log

Ben

01-10-2012 17:43

Hallo,
Dan gaan we het volgende doen:
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Gr.Ben
Antivirusprikbord.nl
M@ria

01-10-2012 18:49

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by marga at 18:45:10 on 2012-10-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4094.2442
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\MessengerPlus! 3\MsgPlus.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\marga\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
uRun: “C:\Program Files (x86)\Logitech\Vid HD\Vid.exe” -bootmode
uRun: “C:\Users\marga\AppData\Local\Google\Update\GoogleUpdate.exe” /c
uRun: “C:\Program Files (x86)\MessengerPlus! 3\MsgPlus.exe” /WinStart
uRun: C:\Program Files (x86)\CastlePaste PRO\CastlePaste.exe
uRun: C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: “C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe”
uRun: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: “C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe”
mRun: C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: “C:\Program Files (x86)\MessengerPlus! 3\MsgPlus.exe”
mRun: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”
mRun: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: “C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe” / /PROMPT /CMPID=ROC_JULY_P1
mRun: “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY
mRun: “C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe” / /PROMPT /CMPID=ROC_NT
mRun: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{1C448A08-CFE8-445D-B5AC-FC39A66F679A} : DhcpNameServer = 192.168.2.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FFCB3198-32F3-4E8B-9539-4324694ED664}
mRun-x64: C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: “C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe”
mRun-x64: C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: “C:\Program Files (x86)\MessengerPlus! 3\MsgPlus.exe”
mRun-x64: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
mRun-x64: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun-x64: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”
mRun-x64: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: “C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe” / /PROMPT /CMPID=ROC_JULY_P1
mRun-x64: “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY
mRun-x64: “C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe” / /PROMPT /CMPID=ROC_NT
mRun-x64: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\marga\AppData\Roaming\Mozilla\Firefox\Profiles\9tfvtpc9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.flirtmee.nl/chat/admin1.php
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10002&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\marga\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys –> C:\Windows\system32\DRIVERS\avgidsha.sys
R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys –> C:\Windows\system32\DRIVERS\avgloga.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys –> C:\Windows\system32\DRIVERS\avgrkx64.sys
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys –> C:\Windows\system32\DRIVERS\avgidsdrivera.sys
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys –> C:\Windows\system32\DRIVERS\avgldx64.sys
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys –> C:\Windows\system32\DRIVERS\avgmfx64.sys
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys –> C:\Windows\system32\DRIVERS\avgtdia.sys
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys –> C:\Windows\system32\drivers\avgtpx64.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe –> C:\Windows\system32\atiesrxx.exe
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys –> C:\Windows\system32\DRIVERS\eamonm.sys
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys –> C:\Windows\system32\DRIVERS\amdiox64.sys
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys –> C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys –> C:\Windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys –> C:\Windows\system32\drivers\AtihdW76.sys
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys –> C:\Windows\system32\DRIVERS\lvrs64.sys
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys –> C:\Windows\system32\DRIVERS\lvuvc64.sys
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys –> C:\Windows\system32\DRIVERS\ManyCam_x64.sys
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys –> C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys –> C:\Windows\system32\DRIVERS\Sftfslh.sys
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys –> C:\Windows\system32\DRIVERS\Sftplaylh.sys
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys –> C:\Windows\system32\DRIVERS\Sftredirlh.sys
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys –> C:\Windows\system32\DRIVERS\Sftvollh.sys
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys –> C:\Windows\system32\drivers\viahduaa.sys
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys –> C:\Windows\system32\Drivers\ssadadb.sys
S3 FIXUSTOR;FIXUSTOR;C:\Windows\system32\DRIVERS\fixustor.sys –> C:\Windows\system32\DRIVERS\fixustor.sys
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys –> C:\Windows\system32\DRIVERS\HECIx64.sys
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys –> C:\Windows\system32\DRIVERS\ssadbus.sys
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys –> C:\Windows\system32\DRIVERS\ssadmdfl.sys
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys –> C:\Windows\system32\DRIVERS\ssadmdm.sys
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys –> C:\Windows\system32\DRIVERS\ssadserd.sys
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys –> C:\Windows\system32\drivers\tsusbflt.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe
.
=============== Created Last 30 ================
.
2012-10-01 16:12:27 ——– d—–w- C:\Program Files (x86)\CastlePaste PRO1
2012-10-01 14:06:07 537 —-a-w- C:\Windows\DeleteOnReboot.bat
2012-10-01 13:29:38 167424 —-a-w- C:\Windows\zoek-delete.exe
2012-10-01 13:29:38 ——– d—–w- C:\Users\marga\AppData\Local\Temp
2012-10-01 12:36:55 821736 —-a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-01 12:36:44 95208 —-a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-01 12:26:28 ——– d—–w- C:\Program Files (x86)\WinASO
2012-10-01 12:15:09 ——– d—–w- C:\Users\marga\AppData\Roaming\Systweak
2012-10-01 12:15:06 18832 —-a-w- C:\Windows\System32\roboot64.exe
2012-10-01 12:15:00 ——– d—–w- C:\Program Files (x86)\RegClean Pro
2012-10-01 12:13:35 ——– d—–w- C:\Program Files (x86)\RegCleaner
2012-09-30 12:47:11 ——– d—–w- C:\Windows\WindowsMobile
2012-09-30 12:46:43 ——– d—–w- C:\Users\marga\AppData\Roaming\GoPal Assistant
2012-09-30 12:46:13 ——– d—–w- C:\Program Files (x86)\Medion GoPal Assistant
2012-09-26 04:19:54 245760 —-a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 16:24:00 ——– d—–w- C:\Users\marga\AppData\Roaming\AVG2013
2012-09-25 16:21:11 ——– d—–w- C:\Users\marga\AppData\Roaming\TuneUp Software
2012-09-25 16:17:21 ——– d—–w- C:\ProgramData\AVG2013
2012-09-25 16:00:51 ——– d—–w- C:\Users\marga\AppData\Local\MFAData
2012-09-25 16:00:51 ——– d—–w- C:\Users\marga\AppData\Local\Avg2013
2012-09-22 19:31:59 548864 —-a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2012-09-17 16:58:54 56672 —-a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-09-14 03:34:34 105312 —-a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-09-12 09:47:20 199520 —-a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-12 09:47:02 175968 —-a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-12 04:18:24 950128 —-a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 04:18:24 41472 —-a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 04:18:23 574464 —-a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 04:18:22 490496 —-a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 04:18:21 376688 —-a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 04:18:21 288624 —-a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 04:18:21 1913200 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 08:21:23 73696 —-a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-03 19:52:19 31080 —-a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
==================== Find3M ====================
.
2012-10-01 12:36:23 746984 —-a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-29 05:07:25 73416 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 05:07:25 696520 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 —-a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 —-a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 —-a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 —-a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 —-a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-13 14:40:52 150880 —-a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-08-10 02:52:16 40288 —-a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-08-09 11:56:42 230240 —-a-w- C:\Windows\System32\drivers\avgloga.sys
2012-07-18 18:15:06 3148800 —-a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 —-a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 —-a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 —-a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 18:46:01,38 ===============
Ben

01-10-2012 19:05

Hallo,
Kijk een beetje uit met die reg en tuneup programma’s die verwijderen wel eens meer dan je lief is.
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
SweetIM;ff
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
Antivirusprikbord.nl
M@ria

01-10-2012 19:50

Zoek.exe Version 3.0.0.3 Updated 30-09-2012
Tool run by marga on ma 01-10-2012 at 19:48:30,69.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== FireFox Fix ======================
ProfilePath: C:\Users\marga\AppData\Roaming\Mozilla\Firefox\Profiles\9tfvtpc9.default
—- Lines SweetIM removed from prefs.js —-
user_pref(“browser.search.defaultenginename”, “SweetIM Search”);
user_pref(“browser.search.selectedEngine”, “SweetIM Search”);
user_pref(“keyword.URL”, “http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10002&q=”);
user_pref(“sweetim.toolbar.Visibility.VisibilityGuardLastUnHide”, “0”);
user_pref(“sweetim.toolbar.Visibility.enable”, “true”);
user_pref(“sweetim.toolbar.Visibility.intervaldays”, “7”);
user_pref(“sweetim.toolbar.cargo”, “3.1010000.10002”);
user_pref(“sweetim.toolbar.cda.DisableOveride.enable”, “true”);
user_pref(“sweetim.toolbar.cda.HideOveride.enable”, “true”);
user_pref(“sweetim.toolbar.cda.RemoveOveride.enable”, “true”);
user_pref(“sweetim.toolbar.dialogs.0.enable”, “true”);
user_pref(“sweetim.toolbar.dialogs.0.handler”, “chrome://sim_toolbar_package/content/optionsdialog-handler.js”);
user_pref(“sweetim.toolbar.dialogs.0.height”, “335”);
user_pref(“sweetim.toolbar.dialogs.0.id”, “id_options_dialog”);
user_pref(“sweetim.toolbar.dialogs.0.title”, “$string.config.label;”);
user_pref(“sweetim.toolbar.dialogs.0.url”, “http://www.sweetim.com/simffbar/options_remote_ff_1_6.html”);
user_pref(“sweetim.toolbar.dialogs.0.width”, “761”);
user_pref(“sweetim.toolbar.dialogs.1.enable”, “true”);
user_pref(“sweetim.toolbar.dialogs.1.handler”, “chrome://sim_toolbar_package/content/exampledialog-handler.js”);
user_pref(“sweetim.toolbar.dialogs.1.height”, “300”);
user_pref(“sweetim.toolbar.dialogs.1.id”, “id_example_dialog”);
user_pref(“sweetim.toolbar.dialogs.1.title”, “Example (unit-test) dialog”);
user_pref(“sweetim.toolbar.dialogs.1.url”, “chrome://sim_toolbar_package/content/exampledialog.html”);
user_pref(“sweetim.toolbar.dialogs.1.width”, “500”);
user_pref(“sweetim.toolbar.dialogs.2.enable”, “true”);
user_pref(“sweetim.toolbar.dialogs.2.handler”, “chrome://sim_toolbar_package/content/cdadialog-handler.js”);
user_pref(“sweetim.toolbar.dialogs.2.height”, “150”);
user_pref(“sweetim.toolbar.dialogs.2.id”, “id_dialog_hide_disable_remove”);
user_pref(“sweetim.toolbar.dialogs.2.title”, “Option Dialog”);
user_pref(“sweetim.toolbar.dialogs.2.url”, “http://www.sweetim.com/simffbar/simcdadialog.asp”);
user_pref(“sweetim.toolbar.dialogs.2.width”, “530”);
user_pref(“sweetim.toolbar.dnscatch.domain-blacklist”, “.*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.*.orkut.com.br/.*|.*login.live.com/.*|.*youtubedownloader.mybrowserbar.com/.*”);
user_pref(“sweetim.toolbar.highlight.colors”, “#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0”);
user_pref(“sweetim.toolbar.logger.ConsoleHandler.MinReportLevel”, “7”);
user_pref(“sweetim.toolbar.logger.FileHandler.FileName”, “ff-toolbar.log”);
user_pref(“sweetim.toolbar.logger.FileHandler.MaxFileSize”, “200000”);
user_pref(“sweetim.toolbar.logger.FileHandler.MinReportLevel”, “7”);
user_pref(“sweetim.toolbar.mode.debug”, “false”);
user_pref(“sweetim.toolbar.previous.browser.search.defaultenginename”, “AVG Secure Search”);
user_pref(“sweetim.toolbar.previous.browser.search.selectedEngine”, “”);
user_pref(“sweetim.toolbar.previous.browser.startup.homepage”, “http://www.flirtmee.nl/chat/admin.php?e=1”);
user_pref(“sweetim.toolbar.previous.keyword.URL”, “http://search.sweetim.com/search.asp?src=2&q=”);
user_pref(“sweetim.toolbar.scripts.0.addcontextdiv”, “true”);
user_pref(“sweetim.toolbar.scripts.0.callback”, “simVerification”);
user_pref(“sweetim.toolbar.scripts.0.domain-blacklist”, “”);
user_pref(“sweetim.toolbar.scripts.0.domain-whitelist”, “http://(www.|apps.)?facebook\\.com.*”);
user_pref(“sweetim.toolbar.scripts.0.elementid”, “id_script_sim_fb”);
user_pref(“sweetim.toolbar.scripts.0.enable”, “true”);
user_pref(“sweetim.toolbar.scripts.0.id”, “id_script_fb”);
user_pref(“sweetim.toolbar.scripts.0.url”, “http://sc.sweetim.com/apps/in/fb/infb.js”);
user_pref(“sweetim.toolbar.scripts.1.addcontextdiv”, “true”);
user_pref(“sweetim.toolbar.scripts.1.callback”, “simVerification”);
user_pref(“sweetim.toolbar.scripts.1.domain-blacklist”, “”);
user_pref(“sweetim.toolbar.scripts.1.domain-whitelist”, “https://(www.|apps.)?facebook\\.com.*”);
user_pref(“sweetim.toolbar.scripts.1.elementid”, “id_script_sim_fb”);
user_pref(“sweetim.toolbar.scripts.1.enable”, “false”);
user_pref(“sweetim.toolbar.scripts.1.id”, “id_script_fb_httpS”);
user_pref(“sweetim.toolbar.scripts.1.url”, “https://sc.sweetim.com/apps/in/fb/infb.js”);
user_pref(“sweetim.toolbar.scripts.2.addcontextdiv”, “false”);
user_pref(“sweetim.toolbar.scripts.2.callback”, “”);
user_pref(“sweetim.toolbar.scripts.2.domain-blacklist”, “.*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*”);
user_pref(“sweetim.toolbar.scripts.2.domain-whitelist”, “”);
user_pref(“sweetim.toolbar.scripts.2.elementid”, “id_predict_include_script”);
user_pref(“sweetim.toolbar.scripts.2.enable”, “false”);
user_pref(“sweetim.toolbar.scripts.2.id”, “id_script_prad”);
user_pref(“sweetim.toolbar.scripts.2.url”, “http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1”);
user_pref(“sweetim.toolbar.search.external”, “”);
user_pref(“sweetim.toolbar.search.history.capacity”, “10”);
user_pref(“sweetim.toolbar.searchguard.enable”, “false”);
user_pref(“sweetim.toolbar.searchguard.initialized_by_rc”, “true”);
user_pref(“sweetim.toolbar.simapp_id”, “{818F08EB-0BC1-11E2-96FA-BCAEC51AFBDE}”);
user_pref(“sweetim.toolbar.urls.homepage”, “http://home.sweetim.com/?crg=3.1010000.10002&barid={818F08EB-0BC1-11E2-96FA-BCAEC51AFBDE}”);
user_pref(“sweetim.toolbar.version”, “1.6.0.3”);
—- Lines SweetIM modified from prefs.js —-
—- FireFox user.js and prefs.js backups —-
prefs_01-10-2012_1949_.backup
Ben

01-10-2012 19:54

Hallo,
Dat ruimt al op.
Hoe staat het nu met de problemen.
Gr.Ben
Antivirusprikbord.nl
M@ria

01-10-2012 20:04

In geen enkele browser nog een toolbar, zoekvenster of gratis emoticons supers!!!
1 van de schoonmaakprogjes heeft helaas wel een programatje van me verwijderd, castlepast pro, zag die waarschijnlijk aan als virus ofzo.
al eens eerder dat programa nieuw moeten kopen toen had cc cleaner hem verwijderd. kost 19.95. maar ja het is niet anders.
Ben super blij ik van die troep af ben, heel erg bedankt Ben!!!
Ben

01-10-2012 20:18

Hallo,
>>>1 van de schoonmaakprogjes heeft helaas wel een programatje van me verwijderd, castlepast pro, zag die waarschijnlijk aan als virus ofzo.
al eens eerder dat programa nieuw moeten kopen toen had cc cleaner hem verwijderd. kost 19.95. maar ja het is niet anders.<<<
Raar want ik heb hier geen comando voor gegeven en zie het nergens in de logjes terug
Maar als je het programma heb gekocht heb je toch een code en kan je het gewoon weer instaleren.
Doe het volgende nog even verwijder de volgende programma's
Zoek.exe van je bureaublad. (rechter muis knop en kies verwijderen)
*Sluit alle openstaande vensters
*Start AdwCleaner en klik Deinstallatie.
*
*Klik op “Ja”
AdwCleaner is nu verwijderd van je pc.
Leeg je prullenbak en maak een nieuw systeemherstelpunten.
•Ga naar Start>Configuratiescherm>Systeem >Systeembeveiliging> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op “configureren” te klikken.
•Klik nu op “verwijderen” om alle herstelpunten te verwijderen.
•Klik op “Toepassen” en “OK“.
•Herstart nu de PC.
Gr.Ben
Antivirusprikbord.nl
fazantje

03-10-2012 09:20

Omdat dit topic is opgelost word het gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer geopend.
Het AV team.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

log

Ben

M@ria

Ben

M@ria

Ben

M@ria

Ben

fazantje