C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe” /DoAction
mRun: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mRun: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
StartupFolder: C:\Users\Frans\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SITECO~1.LNK - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7E5407AD-9D9A-472E-A51F-CFCC0E81EA9F} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{95B7759C-8C7F-4BF1-B163-73684A933233}
mRun-x64: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
mRun-x64: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
mRun-x64: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
mRun-x64: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”
mRun-x64: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64:
mRun-x64: “C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe” /DoAction
mRun-x64: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mRun-x64: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
mRun-x64: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.startkabel.nl
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0e3e7f70-f89d-4210-9a31-40a41bc678f5%7D&mid=c9ba9867ff0c47d186259128c0647fc5-149c76dc139fda7aa54551bedf1b1dbe86d36a1f&ds=AVG&v=11.1.0.12&lang=nl&pr=fr&d=2012-06-08%2008%3A09%3A50&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys –> C:\Windows\system32\DRIVERS\avgidsha.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys –> C:\Windows\system32\DRIVERS\avgrkx64.sys
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys –> C:\Windows\system32\Drivers\PxHlpa64.sys
R1 A2DDA;A2 Direct Disk Access Support Driver;K:\EmsisoftEmergencyKit\Run\a2ddax64.sys
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys –> C:\Windows\system32\DRIVERS\avgldx64.sys
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys –> C:\Windows\system32\DRIVERS\avgmfx64.sys
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys –> C:\Windows\system32\DRIVERS\avgtdia.sys
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys –> C:\Windows\system32\DRIVERS\vwififlt.sys
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe –> C:\Windows\system32\atiesrxx.exe
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
R2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys –> C:\Windows\system32\Drivers\Sentinel64.sys
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys –> C:\Windows\system32\DRIVERS\avgidsdrivera.sys
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys –> C:\Windows\system32\DRIVERS\avgidsfiltera.sys
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys –> C:\Windows\system32\DRIVERS\HECIx64.sys
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys –> C:\Windows\system32\DRIVERS\netr28x.sys
R3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys –> C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS –> C:\Windows\system32\DRIVERS\SNTUSB64.SYS
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
S2 SessionLauncher;SessionLauncher;C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe –> C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys –> C:\Windows\system32\DRIVERS\Spyder3.sys
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys –> C:\Windows\system32\drivers\tsusbflt.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe
.
=============== Created Last 30 ================
.
2012-07-18 19:02:58 ——– d—–w- C:\Program Files (x86)\Oracle
2012-07-18 19:02:12 687544 —-a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 19:02:10 772544 —-a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-16 01:40:41 ——– d—–w- C:\Windows\System32\SPReview
2012-07-16 01:38:42 ——– d—–w- C:\Windows\System32\EventProviders
2012-07-15 09:15:07 53248 —-a-r- C:\Users\Frans\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-15 09:15:04 ——– d—–w- C:\Users\Frans\AppData\Local\Logishrd
2012-07-15 09:12:23 18960 —-a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-07-15 08:51:25 ——– d—–w- C:\Users\Frans\AppData\Roaming\Logishrd
2012-07-14 22:20:09 ——– d—–w- C:\Users\Frans\AppData\Local\Macromedia
2012-07-14 22:19:42 70344 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 22:19:42 426184 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-14 13:46:04 48976 —-a-w- C:\Windows\System32\netfxperf.dll
2012-07-14 13:46:04 1942856 —-a-w- C:\Windows\System32\dfshim.dll
2012-07-14 13:44:59 982912 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-07-14 13:43:59 94720 —-a-w- C:\Windows\System32\cabinet.dll
2012-07-14 13:41:14 529408 —-a-w- C:\Windows\System32\wbemcomn.dll
2012-07-14 13:41:14 244736 —-a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-07-14 13:41:10 244736 —-a-w- C:\Windows\System32\sqmapi.dll
2012-07-14 10:21:10 ——– d—–w- C:\Users\Frans\AppData\Local\Apps
2012-07-14 07:40:49 ——– d—–w- C:\Program Files (x86)\Nikon
2012-07-14 07:40:48 ——– d—–w- C:\Program Files (x86)\Common Files\Nikon
2012-07-14 05:20:27 ——– d—–w- C:\Program Files (x86)\MSXML 4.0
2012-07-14 04:50:15 ——– d—–w- C:\Users\Frans\AppData\Local\CyberLink
2012-07-14 04:50:14 ——– d—–w- C:\Users\Frans\AppData\Local\PowerCinema
2012-07-14 04:42:49 ——– d—–w- C:\Windows\SysWow64\wbem\en-US
2012-07-14 04:42:43 ——– d—–w- C:\Windows\System32\wbem\en-US
2012-07-14 04:29:54 ——– d—–w- C:\Windows\SysWow64\Wat
2012-07-14 04:29:54 ——– d—–w- C:\Windows\System32\Wat
2012-07-13 18:58:37 3148800 —-a-w- C:\Windows\System32\win32k.sys
2012-07-13 17:55:01 294912 —-a-w- C:\Windows\System32\browserchoice.exe
2012-07-13 17:38:20 81408 —-a-w- C:\Windows\System32\imagehlp.dll
2012-07-13 17:38:20 5120 —-a-w- C:\Windows\SysWow64\wmi.dll
2012-07-13 17:38:20 5120 —-a-w- C:\Windows\System32\wmi.dll
2012-07-13 17:38:20 23408 —-a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-13 17:38:20 220672 —-a-w- C:\Windows\System32\wintrust.dll
2012-07-13 17:38:20 172544 —-a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-13 17:38:20 159232 —-a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-13 16:39:31 ——– d—–w- C:\Program Files (x86)\WinGDB3
2012-07-13 16:35:37 ——– d—–w- C:\Users\Frans\AppData\Local\Google
2012-07-13 16:28:59 ——– d—–w- C:\Program Files (x86)\Canon
2012-07-13 16:26:35 ——– d—–w- C:\Program Files (x86)\Common Files\Canon
2012-07-13 16:22:45 90112 —-a-w- C:\Windows\unvise32.exe
2012-07-13 16:22:14 ——– d—–w- C:\Program Files (x86)\Datacolor
2012-07-13 15:40:42 ——– d—–w- C:\Program Files (x86)\MozBackup
2012-07-13 14:56:59 ——– d—–w- C:\Users\Frans\AppData\Local\Garmin
2012-07-13 14:56:47 ——– d—–w- C:\ProgramData\Garmin
2012-07-13 14:56:23 ——– d—–w- C:\Users\Frans\AppData\Local\GARMIN_Corp
2012-07-13 14:45:29 ——– d—–w- C:\Program Files (x86)\Garmin
2012-07-13 14:45:24 ——– d—–w- C:\Users\Frans\AppData\Roaming\Garmin
2012-07-13 06:27:53 514560 —-a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-13 06:26:52 9216 —-a-w- C:\Windows\System32\rdrmemptylst.exe
2012-07-13 06:24:50 77312 —-a-w- C:\Windows\System32\packager.dll
2012-07-13 06:24:50 67072 —-a-w- C:\Windows\SysWow64\packager.dll
2012-07-13 04:42:56 ——– d—–w- C:\ProgramData\Recovery
2012-07-12 21:56:31 ——– d—–w- C:\ProgramData\HP Photo Creations
2012-07-12 21:56:31 ——– d—–w- C:\Program Files (x86)\HP Photo Creations
2012-07-12 21:56:11 778088 ——w- C:\Windows\System32\HPDiscoPMA511.dll
2012-07-12 21:56:11 ——– d—–w- C:\Users\Frans\AppData\Roaming\HpUpdate
2012-07-12 21:55:26 ——– d—–w- C:\Program Files\HP
2012-07-12 21:55:02 ——– d—–w- C:\Users\Frans\AppData\Local\HP
2012-07-12 21:34:08 145448 —-a-w- C:\Windows\System32\drivers\sentinel64.sys
2012-07-12 21:34:04 ——– d—–w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2012-07-12 21:27:36 ——– d—–w- C:\Users\Frans\AppData\Local\AV Stumpfl
2012-07-12 21:27:34 ——– d—–w- C:\Users\Frans\AppData\Roaming\AV Stumpfl
2012-07-12 21:27:34 ——– d—–w- C:\Program Files (x86)\AV Stumpfl
2012-07-12 21:12:34 ——– d—–w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-12 21:09:10 ——– d—–w- C:\Users\Frans\AppData\Local\Mozilla
2012-07-12 21:05:09 ——– d—–w- C:\Users\Frans\AppData\Roaming\AVG2012
2012-07-12 21:04:38 ——– d—–w- C:\Users\Frans\AppData\Local\AVG Secure Search
2012-07-12 21:04:35 ——– d—–w- C:\ProgramData\AVG Secure Search
2012-07-12 21:04:35 ——– d—–w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-12 21:04:35 ——– d—–w- C:\Program Files (x86)\AVG Secure Search
2012-07-12 21:04:23 ——– d—–w- C:\Windows\SysWow64\drivers\AVG
2012-07-12 21:04:19 ——– d–h–w- C:\$AVG
2012-07-12 21:04:19 ——– d—–w- C:\Windows\System32\drivers\AVG
2012-07-12 21:04:19 ——– d—–w- C:\ProgramData\AVG2012
2012-07-12 21:03:49 ——– d—–w- C:\Program Files (x86)\AVG
2012-07-12 21:02:12 ——– d–h–w- C:\ProgramData\Common Files
2012-07-12 21:02:12 ——– d—–w- C:\ProgramData\MFAData
2012-07-12 20:58:34 53488 ——w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-07-12 20:57:16 ——– d—–w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-07-12 20:57:16 ——– d—–w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-07-12 20:57:06 ——– d—–w- C:\Users\Frans\AppData\Local\Programs
2012-07-12 20:57:05 ——– d—–w- C:\Program Files (x86)\Roxio
2012-07-12 20:56:14 506728 —-a-w- C:\Windows\System32\d3dx10_33.dll
2012-07-12 20:56:14 4494184 —-a-w- C:\Windows\System32\d3dx9_33.dll
2012-07-12 20:56:14 443752 —-a-w- C:\Windows\SysWow64\d3dx10_33.dll
2012-07-12 20:56:14 3495784 —-a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-07-12 20:56:14 1400176 —-a-w- C:\Windows\System32\D3DCompiler_33.dll
2012-07-12 20:56:14 1123696 —-a-w- C:\Windows\SysWow64\D3DCompiler_33.dll
2012-07-12 20:55:25 ——– d—–w- C:\Windows\SysWow64\URTTEMP
2012-07-12 20:49:46 ——– d—–w- C:\Windows\PCHEALTH
2012-07-12 20:48:33 ——– d—–w- C:\Users\Frans\AppData\Local\Microsoft Help
2012-07-12 20:42:11 ——– d—–w- C:\Users\Frans\AppData\Local\Adobe
2012-07-12 20:20:27 ——– d—–w- C:\Program Files (x86)\Bonjour
2012-07-12 20:18:33 ——– d—–w- C:\Windows\SysWow64\spool
2012-07-12 20:16:44 ——– d—–w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-07-12 20:10:36 9013136 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BEB332A-FA05-42FE-8B0F-53508BA62DA5}\mpengine.dll
2012-07-12 20:10:35 279656 ——w- C:\Windows\System32\MpSigStub.exe
2012-07-12 20:09:30 826880 —-a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-12 20:09:30 23552 —-a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-12 20:09:30 1031680 —-a-w- C:\Windows\System32\rdpcore.dll
2012-07-12 20:07:15 2622464 —-a-w- C:\Windows\System32\wucltux.dll
2012-07-12 20:07:01 99840 —-a-w- C:\Windows\System32\wudriver.dll
2012-07-12 20:06:54 36864 —-a-w- C:\Windows\System32\wuapp.exe
2012-07-12 20:06:54 186752 —-a-w- C:\Windows\System32\wuwebv.dll
2012-07-12 20:05:55 327008 —-a-w- C:\Windows\System32\RaCoInstx.dll
2012-07-12 20:05:55 1488448 —-a-w- C:\Windows\System32\drivers\netr28x.sys
2012-07-12 20:05:55 ——– d—–w- C:\ProgramData\Ralink Driver
2012-07-12 19:57:38 ——– d—–w- C:\ProgramData\Ralink
2012-07-12 19:57:28 4096 —-a-w- C:\Windows\SysWow64\drivers\rt2870.bin
2012-07-12 19:57:28 4096 —-a-w- C:\Windows\System32\drivers\rt2870.bin
2012-07-12 19:57:20 ——– d—–w- C:\ProgramData\Sitecom Driver
2012-07-12 19:57:13 ——– d—–w- C:\Program Files (x86)\Cisco
2012-07-12 19:57:12 527360 —-a-w- C:\Windows\SysWow64\RAIHV.dll
2012-07-12 19:57:12 527360 —-a-w- C:\Windows\System32\RAIHV.dll
2012-07-12 19:57:12 25088 —-a-w- C:\Windows\System32\RAEXTUI.dll
2012-07-12 19:57:11 25088 —-a-w- C:\Windows\SysWow64\RAEXTUI.dll
2012-07-12 19:57:11 ——– d—–w- C:\Program Files (x86)\Sitecom
2012-07-12 19:53:28 ——– d—–w- C:\Users\Frans\AppData\Local\ATI
2012-07-12 19:52:28 ——– d—–w- C:\Users\Frans\AppData\Roaming\Intel Corporation
2012-07-12 19:49:41 ——– d—–w- C:\Users\Frans\AppData\Local\Hewlett-Packard
2012-07-12 19:49:10 ——– d—–w- C:\Users\Frans\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-07-16 01:50:48 175616 —-a-w- C:\Windows\System32\msclmd.dll
2012-07-16 01:50:48 152576 —-a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-13 06:13:35 588472 —-a-w- C:\Windows\SysWow64\ezsvc7x.dll
2012-06-06 06:06:16 2004480 —-a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 —-a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 —-a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 —-a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 —-a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 —-a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 —-a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 —-a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 —-a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 —-a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 —-a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 —-a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 —-a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 —-a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 —-a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 —-a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 —-a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 —-a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 —-a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 —-a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 —-a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 —-a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 —-a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 —-a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 —-a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 —-a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 —-a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 —-a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 22:21:01,33 ===============
Alvast bedankt
Rikje
Ben

20-07-2012 09:04

Hallo,
Download ComboFix van >>Hier<<, tevens kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
Antivirusprikbord.nl
Rikje

20-07-2012 09:49

Ik heb Combofix gedraaid hierbij het logje
ComboFix 12-07-19.02 - Frans 20-07-2012 9:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6071.4488
Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))
.
.
2012-07-20 07:30 . 2012-07-20 07:30 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-07-18 19:03 . 2012-07-18 19:03 ——– d—–w- c:\program files (x86)\Common Files\Java
2012-07-18 19:02 . 2012-07-18 19:02 ——– d—–w- c:\program files (x86)\Oracle
2012-07-18 19:02 . 2012-07-05 20:06 687544 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-18 19:02 . 2012-07-05 20:06 772544 —-a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-18 19:01 . 2012-07-18 19:01 ——– d—–w- c:\program files (x86)\Java
2012-07-16 01:52 . 2012-07-03 01:19 59701280 —-a-w- c:\windows\system32\MRT.exe
2012-07-16 01:40 . 2012-07-18 18:30 ——– d—–w- c:\windows\system32\SPReview
2012-07-16 01:38 . 2012-07-18 18:30 ——– d—–w- c:\windows\system32\EventProviders
2012-07-15 09:14 . 2012-07-18 18:28 ——– d—–w- c:\program files\Logitech
2012-07-15 09:12 . 2012-07-15 09:12 ——– d—–w- c:\programdata\Logitech
2012-07-15 09:12 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\Common Files\LogiShrd
2012-07-15 09:12 . 2012-07-15 09:15 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-15 09:11 . 2012-07-18 18:28 ——– d—–w- c:\programdata\Logishrd
2012-07-15 08:57 . 2012-07-18 18:28 ——– d—–w- c:\program files\Common Files\LogiShrd
2012-07-14 22:19 . 2012-07-14 22:19 ——– d—–w- c:\programdata\McAfee
2012-07-14 22:19 . 2012-07-18 18:30 ——– d—–w- c:\windows\system32\Macromed
2012-07-14 22:19 . 2012-07-14 22:19 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 22:19 . 2012-07-14 22:19 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 13:46 . 2010-11-05 01:57 48976 —-a-w- c:\windows\system32\netfxperf.dll
2012-07-14 13:46 . 2010-11-05 01:57 1942856 —-a-w- c:\windows\system32\dfshim.dll
2012-07-14 13:44 . 2010-11-20 13:33 982912 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-14 13:43 . 2010-11-20 13:27 86016 —-a-w- c:\windows\system32\TSpkg.dll
2012-07-14 13:41 . 2010-11-20 13:27 529408 —-a-w- c:\windows\system32\wbemcomn.dll
2012-07-14 13:41 . 2010-11-20 13:27 244736 —-a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-14 13:41 . 2010-11-20 13:27 244736 —-a-w- c:\windows\system32\sqmapi.dll
2012-07-14 07:40 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Nikon
2012-07-14 07:40 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Common Files\Nikon
2012-07-14 05:20 . 2012-07-14 05:20 ——– d—–w- c:\program files (x86)\MSXML 4.0
2012-07-14 04:42 . 2012-07-14 04:42 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-07-14 04:42 . 2012-07-14 04:42 ——– d—–w- c:\windows\system32\wbem\en-US
2012-07-14 04:29 . 2012-07-14 04:29 ——– d—–w- c:\windows\SysWow64\Wat
2012-07-14 04:29 . 2012-07-14 04:29 ——– d—–w- c:\windows\system32\Wat
2012-07-13 18:58 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
2012-07-13 17:55 . 2010-02-23 08:16 294912 —-a-w- c:\windows\system32\browserchoice.exe
2012-07-13 17:38 . 2012-03-01 06:46 23408 —-a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-13 17:38 . 2012-03-01 06:38 220672 —-a-w- c:\windows\system32\wintrust.dll
2012-07-13 17:38 . 2012-03-01 06:33 81408 —-a-w- c:\windows\system32\imagehlp.dll
2012-07-13 17:38 . 2012-03-01 06:28 5120 —-a-w- c:\windows\system32\wmi.dll
2012-07-13 17:38 . 2012-03-01 05:37 172544 —-a-w- c:\windows\SysWow64\wintrust.dll
2012-07-13 17:38 . 2012-03-01 05:33 159232 —-a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-13 17:38 . 2012-03-01 05:29 5120 —-a-w- c:\windows\SysWow64\wmi.dll
2012-07-13 16:39 . 2012-07-13 16:39 ——– d—–w- c:\program files (x86)\WinGDB3
2012-07-13 16:35 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Google
2012-07-13 16:28 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\Canon
2012-07-13 16:26 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\Common Files\Canon
2012-07-13 16:22 . 2004-03-29 14:23 90112 —-a-w- c:\windows\unvise32.exe
2012-07-13 16:22 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Datacolor
2012-07-13 15:40 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\MozBackup
2012-07-13 14:56 . 2012-07-13 14:56 ——– d—–w- c:\programdata\Garmin
2012-07-13 14:46 . 2012-07-18 18:28 ——– d—–w- c:\program files\DIFX
2012-07-13 14:45 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Garmin
2012-07-13 06:27 . 2011-10-26 05:25 1572864 —-a-w- c:\windows\system32\quartz.dll
2012-07-13 06:26 . 2012-04-26 05:41 77312 —-a-w- c:\windows\system32\rdpwsx.dll
2012-07-13 06:25 . 2011-07-16 05:37 1162752 —-a-w- c:\windows\system32\kernel32.dll
2012-07-13 06:24 . 2011-11-19 14:58 77312 —-a-w- c:\windows\system32\packager.dll
2012-07-13 06:24 . 2011-11-19 14:01 67072 —-a-w- c:\windows\SysWow64\packager.dll
2012-07-13 04:42 . 2012-07-18 18:21 ——– d—–w- c:\programdata\Recovery
2012-07-12 21:56 . 2012-07-12 21:56 ——– d—–w- c:\program files (x86)\HP Photo Creations
2012-07-12 21:56 . 2012-07-12 21:56 ——– d—–w- c:\programdata\HP Photo Creations
2012-07-12 21:56 . 2011-05-25 15:44 778088 ——w- c:\windows\system32\HPDiscoPMA511.dll
2012-07-12 21:55 . 2012-07-18 18:28 ——– d—–w- c:\programdata\HP
2012-07-12 21:55 . 2012-07-18 18:28 ——– d—–w- c:\program files\HP
2012-07-12 21:34 . 2009-09-17 05:05 145448 —-a-w- c:\windows\system32\drivers\sentinel64.sys
2012-07-12 21:34 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Common Files\SafeNet Sentinel
2012-07-12 21:27 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\AV Stumpfl
2012-07-12 21:12 . 2012-07-12 21:12 ——– d—–w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-12 21:04 . 2012-07-18 18:38 ——– d—–w- c:\program files (x86)\AVG Secure Search
2012-07-12 21:04 . 2012-07-18 18:32 ——– d—–w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-12 21:04 . 2012-07-18 18:28 ——– d—–w- c:\programdata\AVG Secure Search
2012-07-12 21:04 . 2012-07-12 21:04 ——– d—–w- c:\windows\SysWow64\drivers\AVG
2012-07-12 21:04 . 2012-07-20 07:02 ——– d—–w- c:\windows\system32\drivers\AVG
2012-07-12 21:04 . 2012-07-18 18:32 ——– d—–w- c:\programdata\AVG2012
2012-07-12 21:04 . 2012-07-12 21:04 ——– d—–w- C:\$AVG
2012-07-12 21:03 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\AVG
2012-07-12 21:02 . 2012-07-20 07:02 ——– d—–w- c:\programdata\MFAData
2012-07-12 21:02 . 2012-07-12 21:02 ——– d–h–w- c:\programdata\Common Files
2012-07-12 20:58 . 2012-07-12 20:58 ——– d—–w- c:\programdata\Sonic
2012-07-12 20:58 . 2007-07-26 01:00 53488 ——w- c:\windows\system32\drivers\PxHlpa64.sys
2012-07-12 20:56 . 2007-03-15 14:57 506728 —-a-w- c:\windows\system32\d3dx10_33.dll
2012-07-12 20:56 . 2007-03-15 14:57 443752 —-a-w- c:\windows\SysWow64\d3dx10_33.dll
2012-07-12 20:56 . 2007-03-12 14:42 4494184 —-a-w- c:\windows\system32\d3dx9_33.dll
2012-07-12 20:56 . 2007-03-12 14:42 3495784 —-a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-07-12 20:56 . 2007-03-12 14:42 1400176 —-a-w- c:\windows\system32\D3DCompiler_33.dll
2012-07-12 20:56 . 2007-03-12 14:42 1123696 —-a-w- c:\windows\SysWow64\D3DCompiler_33.dll
2012-07-12 20:55 . 2012-07-12 20:55 ——– d—–w- c:\windows\SysWow64\URTTEMP
2012-07-12 20:49 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Microsoft.NET
2012-07-12 20:49 . 2012-07-12 20:49 ——– d—–w- c:\windows\PCHEALTH
2012-07-12 20:48 . 2012-07-18 18:28 ——– d—–w- c:\program files\Microsoft Office
2012-07-12 20:48 . 2012-07-12 20:50 ——– d—–w- c:\programdata\Microsoft Help
2012-07-12 20:48 . 2012-07-12 20:48 ——– d—–r- C:\MSOCache
2012-07-12 20:39 . 2012-07-12 20:39 ——– d—–w- c:\programdata\FLEXnet
2012-07-12 20:20 . 2012-07-12 20:20 ——– d—–w- c:\program files (x86)\Bonjour
2012-07-12 20:18 . 2012-07-18 18:30 ——– d—–w- c:\windows\SysWow64\spool
2012-07-12 20:16 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\Common Files\Macrovision Shared
2012-07-12 20:15 . 2012-07-19 14:20 ——– d—–w- c:\program files (x86)\Common Files\Adobe
2012-07-12 20:10 . 2012-06-18 01:12 9013136 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BEB332A-FA05-42FE-8B0F-53508BA62DA5}\mpengine.dll
2012-07-12 20:10 . 2012-05-31 10:25 279656 ——w- c:\windows\system32\MpSigStub.exe
2012-07-12 20:09 . 2012-02-17 06:38 1031680 —-a-w- c:\windows\system32\rdpcore.dll
2012-07-12 20:09 . 2012-02-17 05:34 826880 —-a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-12 20:09 . 2012-02-17 04:57 23552 —-a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-12 20:07 . 2012-06-02 22:19 2428952 —-a-w- c:\windows\system32\wuaueng.dll
2012-07-12 20:07 . 2012-06-02 22:19 57880 —-a-w- c:\windows\system32\wuauclt.exe
2012-07-12 20:07 . 2012-06-02 22:19 44056 —-a-w- c:\windows\system32\wups2.dll
2012-07-12 20:07 . 2012-06-02 22:15 2622464 —-a-w- c:\windows\system32\wucltux.dll
2012-07-12 20:07 . 2012-06-02 22:19 38424 —-a-w- c:\windows\system32\wups.dll
2012-07-12 20:07 . 2012-06-02 22:19 701976 —-a-w- c:\windows\system32\wuapi.dll
2012-07-12 20:07 . 2012-06-02 22:15 99840 —-a-w- c:\windows\system32\wudriver.dll
2012-07-12 20:06 . 2012-06-02 13:19 186752 —-a-w- c:\windows\system32\wuwebv.dll
2012-07-12 20:06 . 2012-06-02 13:15 36864 —-a-w- c:\windows\system32\wuapp.exe
2012-07-12 20:05 . 2012-07-18 18:28 ——– d—–w- c:\programdata\Ralink Driver
2012-07-12 20:05 . 2011-04-19 09:32 1488448 —-a-w- c:\windows\system32\drivers\netr28x.sys
2012-07-12 20:05 . 2011-04-15 11:53 327008 —-a-w- c:\windows\system32\RaCoInstx.dll
2012-07-12 19:57 . 2012-07-12 19:57 ——– d—–w- c:\programdata\Ralink
2012-07-12 19:57 . 2008-06-16 12:57 4096 —-a-w- c:\windows\SysWow64\drivers\rt2870.bin
2012-07-12 19:57 . 2008-06-16 12:57 4096 —-a-w- c:\windows\system32\drivers\rt2870.bin
2012-07-12 19:57 . 2012-07-18 18:28 ——– d—–w- c:\programdata\Sitecom Driver
2012-07-12 19:57 . 2012-07-18 18:27 ——– d—–w- c:\program files (x86)\Cisco
2012-07-12 19:57 . 2008-06-12 13:23 527360 —-a-w- c:\windows\SysWow64\RAIHV.dll
2012-07-12 19:57 . 2008-06-12 13:23 527360 —-a-w- c:\windows\system32\RAIHV.dll
2012-07-12 19:57 . 2008-06-12 13:23 25088 —-a-w- c:\windows\system32\RAEXTUI.dll
2012-07-12 19:57 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Sitecom
2012-07-12 19:57 . 2008-06-12 13:23 25088 —-a-w- c:\windows\SysWow64\RAEXTUI.dll
2012-07-12 19:51 . 2012-07-18 18:28 ——– d—–w- c:\program files (x86)\Microsoft Works
2012-07-12 19:49 . 2012-07-12 19:49 ——– d—–w- c:\users\Public\Symantec
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 01:50 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
2012-07-16 01:50 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
2012-07-13 06:13 . 2010-01-07 20:39 588472 —-a-w- c:\windows\SysWow64\ezsvc7x.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
2012-07-12 21:04 2074208 —-a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
“{95B7759C-8C7F-4BF1-B163-73684A933233}”= “c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll”
.
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
.
“hpsysdrv”=“c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe”
“HP Remote Solution”=“c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe”
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
“Easybits Recovery”=“c:\program files (x86)\EasyBits For Kids\ezRecover.exe”
“RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG2012\avgtray.exe”
“vProt”=“c:\program files (x86)\AVG Secure Search\vprot.exe”
“HP Software Update”=“c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe”
“HF_G_Jul”=“c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
c:\users\Frans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Productregistratie.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\RaUI.exe
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 A2DDA;A2 Direct Disk Access Support Driver;k:\emsisoftemergencykit\Run\a2ddax64.sys
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
R2 SessionLauncher;SessionLauncher;c:\users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys
S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-07-20 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe
.
2012-07-14 c:\windows\Tasks\HPCeeScheduleForFrans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
.
2012-07-13 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe
.
.
——— X64 Entries ———–
.
.
“SmartMenu”=“c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe”
“PC-Doctor for Windows localizer”=“c:\program files\PC-Doctor for Windows\localizer.exe”
“EvtMgr6”=“c:\program files\Logitech\SetPointP\SetPoint.exe”
.
“LoadAppInit_DLLs”=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.startkabel.nl
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B0e3e7f70-f89d-4210-9a31-40a41bc678f5%7D&mid=c9ba9867ff0c47d186259128c0647fc5-149c76dc139fda7aa54551bedf1b1dbe86d36a1f&ds=AVG&v=11.1.0.12&lang=nl&pr=fr&d=2012-06-08%2008%3A09%3A50&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
“ImagePath”=“\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.10”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker3”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sitecom\Common\RegistryWriter.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-07-20 09:39:15 - machine werd herstart
ComboFix-quarantined-files.txt 2012-07-20 07:39
.
Pre-Run: 615.090.876.416 bytes beschikbaar
Post-Run: 615.316.271.104 bytes beschikbaar
.
- - End Of File - - 8907E68F0F401E0118BBE78C2DAFB769
fazantje

20-07-2012 10:09

Hoi Rikje,
Ook dit logje ziet er goed uit(tu)
We gaan even opruimen:
Download OTC.exe (by OldTimer) hier.
• Plaats het bestand op je bureaublad.
• Zorg dat er een internetverbinding is.
• Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
• Lukt dat niet , doen dan dubbelklikken op het icoon.
• Klik nu op de knop “CleanUp!”
• Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
• OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.
Emsisoft Emergency Kit en DDS kun je zo naar jou prullenbak slepen.
Download AdwCleaner by Xplode hier, en plaats het op jou Bureaublad.
Sluit alle openstaande vensters.
Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
Klik vervolgens op Delete.
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK
Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner.txt ) post de inhoud in een volgende bericht.
Voer ook ons Schoonmaakplan uit.
Succes,
Huib;)
Rikje

20-07-2012 13:38

Ik heb alles gedaan en ook het schoonmaakplan uitgevoerd.
alleen Hijackthis krijg ik niet gestart ik krijg de volgende melding.
If you are not redirected soon, please click here.
bijgaand wel de log van ADW cleaner
# AdwCleaner v1.703 - Logfile created 07/20/2012 at 10:33:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Frans - FRANS-PC
# Running from : C:\Users\Frans\Desktop\adwcleaner.exe
# Option
***** *****
Stopped & Deleted : vToolbarUpdater11.2.0
***** *****
Folder Deleted : C:\Users\Frans\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Frans\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\extensions\avg@toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
***** *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions
***** *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
***** *****
-\\ Internet Explorer v9.0.8112.16421
Registry is clean.
-\\ Mozilla Firefox v13.0.1 (nl)
Profile name : default
File : C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\prefs.js
Deleted : user_pref(“CommunityToolbar.alert.servicesServerUrl”, “hxxp://alert.services.conduit.com”);
Deleted : user_pref(“CommunityToolbar.alert.userId”, “{bd631127-baaa-4471-a405-3565afafae0c}”);
Deleted : user_pref(“browser.search.defaultenginename”, “AVG Secure Search”);
Deleted : user_pref(“browser.search.order.1”, “Search the web (Babylon)”);
Deleted : user_pref(“keyword.URL”, "hxxp://isearch.avg.com/search?cid=%7B0e3e7f70-f89d-4210-9a31-40a41bc678f5%
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
fazantje

20-07-2012 14:56

Hoi Rikje,
Staat hijackthis al wel onder: Start - Computer - C schijf - program files - trend micro - hijackthis.
Nu zie je een rood hijackthis icoontje en klik met jou rechtermuisknop hierop en kies voor: als administrator uitvoeren en klik op scan.
Anders Hijackthis opnieuw downloaden en installeren:
http://www.downloadgids.com/Beveiliging-Software/Trend-Micro-HijackThis-2-0-4
Succes,
Huib;)
Rikje

20-07-2012 15:49

Hallo Huib
Het lukt me niet om Hijackthis te installeren.
Ik zie de cirkel gaan en krijg daarna een pagina met een aantal gratis tools.
Als ik dan klik op Hijackthis kan ik verder klikken op Hijackthis starten en dan krijg ik te tekst (letterlijk) zoals in mijn vorige bericht.
Op de een of ander manier installeert HJT zich niet op de PC.
We hebben het ook nog op een andere PC geprobeerd maar daar hebben we hetzelfde probleem.
heb al vaker met jullie gewerkt dus ik ken HJT.
Het is ook altijd gelukt dit te downloaden en te gebruiken maar nu dus niet.
Ik heb nog gezocht of ik nog een vorige download had maar helaas is dat niet het geval
Rikje
fazantje

20-07-2012 18:52

Hoi Rikje,
Het is me nu helemaal duidelijk wat je bedoelde(tu)
Ik zat te denken dat het probleem op jou computer zat, maar jij bedoelde de download link op de pagina van het stappenplan.
Ik heb de link vervangen en werkt nu weer.
Groetjes Huib;)
Rikje

20-07-2012 22:41

Hallo Huib,
Nu is het gelukt
Hierbij het logje van HTJ
Rikje
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:36, on 20-7-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Users\Frans\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/8
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe” /DoAction
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hitachi Backup Service (HitachiBackupService) - Hitachi GST - C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11309 bytes
fazantje

20-07-2012 22:51

Hoi Rikje,
Zoals we al eerder zeiden, je logjes zien er goed uit(tu)
Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

last van een gijzelvirus a.u.b. logjes nakijken

Rikje

Ben

Rikje

fazantje

Rikje

fazantje

Rikje

fazantje

Rikje

fazantje