Antivirus werkt niet meer

Frank

02-07-2013 21:46

Hallo,
Ik heb een USB-Stick gebruikt waarop kennelijk een trojaans paard stond, het is een autorun programma op de stick die het probleem veroorzaakt. Op zich wordt die afgevangen door mijn Avast, dus dat werkte.
Ik wilde alleen toch maar eens het stappenplan van deze site erover heen gooien omdat ik het toch niet helemaal vertrouw.
Geen enkel programma dat in jullie stappenplan staat krijg ik aan de gang. Ik kan ze wel downloaden en op mijn bureaublad plaatsen maar als ik ze daadwerkelijk wil opstarten dan gebeurt er niets, althans niets dat ik kan zien. Ook de onlinescan werkt niet. Eigenlijk werkte alleen Hijackthis maar dat stond dan weer niet in het lijstje.
Zou iemand mij kunnen en willen helpen? Ik heb wel de melding van mijn virusscanner, maar ik weet niet zeker of ik die zomaar kan plaatsen.
Alvast erg bedankt!
Frank
Ben

03-07-2013 09:25

Hallo,
Start MalwareBytes' Anti-Malware Chameleon, meer informatie over het gebruik leest u hier .
• Navigeer hiervoor naar start > (alle) programma's > Malwarebytes' Anti-Malware> Tools en klik op MalwareBytes' Anti-Malware Chameleon.
• Kies hier één van de onderstaande items om Chameleon te starten.
• Lukt dit niet navigeer dan naar de volgende map "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon" en probeer hier dan de volgende bestanden uit te voeren om Chameleon te starten.
• (Firefox.com, Firefox.exe, Firefox.scr, iexplore.exe, mbam-chameleon.com, mbam-chameleon.exe, mbam-chameleon.scr, Rundll32.exe, Rundll32.exe, Svchost.exe, Winlogon.exe)
• Druk in het eerste scherm op een willekeurige toets.
• Chameleon zal nu als eerste een update proberen uit te voeren van Malwarebytes' Anti-Malware.
• Als er geen internet connectie meer mogelijk is door bijvoorbeeld de malware infectie zult u een error melding te zien krijgen, deze kunt u gewoon negeren door op "OK" te klikken.
• Als het updaten wel is gelukt klik dan op "OK"
• Indien dit is gebeurd zal Malwarebytes' Anti-Malware automatisch starten en een snelle scan gaan uitvoeren.
• Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
• Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
• Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
• Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Plaats dat logje en plaats een logje van HijackThis.
Gr.Ben
Frank

03-07-2013 10:27

Hallo,
Ik ben er uiteindelijk in geslaagd om via Chameleon een scan te laten maken, overigens wil het programma nog niet direct opstarten vanaf mijn bureaublad dan moet ik het weer via Chameleon benaderen. Dat log is als volgt:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.07.03.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Frank :: FRANK-PC
3-7-2013 10:06:19
mbam-log-2013-07-03 (10-06-19).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 258176
Verstreken tijd: 7 minuut/minuten,
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Hijackthis krijg ik nu niet meer draaiend. Ik had wel al eerder een log gemaakt en dat volgt hier:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Frank at 2013-07-01 22:41:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 98 GB (21%) free of 461 GB
Total RAM: 4087 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:55, on 1-7-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe
C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Frank.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\Hewlett-Packard\Media\Webcam” UpdateWithCreateOnce “Software\Hewlett-Packard\Media\Webcam”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Hewlett-Packard\Recovery” UpdateWithCreateOnce “Software\CyberLink\PowerRecover”
O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKCU\..\Run: “C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU\..\Run: C:\Users\Frank\AppData\Roaming\39f6\2fe02.js
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: 78a17.js
O4 - Startup: Dropbox.lnk = Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: Verzenden naar &Bluetooth-apparaat… - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RemotePC HOST (remotepc) - Unknown owner - C:\Program Files (x86)\Remote Access Host\RemotePCM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 16839 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
“C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe”
C:\Windows\system32\nvvsvc.exe -session -first
“C:\Program Files\AVAST Software\Avast\AvastSvc.exe”
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
“C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
“C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe”
“C:\Program Files\Bonjour\mDNSResponder.exe”
“C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe”
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
“C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”
“C:\Program Files (x86)\Remote Access Host\RemotePCM.exe”
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
“C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe”
“C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe”
“C:\Program Files\AVAST Software\Avast\setup\avast.setup” /downloadpkgs /noreboot /updatevps /verysilent /session “0” /limitcpu
“C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
WLIDSvcM.exe 3036
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
“C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe”
“C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe”
C:\Windows\system32\SearchIndexer.exe /Embedding
“taskhost.exe”
“C:\Windows\system32\Dwm.exe”
C:\Windows\Explorer.EXE
“C:\Program Files\IDT\WDM\sttray64.exe”
“C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe”
“C:/Users/Frank/AppData/Local/Akamai/netsession_win.exe” –client
“C:\Windows\System32\WScript.exe” “C:\Users\Frank\AppData\Roaming\39f6\2fe02.js”
“C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe”
“C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe”
“C:\Program Files (x86)\Sitecom\Common\RaUI.exe” -s
“C:/Program Files/NVIDIA Corporation/Display/nvtray.exe” -user_has_logged_in 1
“C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”
“C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe”
C:\Windows\system32\wbem\wmiprvse.exe
“C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe”
“C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe” View=show_in_tray
“C:\Program Files\iPod\bin\iPodService.exe”
“C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe” /systemstartup
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe”
taskeng.exe {6C7F5494-501A-4124-8EFD-831257B552CD}
“c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
“c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe”
“c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe”
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe” -Embedding
“C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe” "23260HP Wireless AssistantWLAN: Aan
Bluetooth:UitgeschakeldC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\images\wireless_on.icoC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeSHOWSTATUS"
taskeng.exe {BEBA8AC4-FAD5-442D-9038-95D8628E6E6E}
“C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /svc
“C:\Program Files\Internet Explorer\iexplore.exe”
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4424 CREDAT:267521 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -Embedding
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4424 CREDAT:3937725 /prefetch:2
“C:\Windows\System32\MsSpellCheckingFacility.exe” -Embedding
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4424 CREDAT:2299238 /prefetch:2
“C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE” SCODEF:4424 CREDAT:922897 /prefetch:2
C:\Windows\system32\sppsvc.exe
“C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3663728046-3339902318-728512482-100020_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3663728046-3339902318-728512482-100020 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon” “1”
“C:\Windows\system32\SearchFilterHost.exe” 0 548 552 560 65536 556
“C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70SB8AAZ\RSITx64.exe”
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HP Photo Creations Communicator.job
C:\Windows\tasks\HPCeeScheduleForFrank.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fb3p5lov.default
“Description”=Adobe® Flash® Player 11.7.700.224 Plugin
“Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
“Description”=Adobe Shockwave Player
“Path”=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
“Description”=
“Path”=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
“Description”=Java™ Deployment Toolkit
“Path”=C:\Windows\SysWOW64\npDeployJava1.dll
“Description”=Oracle® Next Generation Java™ Plug-In
“Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
“Description”=Office Live Update v1.5
“Path”=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=WLPG Install MIME type
“Path”=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
“Description”=A component of your photo software powered by RocketLife
“Path”=C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
“Description”=Google Update
“Path”=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
“Description”=VLC Multimedia Plugin
“Path”=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
“Description”=Handles PDFs in-place in Firefox
“Path”=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
“Description”=Adobe® Flash® Player 11.7.700.224 Plugin
“Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll
“Description”=
“Path”=disabled
“Description”=Ag Player Plugin
“Path”=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
======Registry dump======
avast! WebRep - C:\Program F
AVG Safe Search - C:\Program F
Windows Live ID Sign-in Helper - C:\Program F
Java™ Plug-In 2 SSV Helper - C:\Program F
HP Print Enhancer - C:\Program F
Adobe PDF Link Helper - C:\Program F
AVG Safe Search - C:\Program F
Symantec NCO BHO - C:\Program F
Symantec Intrusion Prevention - C:\Program F
Java™ Plug-In SSV Helper - C:\Program F
avast! WebRep - C:\Program F
Aanmeldhulp voor Windows Live ID - C:\Program F
Java™ Plug-In 2 SSV Helper - C:\Program F
HP Smart BHO Class - C:\Program F
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program F
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program F
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program F
“SysTrayApp”=C:\Program F
“Akamai NetSession Interface”=C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe
“EA Core”=C:\Program F
“2fe02”=C:\Users\Frank\AppData\Roaming\39f6\2fe02.js
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Windows\system32\NvCpl.dll
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\Program F
C:\PROGRA~2\Hp\DIGITA~1\bin\hpqtra08.exe
“HPCam_Menu”=c:\Program F
“UpdatePRCShortCut”=C:\Program F
“Easybits Recovery”=C:\Program F
“WirelessAssistant”=C:\Program F
“APSDaemon”=C:\Program F
“HP Software Update”=C:\Program F
“”=
“Adobe Reader Speed Launcher”=C:\Program F
“Adobe ARM”=C:\Program F
“AVG_TRAY”=C:\Program F
“avast”=C:\Program F
“QuickTime Task”=C:\Program F
“SunJavaUpdateSched”=C:\Program F
“iTunesHelper”=C:\Program F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
78a17.js
Dropbox.lnk - C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“{E54729E8-BB3D-4270-9D49-7389EA579090}”=C:\Windows\SysWow64\EZUPBH~1.DLL
“SecurityProviders”=credssp.dll
“DisableLockWorkstation”=0
“DisableChangePassword”=0
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“HideFastUserSwitching”=0
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“wave5”=wdmaud.drv
“midi5”=wdmaud.drv
“mixer5”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“wave3”=wdmaud.drv
“midi3”=wdmaud.drv
“mixer3”=wdmaud.drv
“wave4”=wdmaud.drv
“midi4”=wdmaud.drv
“mixer4”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-07-01 22:41:48 —-D—- C:\rsit
2013-07-01 22:41:48 —-D—- C:\Program Files\trend micro
2013-07-01 18:39:17 —-A—- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-01 18:39:16 —-D—- C:\Program Files\Symantec
2013-07-01 18:39:16 —-D—- C:\Program Files\Common Files\Symantec Shared
2013-07-01 17:26:35 —-A—- C:\Users\Frank\AppData\Roaming\pcouffin.sys
2013-07-01 17:26:35 —-A—- C:\Users\Frank\AppData\Roaming\inst.exe
2013-07-01 17:25:25 —-D—- C:\Program Files (x86)\ESET
2013-06-28 17:01:07 —-SHD—- C:\Users\Frank\AppData\Roaming\39f6
2013-06-28 17:01:07 —-SHD—- C:\38ca0
2013-06-21 17:22:36 —-D—- C:\89162dd95fe763cf66e0
2013-06-16 11:00:59 —-A—- C:\Windows\SYSWOW64\urlmon.dll
2013-06-16 11:00:58 —-A—- C:\Windows\SYSWOW64\iertutil.dll
2013-06-16 11:00:58 —-A—- C:\Windows\system32\urlmon.dll
2013-06-16 11:00:57 —-A—- C:\Windows\SYSWOW64\ieui.dll
2013-06-16 11:00:57 —-A—- C:\Windows\system32\ieui.dll
2013-06-16 11:00:57 —-A—- C:\Windows\system32\iertutil.dll
2013-06-16 11:00:55 —-A—- C:\Windows\SYSWOW64\ieframe.dll
2013-06-16 11:00:54 —-A—- C:\Windows\system32\ieframe.dll
2013-06-16 11:00:52 —-A—- C:\Windows\system32\mshtml.dll
2013-06-16 11:00:49 —-A—- C:\Windows\SYSWOW64\mshtml.dll
2013-06-12 21:05:37 —-A—- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2013-06-12 20:37:41 —-A—- C:\Windows\SYSWOW64\iesetup.dll
2013-06-12 20:37:41 —-A—- C:\Windows\SYSWOW64\iernonce.dll
2013-06-12 20:37:41 —-A—- C:\Windows\system32\iesetup.dll
2013-06-12 20:37:41 —-A—- C:\Windows\system32\iernonce.dll
2013-06-12 20:37:40 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-12 20:37:40 —-A—- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-12 20:37:40 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-12 20:37:40 —-A—- C:\Windows\system32\iesysprep.dll
2013-06-12 20:37:40 —-A—- C:\Windows\system32\ie4uinit.exe
2013-06-12 20:37:37 —-A—- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-12 20:37:37 —-A—- C:\Windows\system32\msfeeds.dll
2013-06-12 20:37:37 —-A—- C:\Windows\system32\jscript.dll
2013-06-12 20:37:36 —-A—- C:\Windows\SYSWOW64\jscript.dll
2013-06-12 20:37:36 —-A—- C:\Windows\system32\jscript9.dll
2013-06-12 20:37:35 —-A—- C:\Windows\SYSWOW64\jscript9.dll
2013-06-12 20:37:31 —-A—- C:\Windows\system32\jsproxy.dll
2013-06-12 20:37:30 —-A—- C:\Windows\SYSWOW64\wininet.dll
2013-06-12 20:37:30 —-A—- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-12 20:37:29 —-A—- C:\Windows\system32\wininet.dll
2013-06-11 20:09:50 —-A—- C:\Windows\system32\drivers\tcpip.sys
2013-06-11 20:09:49 —-A—- C:\Windows\SYSWOW64\win32spl.dll
2013-06-11 20:09:49 —-A—- C:\Windows\system32\win32spl.dll
2013-06-11 20:09:43 —-A—- C:\Windows\system32\cryptdlg.dll
2013-06-11 20:09:42 —-A—- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-11 20:09:37 —-A—- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-11 20:09:37 —-A—- C:\Windows\system32\WindowsCodecs.dll
2013-06-11 20:09:25 —-A—- C:\Windows\SYSWOW64\certutil.exe
2013-06-11 20:09:25 —-A—- C:\Windows\system32\crypt32.dll
2013-06-11 20:09:25 —-A—- C:\Windows\system32\certutil.exe
2013-06-11 20:09:24 —-A—- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-11 20:09:24 —-A—- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-11 20:09:24 —-A—- C:\Windows\SYSWOW64\crypt32.dll
2013-06-11 20:09:24 —-A—- C:\Windows\SYSWOW64\certenc.dll
2013-06-11 20:09:24 —-A—- C:\Windows\system32\cryptsvc.dll
2013-06-11 20:09:24 —-A—- C:\Windows\system32\cryptnet.dll
2013-06-11 20:09:24 —-A—- C:\Windows\system32\certenc.dll
2013-06-11 20:09:12 —-A—- C:\Windows\system32\d3d11.dll
2013-06-11 20:09:11 —-A—- C:\Windows\SYSWOW64\d3d11.dll
2013-06-04 19:02:33 —-D—- C:\Users\Frank\AppData\Roaming\Wargaming.net
2013-06-03 23:57:46 —-D—- C:\Windows\SYSWOW64\directx
======List of files/folders modified in the last 1 month======
2013-07-01 22:41:48 —-RD—- C:\Program Files
2013-07-01 22:41:08 —-D—- C:\Users\Frank\AppData\Roaming\Dropbox
2013-07-01 22:25:28 —-D—- C:\Windows\system32\NDF
2013-07-01 22:07:43 —-D—- C:\Windows\Temp
2013-07-01 19:04:51 —-D—- C:\Windows\system32\config
2013-07-01 19:00:01 —-D—- C:\ProgramData\NortonInstaller
2013-07-01 18:59:42 —-D—- C:\Program Files (x86)\NortonInstaller
2013-07-01 18:59:03 —-DC—- C:\Windows\system32\DRVSTORE
2013-07-01 18:55:24 —-HD—- C:\ProgramData
2013-07-01 18:55:24 —-A—- C:\ProgramData\HPWALog.txt
2013-07-01 18:55:21 —-D—- C:\Windows\Prefetch
2013-07-01 18:52:05 —-RD—- C:\Users
2013-07-01 18:48:14 —-SHD—- C:\System Volume Information
2013-07-01 18:40:50 —-D—- C:\Windows\system32\Tasks
2013-07-01 18:39:22 —-D—- C:\Windows\System32
2013-07-01 18:39:17 —-D—- C:\Windows\system32\drivers
2013-07-01 18:39:16 —-D—- C:\Program Files\Common Files
2013-07-01 18:38:31 —-D—- C:\ProgramData\Norton
2013-07-01 18:38:31 —-D—- C:\Program Files (x86)\Norton 360 Premier Edition
2013-07-01 18:12:32 —-D—- C:\Program Files (x86)
2013-07-01 18:10:24 —-D—- C:\Windows\system32\DriverStore
2013-07-01 18:10:24 —-D—- C:\Windows\system32\catroot
2013-07-01 18:10:23 —-D—- C:\Windows\inf
2013-07-01 18:09:52 —-D—- C:\Windows\system32\catroot2
2013-07-01 18:07:11 —-D—- C:\ProgramData\Samsung
2013-07-01 18:07:09 —-SHD—- C:\Windows\Installer
2013-07-01 18:07:09 —-HD—- C:\Program Files (x86)\InstallShield Installation Information
2013-07-01 18:07:09 —-D—- C:\Windows\SysWOW64
2013-07-01 18:07:07 —-HD—- C:\Config.Msi
2013-07-01 18:06:13 —-D—- C:\Windows
2013-07-01 18:00:47 —-D—- C:\Program Files (x86)\Google
2013-07-01 17:51:53 —-D—- C:\Windows\Downloaded Program Files
2013-07-01 17:26:35 —-D—- C:\Users\Frank\AppData\Roaming\Vso
2013-06-28 17:00:56 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-06-24 20:23:36 —-D—- C:\Users\Frank\AppData\Roaming\uTorrent
2013-06-23 03:07:00 —-D—- C:\Windows\Microsoft.NET
2013-06-23 03:06:14 —-RSD—- C:\Windows\assembly
2013-06-23 03:00:39 —-D—- C:\Windows\winsxs
2013-06-16 20:10:01 —-D—- C:\Program Files (x86)\Internet Explorer
2013-06-16 20:10:00 —-D—- C:\Program Files\Internet Explorer
2013-06-15 00:12:50 —-D—- C:\Users\Frank\AppData\Roaming\vlc
2013-06-12 21:45:33 —-D—- C:\Windows\rescache
2013-06-12 21:05:53 —-D—- C:\Windows\SYSWOW64\nl-NL
2013-06-12 21:05:52 —-D—- C:\Windows\system32\nl-NL
2013-06-12 21:05:52 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-12 20:38:22 —-A—- C:\Windows\system32\MRT.exe
2013-06-11 20:03:04 —-D—- C:\Users\Frank\AppData\Roaming\Skype
2013-06-05 07:01:13 —-RSD—- C:\Windows\Fonts
2013-06-04 19:45:08 —-D—- C:\ProgramData\Skype
2013-06-04 19:44:59 —-RD—- C:\Program Files (x86)\Skype
2013-06-04 19:44:58 —-D—- C:\Program Files (x86)\Common Files
2013-06-03 23:57:47 —-HD—- C:\Windows\msdownld.tmp
2013-06-03 23:57:47 —-D—- C:\Windows\Logs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys
R3 NETw5s64;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys
S1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx64.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys
S3 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSVia64.sys
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110418.018\ENG64.SYS
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110418.018\EX64.SYS
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys
S3 SRTSP;Symantec Real Time Storage Protection x64; \??\C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
S3 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; \??\C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys
S3 SymDS;Symantec Data Store; \??\C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
S3 SymEFA;Symantec Extended File Attributes; \??\C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
S3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
S3 SymIRON;Symantec Iron Driver; \??\C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
S3 SymNetS;Symantec Network Security WFP Driver; \??\C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program F
R2 avast! Antivirus;avast! Antivirus; C:\Program F
R2 avgwd;AVG WatchDog; C:\Program F
R2 Bonjour Service;Bonjour-service; C:\Program F
R2 btwdins;Bluetooth Service; C:\Program F
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe
R2 gupdate;Google Update-service (gupdate); C:\Program F
R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program F
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 remotepc;RemotePC HOST; C:\Program F
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
R2 WDDMService;WD SmartWare Drive Manager Service; C:\Program F
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program F
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe
R3 hpqwmiex;HP Software Framework Service; C:\Program F
R3 iPod Service;iPod-service; C:\Program F
S2 AVGIDSAgent;AVGIDSAgent; C:\Program F
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 N360;Norton 360; C:\Program F
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program F
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe
S2 SkypeUpdate;Skype Updater; C:\Program F
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 Com4QLBEx;Com4QLBEx; C:\Program F
S3 gupdatem;Google Update-service (gupdatem); C:\Program F
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program F
S3 odserv;Microsoft Office Diagnostics Service; C:\Program F
S3 ose;Office Source Engine; C:\Program F
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Ben

03-07-2013 11:44

Hallo,
Je heb meerdere virusscanners op je pc welke wil je behouden?
Start je pc op in veilige modus en voer daarna het volgende uit:
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
resetIEproxy;
;r
“2fe02”=-;r
;r64
@=-;r64
C:\Users\Frank\AppData\Roaming\39f6;fs
C:\38ca0;fs
C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\78a17.js;f
standardsearch;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Gr.Ben
Frank

03-07-2013 14:08

Hallo Ben,
Dat kostte wat moeite! Op zich wil ik Avast houden. Ik wilde Norton al verwijderen maar als ik dat probeer dan breekt ‘iets’ het installatieproces af.
Het logje vind je hieronder:
Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by Frank on wo 03-07-2013 at 13:42:27,94.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
==== Older Logs ======================
C:\zoek-results03-07-2013-1310.log 271 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3663728046-3339902318-728512482-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4406619F-AEDD-415E-9E7C-1110C67AA617} deleted successfully
HKEY_USERS\S-1-5-21-3663728046-3339902318-728512482-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B6E323D7-C5B3-455A-A51A-26A1BF1B9DAE} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files (x86)\Remote Access Host\RemotePCM.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Users\Frank\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\0
user.js not found
—- Lines Downloader.com removed from prefs.js —-
—- Lines Downloader.com modified from prefs.js —-
—- Lines OneClickDownload removed from prefs.js —-
—- Lines OneClickDownload modified from prefs.js —-
—- FireFox user.js and prefs.js backups —-
prefs_03-07-2013_1347_.backup
ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fb3p5lov.default
user.js not found
—- Lines Downloader.com removed from prefs.js —-
—- Lines Downloader.com modified from prefs.js —-
—- Lines OneClickDownload removed from prefs.js —-
—- Lines OneClickDownload modified from prefs.js —-
—- FireFox user.js and prefs.js backups —-
prefs_03-07-2013_1347_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“2fe02”=-
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
@=-
==== Deleting Files \ Folders ======================
“C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\78a17.js” not found
“C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi” deleted
“C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi” deleted
“C:\ProgramData\ras_0oed.pad” deleted
“C:\ProgramData\HPWALog.txt” deleted
“C:\END” deleted
“C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi” deleted
“C:\Users\Frank\AppData\Roaming\39f6” deleted
“C:\Users\Frank\AppData\Roaming\39f6” deleted
“C:\38ca0” deleted
“C:\Program Files (x86)\Coupons” deleted
“C:\Program Files (x86)\Mario Forever” deleted
“C:\Program Files (x86)\1ClickDownload” deleted
“C:\found.000” deleted
“C:\found.001” deleted
“C:\found.002” deleted
“C:\Users\Frank\AppData\Roaming\iWin” deleted
“C:\ProgramData\StarApp” deleted
“C:\ProgramData\InstallMate” deleted
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever” deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4087 MB
CPU Info: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
CPU Speed: 1597,7 MHz
Sound Card: Not detected
Display Adapters: | RDP Encoder Mirror Driver
Monitors: 1x;
Screen Resolution: 800 X 600 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Intel(R) WiFi Link 5100 AGN | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp DVD RW AD-7561S
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 450,0GB | D: 15,4GB
Hard Disks - Free: C: 94,7GB | D: 2,5GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 09/10/09 | HPQOEM - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Quanta 363C
Internet Explorer Version: 10.0.9200.16618
Sun Java version: 1.7.0_15
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Frank\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-07-03 07:54:50 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-07-01 16:39:17 3071D77E134BF12120058431F6473AFA 7488 —-a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT
2013-07-01 16:39:17 28771B716418BC13E4A84864EFC1B11A 855 —-a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF
2013-07-01 16:39:17 21A1C2D694C3CF962D31F5E873AB3D6F 174200 —-a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS
2013-06-26 16:50:38 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 —-a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum
2013-06-26 16:50:38 2E83D2621E87C493AB45DC6655BA77D4 175 —-a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum
2013-06-11 18:09:50 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 —-a-w- C:\Windows\Sysnative\drivers\tcpip.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-01 20:41:48 ——– d—–w- C:\Program Files\trend micro
======= C:\Program Files (x86) =====
2013-07-01 15:25:25 ——– d—–w- C:\Program Files (x86)\ESET
2013-06-04 17:44:58 ——– d—–w- C:\Program Files (x86)\Common Files\Skype
======= C: =====
====== C:\Users\Frank\AppData\Roaming ======
2013-07-01 20:38:21 97E0EA97320BF16B499B96B475281CD2 36 —-a-w- C:\users\Frank\AppData\Local\housecall.guid.cache
2013-07-01 15:26:35 AF7CE12C4F3DC8CB2B07685C916BBCFE 82816 —-a-w- C:\users\Frank\AppData\Roaming\pcouffin.sys
2013-07-01 15:26:35 7F13C6D2AE5F9D8B41E9D7D6CAD16EAA 1167 —-a-w- C:\users\Frank\AppData\Roaming\pcouffin.inf
2013-07-01 15:26:35 1E7BDB2AC98BCE13AE85C0F6DB1ECCB8 7859 —-a-w- C:\users\Frank\AppData\Roaming\pcouffin.cat
2013-07-01 15:26:35 16E53BFC96CE14021C0E07EB1C198478 99384 —-a-w- C:\users\Frank\AppData\Roaming\inst.exe
2013-06-04 17:02:33 ——– d—–w- C:\users\Frank\AppData\Roaming\Wargaming.net
====== C:\Users\Frank ======
2013-07-03 07:31:23 4400E263874D3762D26B712FDF414C86 914944 —-a-w- C:\Users\Frank\Downloads\RogueKiller(1).exe
2013-07-03 07:30:15 4400E263874D3762D26B712FDF414C86 914944 —-a-w- C:\Users\Frank\Downloads\RogueKiller.exe
2013-07-02 19:30:31 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Frank\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-02 19:27:55 4EF33D516F31BEB1C9847D1FDA69375C 648201 —-a-w- C:\Users\Frank\Desktop\adwcleaner.exe
2013-07-01 15:13:30 15B86AEBC342B42AB5CAFA3E7A743A60 4346816 —-a-w- C:\Users\Frank\Downloads\ccsetup401.exe
2013-06-21 17:09:38 AD039BD721859550F23064D42E7DDA44 1045072 —-a-w- C:\Users\Frank\Downloads\utorrent.exe
2013-06-04 17:44:59 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
====== C: exe-files ==
2013-07-01 20:41:49 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Frank.exe
2013-07-01 20:41:19 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70SB8AAZ\RSITx64.exe
2013-07-01 20:38:02 1FBB338FD54A8E1697488658705BAE05 2406064 —-a-w- C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70SB8AAZ\HousecallLauncher64.exe
2013-07-01 15:25:25 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-07-01 15:25:25 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-07-01 15:25:25 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
=== C: other files ==
2013-07-03 07:54:50 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-03 07:50:04 5EFFB4A8F181D78E281D4F33D599F5EE 1440846 —-a-w- C:\Users\Frank\Desktop\mbam-chameleon-1.62.1.1000.zip
2013-07-01 20:38:45 2CB5A99AE87D92B6C1443B62A858727B 2484 —-a-w- C:\Users\Frank\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2013-07-01 16:39:17 21A1C2D694C3CF962D31F5E873AB3D6F 174200 —-a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-01 16:38:53 C513E8A5E7978DA49077F5484344EE1B 40568 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\srtspx64.sys
2013-07-01 16:38:53 BD0D711D8CBFCAA19CA123306EAF53A5 171128 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\Ironx64.sys
2013-07-01 16:38:53 96AEED40D4D3521568B42027687E69E0 912504 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\SymEFA64.sys
2013-07-01 16:38:53 90EF30C3867BCDE4579C01A6D6E75A7A 744568 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\srtsp64.sys
2013-07-01 16:38:53 81D134628A98A22B6E054E971AF525DC 382584 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\symnets.sys
2013-07-01 16:38:53 6160145C7A87FC7672E8E3B886888176 450680 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\SymDS64.sys
2013-07-01 15:26:35 AF7CE12C4F3DC8CB2B07685C916BBCFE 82816 —-a-w- C:\Users\Frank\AppData\Roaming\pcouffin.sys
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“Akamai NetSession Interface”=“C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe”
“EA Core”=“C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“HPCam_Menu”=“c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe c:\Program Files (x86)\Hewlett-Packard\Media\Webcam UpdateWithCreateOnce Software\Hewlett-Packard\Media\Webcam”
“UpdatePRCShortCut”=“C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover”
“Easybits Recovery”=“C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe”
“WirelessAssistant”=“C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“HP Software Update”=“C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe”
“Adobe Reader Speed Launcher”=“C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“AVG_TRAY”=“C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
“avast”=“C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui”
“QuickTime Task”=“C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“iTunesHelper”=“C:\Program Files (x86)\iTunes\iTunesHelper.exe”
“Malwarebytes Anti-Malware”=“C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent”
“1”=“C:\Users\Frank\Desktop\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p”
“Akamai NetSession Interface”=“C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe”
“EA Core”=“C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent”
==== Startup Registry Enabled x64 ======================
“SysTrayApp”=“C:\Program Files\IDT\WDM\sttray64.exe”
==== Startup Registry Disabled x64 ======================
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe Reader Speed Launcher”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AppleSyncNotifier”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“APSDaemon”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ArcSoft Connection Service”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Corel File Shell Monitor”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Corel\\Corel Paint Shop Pro Photo X2\\CorelIOMonitor.exe”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HP Software Update”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HPADVISOR”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“iTunesHelper”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“LightScribe Control Panel”
“hkey”=“HKCU”
“command”=“C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“NvCplDaemon”
“hkey”=“HKLM”
“command”=“RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QlbCtrl.exe”
“hkey”=“HKLM”
“command”=“C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start”
“key”=“SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“QuickTime Task”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files (x86)\\QuickTime\\QTTask.exe\“ -atboottime”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SmartMenu”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“TomTomHOME.exe”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\“”
“path”=“C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk”
“backup”=“C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup”
“backupExtension”=“.CommonStartup”
“command”=“C:\\PROGRA~2\\Hp\\DIGITA~1\\bin\\hpqtra08.exe ”
“item”=“HP Digital Imaging Monitor”
==== Startup Folders ======================
2012-12-14 23:19:34 1049 —-a-w- C:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2009-10-10 23:38:44 892 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2012-04-20 18:16:44 2059 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
2009-12-26 20:37:07 1995 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk
2010-09-01 22:16:19 1318 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
2010-09-01 22:16:20 1373 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\HP Photo Creations Communicator.job –a—— C:\ProgramData\HP Photo Creations\Communicator.exe
C:\Windows\tasks\HPCeeScheduleForFrank.job –a——
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fb3p5lov.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
31490EDE1F8E56BDFBEC93CFA7AE6761 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
1B197A0ED28DB310AB67591567C3787A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.150.3
3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx
jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click11.crx
ndibdjnfmopecpmkdieinmbadjfpblof - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.nl/”
“Default_Page_URL”=“http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Pavilion&pf=cnnb”
“Search Page”=“http://downloads.phpnuke.org/nl/index.php?rvs=google”
“Search Page”=“http://downloads.phpnuke.org/nl/index.php?rvs=google”
“Search Page”=“http://downloads.phpnuke.org/nl/index.php?rvs=google”
“Tabs”=“http://www.google.com”
“Tabs”=“http://www.google.com”
New Values:
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Start Page”=“http://www.google.nl/”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
“Tabs”=“res://ieframe.dll/tabswelcome.htm”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{EFCE274A-677D-42E3-A85A-C6B5565887E0}”
{4AD026F4-6B38-421C-A215-C4C205069FB5} Unknown Url=“Not_Found”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
{BF7EC5AE-03F5-4F8A-B612-B624995AA9CD} Unknown Url=“Not_Found”
{EFCE274A-677D-42E3-A85A-C6B5565887E0} AOL Zoeken Url=“http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcnnbie7-nl-nl”
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3663728046-3339902318-728512482-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4AD026F4-6B38-421C-A215-C4C205069FB5} deleted successfully
HKEY_USERS\S-1-5-21-3663728046-3339902318-728512482-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BF7EC5AE-03F5-4F8A-B612-B624995AA9CD} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully
==== Reset IE Proxy ======================
Value(s) before fix:
“ProxyOverride”=“*.local;127.0.0.1:9421;”
“ProxyEnable”=dword:00000001
Value(s) after fix:
“ProxyEnable”=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully
==== HijackThis Entries ======================
R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: “c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\Hewlett-Packard\Media\Webcam” UpdateWithCreateOnce “Software\Hewlett-Packard\Media\Webcam”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Hewlett-Packard\Recovery” UpdateWithCreateOnce “Software\CyberLink\PowerRecover”
O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\RunOnce: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: C:\Users\Frank\Desktop\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p
O4 - HKCU\..\Run: “C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: Dropbox.lnk = Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: Verzenden naar &Bluetooth-apparaat… - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RemotePC HOST (remotepc) - Unknown owner - C:\Program Files (x86)\Remote Access Host\RemotePCM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Frank\AppData\Local\Mozilla\Firefox\Profiles\fb3p5lov.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Frank\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on wo 03-07-2013 at 13:59:01,01 ======================
Ben

03-07-2013 14:22
Hallo,
Verwijder nu eerst AVG en Norton.
Gebruik voor Norton de verwijdertool: https://support.norton.com/sp/nl/nl/home/current/solutions/20081008062515NL
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op DDS om de tool te starten.
Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
DDS.txt
Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)
Post het DDS.txt in het volgende bericht.
Gr.Ben
Frank

03-07-2013 15:41

Mijn Norton verwijderen lukt niet zo 1-2-3, ik moet dan eerst iets updaten voor ik er weer inkom maar dat updaten lukt niet.
Het log waar je om vroeg staat hierna:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.15.2
Run by Frank at 15:36:23 on 2013-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4087.2112
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Remote Access Host\RemotePCM.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Sitecom\Common\RaUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uProxyOverride =
uURLSearchHooks: {46735dee-f862-49d1-876d-6382794dc625} -
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\CoIEPlg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: “C:\Users\Frank\AppData\Local\Akamai\netsession_win.exe”
uRun: “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
mRun: “c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe” “c:\Program Files (x86)\Hewlett-Packard\Media\Webcam” UpdateWithCreateOnce “Software\Hewlett-Packard\Media\Webcam”
mRun: “C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Hewlett-Packard\Recovery” UpdateWithCreateOnce “Software\CyberLink\PowerRecover”
mRun: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
mRun: C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”
mRun: “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
mRun: “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
mRun: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mRun: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
StartupFolder: C:\Users\Frank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SITECO~1.LNK - C:\Program Files (x86)\Sitecom\Common\RaUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} - hxxps://download.infotriever.com/bin/ifhelper.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E584EE1A-E458-4BA4-9036-EFA871078213} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E584EE1A-E458-4BA4-9036-EFA871078213}\377796373736F6D6 : DHCPNameServer = 192.168.48.1
TCP: Interfaces\{E584EE1A-E458-4BA4-9036-EFA871078213}\65940535F534C455244454D41425 : DHCPNameServer = 194.179.1.100 194.179.1.101 80.58.0.33
TCP: Interfaces\{E584EE1A-E458-4BA4-9036-EFA871078213}\745554354535F534C455244454D41425 : DHCPNameServer = 80.58.0.33
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck -
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - “C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe”
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\fb3p5lov.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-01 18:40; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn
FF - ExtSQL: 2013-07-01 18:40; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
FF - ExtSQL: !HIDDEN! 2010-08-27 18:52; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
R2 remotepc;RemotePC HOST;C:\Program Files (x86)\Remote Access Host\RemotePCM.exe
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys
R3 NETw5s64;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx64.sys
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
S3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSviA64.sys
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS
S3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360X64\0501000.01D\SymDS64.sys
S3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360X64\0501000.01D\SymEFA64.sys
S3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360X64\0501000.01D\Ironx64.sys
S3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360X64\0501000.01D\symnets.sys
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys
.
=============== Created Last 30 ================
.
2013-07-03 11:59:45 ——– d-sh–w- C:\$RECYCLE.BIN
2013-07-03 11:54:24 24064 —-a-w- C:\Windows\zoek-delete.exe
2013-07-03 11:54:24 ——– d—–w- C:\Users\Frank\AppData\Local\Temp
2013-07-03 07:54:50 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-03 07:54:50 ——– d—–w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 20:41:48 ——– d—–w- C:\Program Files\trend micro
2013-07-01 16:39:17 174200 —-a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-07-01 16:39:16 ——– d—–w- C:\Program Files\Symantec
2013-07-01 16:39:16 ——– d—–w- C:\Program Files\Common Files\Symantec Shared
2013-07-01 16:38:53 912504 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\SymEFA64.sys
2013-07-01 16:38:53 744568 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\srtsp64.sys
2013-07-01 16:38:53 450680 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\SymDS64.sys
2013-07-01 16:38:53 40568 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\srtspx64.sys
2013-07-01 16:38:53 382584 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\symnets.sys
2013-07-01 16:38:53 171128 —-a-r- C:\Windows\System32\drivers\N360X64\0501000.01D\Ironx64.sys
2013-07-01 15:26:35 99384 —-a-w- C:\Users\Frank\AppData\Roaming\inst.exe
2013-07-01 15:26:35 82816 —-a-w- C:\Users\Frank\AppData\Roaming\pcouffin.sys
2013-07-01 15:25:25 ——– d—–w- C:\Program Files (x86)\ESET
2013-06-21 15:22:36 ——– d—–w- C:\89162dd95fe763cf66e0
2013-06-16 09:01:00 2706432 —-a-w- C:\Windows\System32\mshtml.tlb
2013-06-12 19:05:37 9089416 —-a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 18:09:50 1910632 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-04 17:02:33 ——– d—–w- C:\Users\Frank\AppData\Roaming\Wargaming.net
2013-06-03 21:57:46 ——– d—–w- C:\Windows\SysWow64\directx
.
==================== Find3M ====================
.
2013-06-27 19:14:11 189936 —-a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 19:14:10 1030952 —-a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-12 19:05:52 71048 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:05:52 692104 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 11:13:19 2706432 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 —-a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 —-a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 —-a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 —-a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 —-a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 —-a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 —-a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 —-a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 —-a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 —-a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 —-a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 —-a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 —-a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 —-a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 —-a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 —-a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 —-a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 —-a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 —-a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 —-a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 —-a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 —-a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07 72016 —-a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 —-a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 —-a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:59:06 22600 —-a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-05-09 08:58:37 41664 —-a-w- C:\Windows\avastSS.scr
2013-04-26 05:51:36 751104 —-a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 —-a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 —-a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 —-a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 —-a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 —-a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 —-a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 —-a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 —-a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 —-a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 —-a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 —-a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:37:27,41 ===============
Ben

03-07-2013 16:04

Hallo,
En AVG ? krijg je die ook niet weg.
Ga ik kijken of ik je kan helpen:
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Norton 360 Premier Edition;a
AVG;a
Symantec;aa
{46735dee-f862-49d1-876d-6382794dc625};c
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Gr.Ben
Frank

03-07-2013 16:08

Oeps, sorry. Ik zat nog wat te vogelen en inmiddels zijn Norton en AVG verwijderd. Wil je een nieuw log?
Ben

03-07-2013 16:09

Hallo,
Mooi dat het is gelukt (tu)
Ja plaats een nieuw DDS logje.
Gr.Ben

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Antivirus werkt niet meer

Frank

Ben

Frank

Ben

Frank

Ben

Frank

Ben

Frank

Ben