tune up rtl120.bpl

knien

04-01-2013 17:51

Hier het logje. Ik ben nu op twee computer. bezig en merk dat deze ( de laptop waarmee we bezig zijn) een veel langzamere verbinding met internet heeft. Misschien heb je hier iets aan.
Zoek.exe Version 3.0.0.4 Updated 02-January-2013
Tool run by Frans1 on vr 04-01-2013 at 17:42:15,55.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting Files \ Folders ======================
“C:\Windows\System32\uxtuneup.dll” not found
“C:\Windows\System32\TURegOpt.exe” not found
“C:\Windows\System32\authuitu.dll” not found
“C:\Windows\System32\uxtuneup.dll” deleted
“C:\Windows\System32\TURegOpt.exe” deleted
“C:\Windows\System32\authuitu.dll” deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Frans1\AppData\Roaming\Mozilla\Firefox\Profiles\2vd4rjh1.default
- =DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Frans1\AppData\Roaming\Mozilla\Firefox\Profiles\2vd4rjh1.default
3E21E80D10E1033D9C137440554FF724 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6
90ABBBFFD282900CFAAABAB53BEDEBDB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll - Shockwave Flash
F475DAA3CF6D19DA49BE7BAC0A966DB3 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.nl/”
New Values:
“Start Page”=“http://www.google.nl/”
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frans0\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frans1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frans1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Frans1\AppData\Local\Mozilla\Firefox\Profiles\2vd4rjh1.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Frans1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Frans1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
groet frans
Ben

04-01-2013 18:04

Hallo,
Heb je nog Tune up?
Gr.Ben
knien

04-01-2013 18:07

De beide pictogrammen staan op het bureaublad. Zou ik gewoon rechts klikken en ze verwijderen
Ben

04-01-2013 18:08

Hallo,
Dat had ik al voorggesteld:
>>>TuneUp utilities en Tune Up 1 klik onderhoud staan nog altijd op mijn bureaublad<<<
Deze kan je verwijderen ga met het muispeiltje er opstaan > druk rechter knop > kies verwijderen.
http://antivirus.startpagina.nl/prikbord/16226167/16228094/re-tune-up-rtl120bpl#msg-16228094
Gr.Ben
knien

04-01-2013 18:41

Hallo Ben,
Bedankt de twee programma's zijn er af. De laptop is nog altijd niet in orde want hij is langzaam met opstarten en internet doet het soms wel en soms niet. Ik heb de laptop al met een kabel aan de router aangesloten maar dan blijft het probleem het zelfde. Kun jij me hiermee ook helpen?
Groet Frans
Ben

04-01-2013 19:13

Hallo,
We gaan eens verder kijken:
Download ComboFix van >>Hier<<, tevens kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
knien

04-01-2013 19:45

Hallo Ben,
Alles gelukt.
ComboFix 13-01-04.03 - Frans1 04-01-2013 19:33:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3767.2402
Gestart vanuit: c:\users\Frans1\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Frans1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))
.
.
2013-01-04 18:40 . 2013-01-04 18:40 ——– d—–w- c:\users\Frans0\AppData\Local\temp
2013-01-04 18:40 . 2013-01-04 18:40 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-01-04 17:53 . 2013-01-04 17:53 ——– d—–w- c:\programdata\boost_interprocess
2013-01-04 16:44 . 2013-01-04 18:40 ——– d—–w- c:\users\Frans1\AppData\Local\Temp
2013-01-04 16:44 . 2012-11-01 21:55 24064 —-a-w- c:\windows\zoek-delete.exe
2013-01-03 21:48 . 2013-01-03 21:48 ——– d—–w- c:\windows\ERUNT
2013-01-03 20:22 . 2013-01-03 20:22 ——– d—–w- c:\users\Frans1\AppData\Local\Programs
2013-01-03 20:11 . 2013-01-03 20:11 ——– d—–w- c:\users\Frans1\AppData\Local\VS Revo Group
2013-01-03 20:11 . 2009-12-30 10:21 31800 —-a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-03 20:11 . 2013-01-03 20:11 ——– d—–w- c:\program files\VS Revo Group
2013-01-03 20:00 . 2013-01-03 20:00 ——– d-sh–w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-26 13:22 . 2012-12-26 13:22 ——– d—–w- C:\Intel
2012-12-24 18:28 . 2012-11-30 07:57 37216 —-a-w- c:\windows\system32\uxtuneup.dll
2012-12-21 17:43 . 2012-11-30 07:57 34656 —-a-w- c:\windows\system32\TURegOpt.exe
2012-12-21 17:43 . 2012-11-30 07:57 25952 —-a-w- c:\windows\system32\authuitu.dll
2012-12-21 17:41 . 2012-12-21 17:41 ——– d—–w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-21 17:41 . 2012-12-21 17:41 ——– d—–w- c:\program files (x86)\DVDVideoSoft
2012-12-21 17:39 . 2012-12-16 17:11 46080 —-a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:39 . 2012-12-16 14:13 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 17:39 . 2012-12-16 14:45 367616 —-a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:39 . 2012-12-16 14:13 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 11:46 . 2013-01-04 18:16 ——– d—–r- c:\users\Frans1\Dropbox
2012-12-12 11:18 . 2012-11-09 05:45 2048 —-a-w- c:\windows\system32\tzres.dll
2012-12-12 11:18 . 2012-11-09 04:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 11:18 . 2012-11-22 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
2012-12-12 11:14 . 2012-12-12 11:14 ——– d—–w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-08-08 17:29 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:41 . 2011-08-23 14:31 67413224 —-a-w- c:\windows\system32\MRT.exe
2012-11-12 03:47 . 2012-11-12 03:47 312160 —-a-w- c:\windows\system32\drivers\avgldx64.sys
2012-10-16 08:38 . 2012-11-28 10:48 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:48 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:48 561664 —-a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 06:49 . 2012-04-28 16:11 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 06:49 . 2011-08-21 02:26 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 18:17 . 2012-11-15 16:28 55296 —-a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 16:28 226816 —-a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:28 44032 —-a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 16:28 193536 —-a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
“OfficeSyncProcess”=“c:\program files\Microsoft Office\Office14\MSOSYNC.EXE”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe”
.
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“BackupManagerTray”=“c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe”
“LManager”=“c:\program files (x86)\Launch Manager\LManager.exe”
“SMART Board Service”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe”
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“ConnectionCenter”=“c:\program files (x86)\Citrix\ICA Client\concentr.exe”
.
c:\users\Frans1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frans1\AppData\Roaming\Dropbox\bin\Dropbox.exe
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
@=“”
.
@=“”
.
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“HP Software Update”=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
S2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
——— X64 Entries ———–
.
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“Acer ePower Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe”
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Frans1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Frans1\AppData\Roaming\Mozilla\Firefox\Profiles\2vd4rjh1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - ExtSQL: !HIDDEN! 2011-08-26 20:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-VDC_is1 - c:\program files (x86)\Video Download Converter\unins000.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-01-04 19:43:45
ComboFix-quarantined-files.txt 2013-01-04 18:43
.
Pre-Run: 252.405.157.888 bytes beschikbaar
Post-Run: 252.014.985.216 bytes beschikbaar
.
- - End Of File - - BDB059C76E691B2272BDF29EFD61965F
Groetjes Frans
knien

04-01-2013 19:59

Hallo Ben,
Nu op de juiste plek de andere kan ik niet meer weg krijgen
Alles gelukt.
ComboFix 13-01-04.03 - Frans1 04-01-2013 19:33:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3767.2402
Gestart vanuit: c:\users\Frans1\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Frans1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))
.
.
2013-01-04 18:40 . 2013-01-04 18:40 ——– d—–w- c:\users\Frans0\AppData\Local\temp
2013-01-04 18:40 . 2013-01-04 18:40 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-01-04 17:53 . 2013-01-04 17:53 ——– d—–w- c:\programdata\boost_interprocess
2013-01-04 16:44 . 2013-01-04 18:40 ——– d—–w- c:\users\Frans1\AppData\Local\Temp
2013-01-04 16:44 . 2012-11-01 21:55 24064 —-a-w- c:\windows\zoek-delete.exe
2013-01-03 21:48 . 2013-01-03 21:48 ——– d—–w- c:\windows\ERUNT
2013-01-03 20:22 . 2013-01-03 20:22 ——– d—–w- c:\users\Frans1\AppData\Local\Programs
2013-01-03 20:11 . 2013-01-03 20:11 ——– d—–w- c:\users\Frans1\AppData\Local\VS Revo Group
2013-01-03 20:11 . 2009-12-30 10:21 31800 —-a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-03 20:11 . 2013-01-03 20:11 ——– d—–w- c:\program files\VS Revo Group
2013-01-03 20:00 . 2013-01-03 20:00 ——– d-sh–w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-26 13:22 . 2012-12-26 13:22 ——– d—–w- C:\Intel
2012-12-24 18:28 . 2012-11-30 07:57 37216 —-a-w- c:\windows\system32\uxtuneup.dll
2012-12-21 17:43 . 2012-11-30 07:57 34656 —-a-w- c:\windows\system32\TURegOpt.exe
2012-12-21 17:43 . 2012-11-30 07:57 25952 —-a-w- c:\windows\system32\authuitu.dll
2012-12-21 17:41 . 2012-12-21 17:41 ——– d—–w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-21 17:41 . 2012-12-21 17:41 ——– d—–w- c:\program files (x86)\DVDVideoSoft
2012-12-21 17:39 . 2012-12-16 17:11 46080 —-a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:39 . 2012-12-16 14:13 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 17:39 . 2012-12-16 14:45 367616 —-a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:39 . 2012-12-16 14:13 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 11:46 . 2013-01-04 18:16 ——– d—–r- c:\users\Frans1\Dropbox
2012-12-12 11:18 . 2012-11-09 05:45 2048 —-a-w- c:\windows\system32\tzres.dll
2012-12-12 11:18 . 2012-11-09 04:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 11:18 . 2012-11-22 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
2012-12-12 11:14 . 2012-12-12 11:14 ——– d—–w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-08-08 17:29 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:41 . 2011-08-23 14:31 67413224 —-a-w- c:\windows\system32\MRT.exe
2012-11-12 03:47 . 2012-11-12 03:47 312160 —-a-w- c:\windows\system32\drivers\avgldx64.sys
2012-10-16 08:38 . 2012-11-28 10:48 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:48 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:48 561664 —-a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 06:49 . 2012-04-28 16:11 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 06:49 . 2011-08-21 02:26 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 18:17 . 2012-11-15 16:28 55296 —-a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 16:28 226816 —-a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:28 44032 —-a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 16:28 193536 —-a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
“OfficeSyncProcess”=“c:\program files\Microsoft Office\Office14\MSOSYNC.EXE”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe”
.
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“BackupManagerTray”=“c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe”
“LManager”=“c:\program files (x86)\Launch Manager\LManager.exe”
“SMART Board Service”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe”
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“ConnectionCenter”=“c:\program files (x86)\Citrix\ICA Client\concentr.exe”
.
c:\users\Frans1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frans1\AppData\Roaming\Dropbox\bin\Dropbox.exe
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
@=“”
.
@=“”
.
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“HP Software Update”=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
S2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
——— X64 Entries ———–
.
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“Acer ePower Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe”
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Frans1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Frans1\AppData\Roaming\Mozilla\Firefox\Profiles\2vd4rjh1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - ExtSQL: !HIDDEN! 2011-08-26 20:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-VDC_is1 - c:\program files (x86)\Video Download Converter\unins000.exe
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-01-04 19:43:45
ComboFix-quarantined-files.txt 2013-01-04 18:43
.
Pre-Run: 252.405.157.888 bytes beschikbaar
Post-Run: 252.014.985.216 bytes beschikbaar
.
- - End Of File - - BDB059C76E691B2272BDF29EFD61965F
Groetjes Frans
Ben

04-01-2013 20:15

Hallo,
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
File::
c:\windows\system32\uxtuneup.dll
c:\windows\system32\TURegOpt.exe
c:\windows\system32\authuitu.dll
Driver::
UxTuneUp
NetSvc::
UxTuneUp
Folder::
c:\users\Default\AppData\Roaming\TuneUp Software
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord en vertel hoe het gaat.
Gr.Ben
knien

04-01-2013 21:23

Hallo,
Allesw gaat nu snelleer ik denk dat het gerepareerd is.
hieronder het logje
ComboFix 13-01-04.03 - Frans1 04-01-2013 21:10:12.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3767.2282
Gestart vanuit: c:\users\Frans1\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Frans1\Desktop\CFScript.txt.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\windows\system32\authuitu.dll”
“c:\windows\system32\TURegOpt.exe”
“c:\windows\system32\uxtuneup.dll”
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))
.
.
2013-01-04 20:17 . 2013-01-04 20:17 ——– d—–w- c:\users\Frans0\AppData\Local\temp
2013-01-04 20:17 . 2013-01-04 20:17 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-01-04 17:53 . 2013-01-04 17:53 ——– d—–w- c:\programdata\boost_interprocess
2013-01-04 16:44 . 2013-01-04 20:17 ——– d—–w- c:\users\Frans1\AppData\Local\Temp
2013-01-04 16:44 . 2012-11-01 21:55 24064 —-a-w- c:\windows\zoek-delete.exe
2013-01-03 21:48 . 2013-01-03 21:48 ——– d—–w- c:\windows\ERUNT
2013-01-03 20:22 . 2013-01-03 20:22 ——– d—–w- c:\users\Frans1\AppData\Local\Programs
2013-01-03 20:11 . 2013-01-03 20:11 ——– d—–w- c:\users\Frans1\AppData\Local\VS Revo Group
2013-01-03 20:11 . 2009-12-30 10:21 31800 —-a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-03 20:11 . 2013-01-03 20:11 ——– d—–w- c:\program files\VS Revo Group
2013-01-03 20:00 . 2013-01-03 20:00 ——– d-sh–w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-26 13:22 . 2012-12-26 13:22 ——– d—–w- C:\Intel
2012-12-24 18:28 . 2012-11-30 07:57 37216 —-a-w- c:\windows\system32\uxtuneup.dll
2012-12-21 17:43 . 2012-11-30 07:57 34656 —-a-w- c:\windows\system32\TURegOpt.exe
2012-12-21 17:43 . 2012-11-30 07:57 25952 —-a-w- c:\windows\system32\authuitu.dll
2012-12-21 17:41 . 2012-12-21 17:41 ——– d—–w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-21 17:41 . 2012-12-21 17:41 ——– d—–w- c:\program files (x86)\DVDVideoSoft
2012-12-21 17:39 . 2012-12-16 17:11 46080 —-a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:39 . 2012-12-16 14:13 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 17:39 . 2012-12-16 14:45 367616 —-a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:39 . 2012-12-16 14:13 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 11:46 . 2013-01-04 20:04 ——– d—–r- c:\users\Frans1\Dropbox
2012-12-12 11:18 . 2012-11-09 05:45 2048 —-a-w- c:\windows\system32\tzres.dll
2012-12-12 11:18 . 2012-11-09 04:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 11:18 . 2012-11-22 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-08-08 17:29 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:41 . 2011-08-23 14:31 67413224 —-a-w- c:\windows\system32\MRT.exe
2012-11-12 03:47 . 2012-11-12 03:47 312160 —-a-w- c:\windows\system32\drivers\avgldx64.sys
2012-10-16 08:38 . 2012-11-28 10:48 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:48 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:48 561664 —-a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 06:49 . 2012-04-28 16:11 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 06:49 . 2011-08-21 02:26 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 18:17 . 2012-11-15 16:28 55296 —-a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 16:28 226816 —-a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:28 44032 —-a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 16:28 193536 —-a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 129272 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
“OfficeSyncProcess”=“c:\program files\Microsoft Office\Office14\MSOSYNC.EXE”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe”
.
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“BackupManagerTray”=“c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe”
“LManager”=“c:\program files (x86)\Launch Manager\LManager.exe”
“SMART Board Service”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe”
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“ConnectionCenter”=“c:\program files (x86)\Citrix\ICA Client\concentr.exe”
.
c:\users\Frans1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Frans1\AppData\Roaming\Dropbox\bin\Dropbox.exe
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
@=“”
.
@=“”
.
“Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“HP Software Update”=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
S2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
——— X64 Entries ———–
.
.
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
@=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
2012-11-13 23:32 162552 —-a-w- c:\users\Frans1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe”
“Acer ePower Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe”
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Frans1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\Frans1\AppData\Roaming\Mozilla\Firefox\Profiles\2vd4rjh1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - ExtSQL: !HIDDEN! 2011-08-26 20:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-VDC_is1 - c:\program files (x86)\Video Download Converter\unins000.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-01-04 21:20:36
ComboFix-quarantined-files.txt 2013-01-04 20:20
ComboFix2.txt 2013-01-04 20:02
ComboFix3.txt 2013-01-04 18:
.
Pre-Run: 251.809.820.672 bytes beschikbaar
Post-Run: 251.515.891.712 bytes beschikbaart

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

tune up rtl120.bpl

knien

Ben

knien

Ben

knien

Ben

knien

knien

Ben

knien