Microsoft office documenten zijn niet te lezen

  • Frans54

    Als ik een word of een excel document open dan krijg ik de volgende melding.

    File is encrypted

    This file can be decrypted using the program DirtyDecrypt.exe

    Press CTRL+ALT+D to run DirtyDecrypt.exe

    If DirtyDecrypt.exe not opened сheck the paths:

    C:\Program Files\Dirty\DirtyDecrypt.exe

    C:\Program Files (x86)\Dirty\DirtyDecrypt.exe

    C:\Users\\AppData\Roaming\Dirty\DirtyDecrypt.exe

    C:\Documents and Settings\\Application Data\Dirty\DirtyDecrypt.exe

    C:\Documents and Settings\\Local Settings\Application Data\Dirty\DirtyDecrypt.exe

    Ik heb de aanwijzingen gevolgd en stuur hierbij de logjes.

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Databaseversie: v2013.07.27.02

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 10.0.9200.16635

    Frans :: FRANS-PC

    27-7-2013 14:47:01

    mbam-log-2013-07-27 (14-47-01).txt

    Scan type: Snelle scan

    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scan opties: P2P

    Objecten gescand: 223531

    Verstreken tijd: 5 minuut/minuten, 17 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 3

    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 1

    C:\Users\Frans\AppData\Roaming\Dirty (Trojan.Ransom) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 16

    C:\Users\Frans\AppData\Local\Temp\0JtKbrZv.zip.part (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\0OtCUnXU.zip.part (Trojan.FakeAlert.ED) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\5wNo2+ql.exe.part (Trojan.FakeAlert.RRE) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\aG8Pniqx.exe.part (Trojan.FakeAlert.RRE) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\df_YbDW_.exe.part (Trojan.FakeAlert.RRE) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\e4xm7Yf6.exe.part (Trojan.Ransom) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\esyaWlEK.exe.part (Trojan.Agent.rfz) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\IzlPELY9.exe.part (Malware.Packer.rf) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\oEdWk+Yx.exe.part (Trojan.FakeAlert.RRE) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\RCOSMIQD.exe.part (Trojan.Agent.rf) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\sWKJae+5.exe.part (Trojan.Ransom.Foreign) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\t4eHNqIj.exe.part (Malware.Packer.rf) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\uZgj8xgb.exe.part (Malware.Packer.rf) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\WE0h3MSM.exe.part (Trojan.Agent.rf2) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Local\Temp\xNfn41aq.zip.part (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

    C:\Users\Frans\AppData\Roaming\Dirty\alertwall.jpg (Trojan.Ransom) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

    # AdwCleaner v2.306 - Verslag gemaakt op 27/07/2013 om 14:39:20

    # Geactualiseerd op 19/07/2013 door Xplode

    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Gebruiker : Frans - FRANS-PC

    # Opstarten Modus : Normale modus

    # Gelanceerd vanaf : C:\Users\Frans\Desktop\adwcleaner.exe

    # Optie

    ***** *****

    ***** *****

    ***** *****

    Sleutel Verwijderd : HKCU\Software\InstallCore

    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

    ***** *****

    -\\ Internet Explorer v10.0.9200.16635

    Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v22.0 (nl)

    File : C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\prefs.js

    De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner.txt - -

    ########## EOF - C:\AdwCleaner.txt - ##########

    Logfile of random's system information tool 1.09 (written by random/random)

    Run by Frans at 2013-07-27 17:38:17

    Microsoft Windows 7 Home Premium Service Pack 1

    System drive C: has 525 GB (56%) free of 941 GB

    Total RAM: 6071 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:38:24, on 27-7-2013

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v10.0 (10.00.9200.16635)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files (x86)\Sitecom\Common\RaUI.exe

    C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

    C:\Program Files (x86)\AVG\AVG2013\avgui.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files\trend micro\Frans.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

    O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY

    O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe

    O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

    O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Hitachi Backup Service (HitachiBackupService) - Hitachi GST - C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe

    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe

    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: SessionLauncher - Unknown owner - C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (file missing)

    O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 11568 bytes

    ======Listing Processes======

    \SystemRoot\System32\smss.exe

    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /boot

    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=96fcc700-cea9-4661-a754-dd336a615271 /coreSdkOptions=4382 /logConfFile=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\a8299f4e-45fd-4511-88aa-9d698c2ccb15-1b8-oopp.tmp” /loggerName=AVG.RS.Core /binaryPath=“C:\Program Files (x86)\AVG\AVG2013\” /registryPath=“SYSTEM\CurrentControlSet\Services\Avg\Avg2013” /tempPath=“C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\”

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    wininit.exe

    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

    winlogon.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    atieclxx

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\WLANExt.exe 32288400

    \??\C:\Windows\system32\conhost.exe "14319932071006546571-1539312243-1032348327-1034367526257447274601953940-1752243186

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe”

    “taskhost.exe”

    “C:\Windows\system32\Dwm.exe”

    C:\Windows\Explorer.EXE

    “C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe”

    “C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe”

    “C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE”

    C:\Windows\SysWOW64\svchost.exe -k netsvcs

    “C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe”

    “c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe”

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    “C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe”

    “C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe”

    “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe”

    “C:\Program Files (x86)\AVG\AVG2013\avgemca.exe”

    “C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe”

    “C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe”

    C:\Windows\system32\svchost.exe -k imgsvc

    “C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”

    “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe”

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

    “C:\Windows\System32\WUDFHost.exe” -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7ae5ab2f-fd8f-4c3d-b133-3d5e4080ffdf -SystemEventPortName:HostProcess-e4c0586e-cf30-4ed7-a47b-a78a044dd666 -IoCancelEventPortName:HostProcess-65eba6fa-7421-4f8a-8b61-f14574044b04 -NonStateChangingEventPortName:HostProcess-ff2e3ff1-1143-4310-a381-6e337c1a2ed8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3d02395a-e31d-4fc0-84d3-6372f4edcd80 -DeviceGroupId:WpdFsGroup

    “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe”

    “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray

    “C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe” /background

    “C:\Program Files\Logitech\SetPointP\SetPoint.exe” /launchGaming

    “C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun

    “C:\Program Files (x86)\Sitecom\Common\RaUI.exe” -s

    “C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe”

    “C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe”

    “C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”

    KHALMNPR.EXE /API

    “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”

    “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY

    “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe”

    C:\Windows\system32\SearchIndexer.exe /Embedding

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    “C:\Program Files\Windows Media Player\wmpnetwk.exe”

    taskeng.exe {47B3BC07-13EF-422D-9290-FB8ABD59AD12}

    “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe” Local\{FB2BE47E-274C-4DF1-9551-4D0348D29490}

    “c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”

    “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM”

    “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe” 0

    “C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe”

    “C:\Program Files (x86)\Mozilla Firefox\firefox.exe”

    C:\Windows\system32\svchost.exe -k defragsvc

    “C:\Windows\system32\SearchProtocolHost.exe” Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 “Software\Microsoft\Windows Search” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)” “C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc” “DownLevelDaemon”

    “C:\Windows\system32\SearchFilterHost.exe” 0 528 532 540 65536 536

    “C:\Users\Frans\Desktop\RSITx64.exe”

    C:\Windows\system32\wbem\wmiprvse.exe

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    C:\Windows\tasks\HP Photo Creations Messager.job

    C:\Windows\tasks\HPCeeScheduleForFRANS-PC$.job

    C:\Windows\tasks\PCDRScheduledMaintenance.job

    =========Mozilla firefox=========

    ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default

    prefs.js - “browser.startup.homepage” - “http://www.geocaching.com/”

    prefs.js - “extensions.enabledItems” - “{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3, DeviceDetection@logitech.com:1.20.0.66, avg@igeared:6.103.018.001, {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15”

    “Description”=Adobe® Flash® Player 11.8.800.94 Plugin

    “Path”=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

    “Description”=Canon MycameraPlugin

    “Path”=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

    “Description”=Garmin GPS Control for Firefox

    “Path”=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

    “Description”=Google Earth in your browser

    “Path”=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    “Description”=Java™ Deployment Toolkit

    “Path”=C:\Windows\SysWOW64\npDeployJava1.dll

    “Description”=Oracle® Next Generation Java™ Plug-In

    “Path”=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

    “Description”=

    “Path”=disabled

    “Description”=Ag Player Plugin

    “Path”=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

    “Description”=Google Update

    “Path”=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

    “Description”=Google Update

    “Path”=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

    “Description”=Handles PDFs in-place in Firefox

    “Path”=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

    “Description”=

    “Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

    “Description”=Adobe® Flash® Player 11.8.800.94 Plugin

    “Path”=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll

    “Description”=

    “Path”=disabled

    “Description”=Ag Player Plugin

    “Path”=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

    “Description”=

    “Path”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

    “Description”=

    “Path”=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll

    C:\Program Files (x86)\Mozilla Firefox\extensions\

    {972ce4c6-7e08-4474-a285-3208198ce6fd}

    C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\extensions\

    DeviceDetection@logitech.com

    {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

    C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\searchplugins\

    Startpins.xml

    ======Registry dump======

    Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

    Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

    Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

    “SmartMenu”=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    “PC-Doctor for Windows localizer”=C:\Program Files\PC-Doctor for Windows\localizer.exe

    “AdobeAAMUpdater-1.0”=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

    “EvtMgr6”=C:\Program Files\Logitech\SetPointP\SetPoint.exe

    “Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe

    “hpsysdrv”=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

    “IAStorIcon”=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    “StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    “Easybits Recovery”=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

    “RoxWatchTray”=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

    “AVG_UI”=C:\Program Files (x86)\AVG\AVG2013\avgui.exe

    “SwitchBoard”=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    “AdobeCS6ServiceManager”=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe

    “SunJavaUpdateSched”=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    “Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    Sitecom Wireless Utility.lnk - C:\Program Files (x86)\Sitecom\Common\RaUI.exe

    Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableLUA”=0

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “EnableSecureUIAPath”=1

    “NoDrives”=0

    “NoDrives”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

    “wave1”=wdmaud.drv

    “midi1”=wdmaud.drv

    “mixer1”=wdmaud.drv

    “aux1”=wdmaud.drv

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “wave2”=wdmaud.drv

    “midi2”=wdmaud.drv

    “mixer2”=wdmaud.drv

    “aux2”=wdmaud.drv

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 1 month======

    2013-07-27 17:38:17 —-D—- C:\rsit

    2013-07-27 15:01:12 —-D—- C:\Program Files (x86)\ESET

    2013-07-27 14:46:07 —-D—- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2013-07-27 14:46:07 —-A—- C:\Windows\system32\drivers\mbam.sys

    2013-07-27 14:39:20 —-A—- C:\AdwCleaner.txt

    2013-07-27 14:29:11 —-D—- C:\Program Files (x86)\Microsoft Visual Studio

    2013-07-27 14:26:54 —-SHD—- C:\Config.Msi

    2013-07-20 15:57:17 —-D—- C:\Program Files (x86)\GCTool

    2013-07-10 17:06:06 —-A—- C:\Windows\SYSWOW64\ieui.dll

    2013-07-10 17:06:05 —-A—- C:\Windows\SYSWOW64\iesetup.dll

    2013-07-10 17:06:05 —-A—- C:\Windows\system32\ieui.dll

    2013-07-10 17:06:05 —-A—- C:\Windows\system32\iesetup.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe

    2013-07-10 17:06:04 —-A—- C:\Windows\SYSWOW64\msfeeds.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\SYSWOW64\iesysprep.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\SYSWOW64\iertutil.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\SYSWOW64\iernonce.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\system32\RegisterIEPKEYs.exe

    2013-07-10 17:06:04 —-A—- C:\Windows\system32\iesysprep.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\system32\iertutil.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\system32\iernonce.dll

    2013-07-10 17:06:04 —-A—- C:\Windows\system32\ie4uinit.exe

    2013-07-10 17:06:03 —-A—- C:\Windows\SYSWOW64\jscript.dll

    2013-07-10 17:06:03 —-A—- C:\Windows\system32\msfeeds.dll

    2013-07-10 17:06:03 —-A—- C:\Windows\system32\jscript9.dll

    2013-07-10 17:06:03 —-A—- C:\Windows\system32\jscript.dll

    2013-07-10 17:06:02 —-A—- C:\Windows\SYSWOW64\urlmon.dll

    2013-07-10 17:06:02 —-A—- C:\Windows\SYSWOW64\jscript9.dll

    2013-07-10 17:06:02 —-A—- C:\Windows\system32\urlmon.dll

    2013-07-10 17:06:01 —-A—- C:\Windows\SYSWOW64\wininet.dll

    2013-07-10 17:06:01 —-A—- C:\Windows\SYSWOW64\jsproxy.dll

    2013-07-10 17:06:01 —-A—- C:\Windows\system32\jsproxy.dll

    2013-07-10 17:06:00 —-A—- C:\Windows\system32\wininet.dll

    2013-07-10 17:05:59 —-A—- C:\Windows\SYSWOW64\ieframe.dll

    2013-07-10 17:05:58 —-A—- C:\Windows\system32\mshtml.dll

    2013-07-10 17:05:58 —-A—- C:\Windows\system32\ieframe.dll

    2013-07-10 17:05:56 —-A—- C:\Windows\SYSWOW64\mshtml.dll

    2013-07-10 16:16:11 —-A—- C:\Windows\SYSWOW64\qedit.dll

    2013-07-10 16:16:11 —-A—- C:\Windows\system32\qedit.dll

    2013-07-10 16:16:09 —-A—- C:\Windows\SYSWOW64\WMVDECOD.DLL

    2013-07-10 16:16:09 —-A—- C:\Windows\system32\WMVDECOD.DLL

    2013-07-10 16:15:44 —-A—- C:\Windows\system32\win32k.sys

    2013-07-10 16:15:21 —-A—- C:\Windows\SYSWOW64\DWrite.dll

    2013-07-10 16:15:21 —-A—- C:\Windows\system32\DWrite.dll

    2013-07-04 16:42:39 —-D—- C:\Program Files (x86)\Mozilla Firefox

    ======List of files/folders modified in the last 1 month======

    2013-07-27 17:38:23 —-D—- C:\Program Files\trend micro

    2013-07-27 17:26:24 —-D—- C:\Windows\Temp

    2013-07-27 17:15:10 —-D—- C:\Windows\Prefetch

    2013-07-27 15:08:49 —-D—- C:\Windows\system32\config

    2013-07-27 15:01:12 —-RD—- C:\Program Files (x86)

    2013-07-27 14:55:38 —-D—- C:\Windows\SYSWOW64\drivers

    2013-07-27 14:46:11 —-D—- C:\Windows\system32\drivers

    2013-07-27 14:30:06 —-SHD—- C:\Windows\Installer

    2013-07-27 14:29:57 —-D—- C:\ProgramData\Microsoft Help

    2013-07-27 14:29:45 —-D—- C:\Windows\SysWOW64

    2013-07-27 14:29:31 —-RSD—- C:\Windows\Fonts

    2013-07-27 14:29:21 —-D—- C:\Program Files (x86)\Microsoft Works

    2013-07-27 14:29:21 —-D—- C:\Program Files (x86)\Common Files

    2013-07-27 14:27:24 —-D—- C:\Windows\ShellNew

    2013-07-27 14:27:19 —-A—- C:\Windows\win.ini

    2013-07-27 14:25:52 —-SHD—- C:\System Volume Information

    2013-07-27 13:35:22 —-D—- C:\Windows\System32

    2013-07-27 13:35:22 —-D—- C:\Windows\inf

    2013-07-27 13:35:22 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2013-07-27 13:25:02 —-D—- C:\ProgramData\MFAData

    2013-07-27 06:56:18 —-A—- C:\Windows\SYSWOW64\PerfStringBackup.INI

    2013-07-25 16:53:59 —-RD—- C:\Program Files (x86)\Online Services

    2013-07-25 16:53:59 —-HD—- C:\Program Files (x86)\Uninstall Information

    2013-07-25 16:53:59 —-HD—- C:\Program Files (x86)\Temp

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\WinGDB3

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Windows Photo Viewer

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Windows Media Player

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Windows Mail

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Windows Defender

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Reference Assemblies

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Realtek

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\ProtectDisc Driver Installer

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Oracle

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\MSBuild

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\MozBackup

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Microsoft Sync Framework

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Microsoft Silverlight

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Microsoft Office

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Java

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Intel

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\HP Photo Creations

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Garmin

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\EasyBits For Kids

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Datacolor

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\Cyberlink

    2013-07-25 16:53:59 —-D—- C:\Program Files (x86)\ATI Technologies

    2013-07-22 16:26:47 —-A—- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

    2013-07-22 16:25:39 —-D—- C:\Users\Frans\AppData\Roaming\HpUpdate

    2013-07-22 16:25:39 —-D—- C:\Users\Frans\AppData\Roaming\HP Support Assistant

    2013-07-15 16:14:58 —-D—- C:\Windows\Tasks

    2013-07-15 16:14:58 —-D—- C:\Windows\system32\Tasks

    2013-07-15 16:08:32 —-A—- C:\Windows\SYSWOW64\FlashPlayerApp.exe

    2013-07-12 09:29:25 —-RSD—- C:\Windows\assembly

    2013-07-12 09:29:25 —-D—- C:\Windows\Microsoft.NET

    2013-07-11 16:07:54 —-D—- C:\Windows\winsxs

    2013-07-11 16:05:49 —-D—- C:\Program Files\Windows Defender

    2013-07-11 16:05:48 —-D—- C:\Program Files (x86)\Internet Explorer

    2013-07-11 16:05:45 —-D—- C:\Program Files\Internet Explorer

    2013-07-11 16:05:42 —-D—- C:\Program Files\Windows Journal

    2013-07-11 16:05:30 —-D—- C:\Program Files\Microsoft Silverlight

    2013-07-10 17:07:40 —-A—- C:\Windows\system32\MRT.exe

    2013-07-10 17:06:20 —-D—- C:\Windows\system32\catroot2

    2013-07-10 17:06:20 —-D—- C:\Windows\system32\catroot

    2013-07-08 11:47:19 —-D—- C:\Program Files (x86)\Adobe Media Player

    2013-07-05 08:07:07 —-D—- C:\Program Files (x86)\Mozilla Maintenance Service

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys

    R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys

    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys

    R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys

    R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys

    R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys

    R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys

    R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys

    R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys

    R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

    R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys

    R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys

    R2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys

    R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys

    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys

    R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys

    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys

    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys

    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys

    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys

    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys

    R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys

    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys

    R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTUSB64.SYS

    R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys

    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys

    S1 A2DDA;A2 Direct Disk Access Support Driver; \??\K:\EmsisoftEmergencyKit\Run\a2ddax64.sys

    S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys

    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys

    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys

    S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys

    S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    S3 Spyder3;Datacolor Spyder3; C:\Windows\system32\DRIVERS\Spyder3.sys

    S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe

    R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

    R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

    R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe

    R2 HitachiBackupService;Hitachi Backup Service; C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe

    R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe

    R2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

    R3 RoxMediaDB10;RoxMediaDB10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

    S2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

    S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

    S2 SessionLauncher;SessionLauncher; C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe

    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

    S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

    S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

    S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    —————–EOF—————–

    Kan iemand mij hiermee helpen?

  • fazantje

    Hoi Frans,

    Sorry voor de late reactie, maar ik ben net thuis van mijn werk en de rest is op vakantie.

    MBAM en ADWcleaner hebben al een groot deel verwijderd, zo als je misschien al hebt gezien.

    We gaan even nog dieper kijken, want er zit nog meer rotzooi in.

    Download Combofix hier en plaats het op jou bureaublad.

    Schakel nu eerst jou virusscanner uit. Deze gaat weer aan nadat computer opnieuw is opgestart.

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

    want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt

    van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe

    Volg de instructies, aanvaard de disclaimer.

    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats in jou volgende bericht het logje van Combofix en vertel hoe het nu gaat.

    Succes,

    Huib;)

  • Frans54

    ComboFix gedraaid maar helaas zijn er geen veranderingen

    onderstaand de log.

    Ik ga nu naar bed, morgen ochtend ga ik weer verder.

    ComboFix 13-07-27.01 - Frans 27-07-2013 23:01:11.1.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6071.4748

    Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe

    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 ))))))))))))))))))))))))))))))

    .

    .

    2013-07-27 21:09 . 2013-07-27 21:09 ——– d—–w- c:\users\Public\AppData\Local\temp

    2013-07-27 21:09 . 2013-07-27 21:09 ——– d—–w- c:\users\Default\AppData\Local\temp

    2013-07-27 15:38 . 2013-07-27 15:40 ——– d—–w- C:\rsit

    2013-07-27 12:46 . 2013-07-27 12:46 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2013-07-27 12:46 . 2013-04-04 12:50 25928 —-a-w- c:\windows\system32\drivers\mbam.sys

    2013-07-25 14:38 . 2013-07-25 14:38 ——– d—–w- c:\users\Frans\AppData\Local\kIvwoQsE

    2013-07-25 14:38 . 2013-07-25 14:53 ——– d—–w- c:\users\Frans\AppData\Local\Dirty

    2013-07-25 14:38 . 2013-07-25 14:38 ——– d—–w- c:\users\Frans\AppData\Local\sPoYELNv

    2013-07-20 13:58 . 2013-07-20 13:58 ——– d—–w- c:\users\Frans\AppData\Local\By_Gpsgek

    2013-07-20 13:57 . 2013-07-20 13:57 ——– d—–w- c:\program files (x86)\GCTool

    2013-07-10 15:05 . 2013-06-11 23:25 19238912 —-a-w- c:\windows\system32\mshtml.dll

    2013-07-10 15:05 . 2013-06-11 23:25 15404032 —-a-w- c:\windows\system32\ieframe.dll

    2013-07-10 14:16 . 2013-05-27 05:50 1011712 —-a-w- c:\program files\Windows Defender\MpSvc.dll

    2013-07-10 14:16 . 2013-05-27 05:50 571904 —-a-w- c:\program files\Windows Defender\MpClient.dll

    2013-07-10 14:16 . 2013-06-04 06:00 624128 —-a-w- c:\windows\system32\qedit.dll

    2013-07-10 14:16 . 2013-06-04 04:53 509440 —-a-w- c:\windows\SysWow64\qedit.dll

    2013-07-10 14:16 . 2013-05-27 05:50 314880 —-a-w- c:\program files\Windows Defender\MpCommu.dll

    2013-07-10 14:16 . 2013-05-27 04:57 4608 —-a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

    2013-07-10 14:16 . 2013-05-27 04:57 54784 —-a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

    2013-07-10 14:16 . 2013-05-27 04:57 392704 —-a-w- c:\program files (x86)\Windows Defender\MpClient.dll

    2013-07-10 14:16 . 2013-05-27 03:15 9216 —-a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

    2013-07-10 14:16 . 2013-05-06 06:03 1887744 —-a-w- c:\windows\system32\WMVDECOD.DLL

    2013-07-10 14:16 . 2013-05-06 04:56 1620480 —-a-w- c:\windows\SysWow64\WMVDECOD.DLL

    2013-07-10 14:15 . 2013-06-05 03:34 3153920 —-a-w- c:\windows\system32\win32k.sys

    2013-07-10 14:15 . 2013-04-10 05:48 1732608 —-a-w- c:\program files\Windows Journal\NBDoc.DLL

    2013-07-10 14:15 . 2013-04-10 05:46 1402880 —-a-w- c:\program files\Windows Journal\JNWDRV.dll

    2013-07-10 14:15 . 2013-04-10 05:46 1393152 —-a-w- c:\program files\Windows Journal\JNTFiltr.dll

    2013-07-10 14:15 . 2013-04-10 05:46 1367040 —-a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

    2013-07-10 14:15 . 2013-04-10 05:03 936448 —-a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

    2013-07-10 14:15 . 2013-04-09 23:34 1247744 —-a-w- c:\windows\SysWow64\DWrite.dll

    2013-07-10 14:15 . 2013-04-02 22:51 1643520 —-a-w- c:\windows\system32\DWrite.dll

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-07-15 14:08 . 2012-07-14 22:19 71048 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-07-15 14:08 . 2012-07-14 22:19 692104 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-07-10 15:07 . 2012-07-16 01:52 78185248 —-a-w- c:\windows\system32\MRT.exe

    2013-06-14 12:30 . 2013-06-14 12:30 53248 —-a-r- c:\users\Frans\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

    2013-06-14 12:30 . 2012-07-15 09:12 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys

    2013-06-12 19:48 . 2012-07-18 19:02 867240 —-a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-06-12 19:48 . 2012-07-18 19:02 789416 —-a-w- c:\windows\SysWow64\deployJava1.dll

    2013-06-12 19:47 . 2013-06-19 14:43 96168 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-05-28 16:29 . 2013-05-28 16:34 24064 —-a-w- c:\windows\zoek-delete.exe

    2013-05-24 22:35 . 2013-05-24 22:35 226304 —-a-w- c:\windows\system32\elshyph.dll

    2013-05-24 22:35 . 2013-05-24 22:35 185344 —-a-w- c:\windows\SysWow64\elshyph.dll

    2013-05-24 22:35 . 2013-05-24 22:35 158720 —-a-w- c:\windows\SysWow64\msls31.dll

    2013-05-24 22:35 . 2013-05-24 22:35 1054720 —-a-w- c:\windows\system32\MsSpellCheckingFacility.exe

    2013-05-24 22:35 . 2013-05-24 22:35 73728 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2013-05-24 22:35 . 2013-05-24 22:35 719360 —-a-w- c:\windows\SysWow64\mshtmlmedia.dll

    2013-05-24 22:35 . 2013-05-24 22:35 523264 —-a-w- c:\windows\SysWow64\vbscript.dll

    2013-05-24 22:35 . 2013-05-24 22:35 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll

    2013-05-24 22:35 . 2013-05-24 22:35 38400 —-a-w- c:\windows\SysWow64\imgutil.dll

    2013-05-24 22:35 . 2013-05-24 22:35 150528 —-a-w- c:\windows\SysWow64\iexpress.exe

    2013-05-24 22:35 . 2013-05-24 22:35 138752 —-a-w- c:\windows\SysWow64\wextract.exe

    2013-05-24 22:35 . 2013-05-24 22:35 137216 —-a-w- c:\windows\SysWow64\ieUnatt.exe

    2013-05-24 22:35 . 2013-05-24 22:35 12800 —-a-w- c:\windows\SysWow64\mshta.exe

    2013-05-24 22:35 . 2013-05-24 22:35 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll

    2013-05-24 22:35 . 2013-05-24 22:35 61952 —-a-w- c:\windows\SysWow64\tdc.ocx

    2013-05-24 22:35 . 2013-05-24 22:35 361984 —-a-w- c:\windows\SysWow64\html.iec

    2013-05-24 22:35 . 2013-05-24 22:35 23040 —-a-w- c:\windows\SysWow64\licmgr10.dll

    2013-05-24 22:35 . 2013-05-24 22:35 197120 —-a-w- c:\windows\system32\msrating.dll

    2013-05-24 22:35 . 2013-05-24 22:35 1441280 —-a-w- c:\windows\SysWow64\inetcpl.cpl

    2013-05-24 22:35 . 2013-05-24 22:35 81408 —-a-w- c:\windows\system32\icardie.dll

    2013-05-24 22:35 . 2013-05-24 22:35 762368 —-a-w- c:\windows\system32\ieapfltr.dll

    2013-05-24 22:35 . 2013-05-24 22:35 452096 —-a-w- c:\windows\system32\dxtmsft.dll

    2013-05-24 22:35 . 2013-05-24 22:35 441856 —-a-w- c:\windows\system32\html.iec

    2013-05-24 22:35 . 2013-05-24 22:35 281600 —-a-w- c:\windows\system32\dxtrans.dll

    2013-05-24 22:35 . 2013-05-24 22:35 216064 —-a-w- c:\windows\system32\msls31.dll

    2013-05-24 22:35 . 2013-05-24 22:35 1400416 —-a-w- c:\windows\system32\ieapfltr.dat

    2013-05-24 22:35 . 2013-05-24 22:35 905728 —-a-w- c:\windows\system32\mshtmlmedia.dll

    2013-05-24 22:35 . 2013-05-24 22:35 270848 —-a-w- c:\windows\system32\iedkcs32.dll

    2013-05-24 22:35 . 2013-05-24 22:35 235008 —-a-w- c:\windows\system32\url.dll

    2013-05-24 22:35 . 2013-05-24 22:35 1509376 —-a-w- c:\windows\system32\inetcpl.cpl

    2013-05-24 22:35 . 2013-05-24 22:35 97280 —-a-w- c:\windows\system32\mshtmled.dll

    2013-05-24 22:35 . 2013-05-24 22:35 599552 —-a-w- c:\windows\system32\vbscript.dll

    2013-05-24 22:35 . 2013-05-24 22:35 27648 —-a-w- c:\windows\system32\licmgr10.dll

    2013-05-24 22:35 . 2013-05-24 22:35 247296 —-a-w- c:\windows\system32\webcheck.dll

    2013-05-24 22:35 . 2013-05-24 22:35 173568 —-a-w- c:\windows\system32\ieUnatt.exe

    2013-05-24 22:35 . 2013-05-24 22:35 167424 —-a-w- c:\windows\system32\iexpress.exe

    2013-05-24 22:35 . 2013-05-24 22:35 149504 —-a-w- c:\windows\system32\occache.dll

    2013-05-24 22:35 . 2013-05-24 22:35 144896 —-a-w- c:\windows\system32\wextract.exe

    2013-05-24 22:35 . 2013-05-24 22:35 102912 —-a-w- c:\windows\system32\inseng.dll

    2013-05-24 22:35 . 2013-05-24 22:35 92160 —-a-w- c:\windows\system32\SetIEInstalledDate.exe

    2013-05-24 22:35 . 2013-05-24 22:35 62976 —-a-w- c:\windows\system32\pngfilt.dll

    2013-05-24 22:35 . 2013-05-24 22:35 52224 —-a-w- c:\windows\system32\msfeedsbs.dll

    2013-05-24 22:35 . 2013-05-24 22:35 51200 —-a-w- c:\windows\system32\imgutil.dll

    2013-05-24 22:35 . 2013-05-24 22:35 48640 —-a-w- c:\windows\system32\mshtmler.dll

    2013-05-24 22:35 . 2013-05-24 22:35 13824 —-a-w- c:\windows\system32\mshta.exe

    2013-05-24 22:35 . 2013-05-24 22:35 136192 —-a-w- c:\windows\system32\iepeers.dll

    2013-05-24 22:35 . 2013-05-24 22:35 135680 —-a-w- c:\windows\system32\IEAdvpack.dll

    2013-05-24 22:35 . 2013-05-24 22:35 12800 —-a-w- c:\windows\system32\msfeedssync.exe

    2013-05-24 22:35 . 2013-05-24 22:35 77312 —-a-w- c:\windows\system32\tdc.ocx

    2013-05-24 22:34 . 2013-05-24 22:34 9728 —ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 5632 —ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 4096 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 4096 —ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3072 —ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 9728 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 5632 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 5632 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 5632 —ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3584 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3584 —ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3072 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3072 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3072 —ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 2560 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 2560 —ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 10752 —ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 10752 —ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

    2013-05-24 22:34 . 2013-05-24 22:34 604160 —-a-w- c:\windows\SysWow64\d3d10level9.dll

    2013-05-24 22:34 . 2013-05-24 22:34 522752 —-a-w- c:\windows\system32\XpsGdiConverter.dll

    2013-05-24 22:34 . 2013-05-24 22:34 465920 —-a-w- c:\windows\system32\WMPhoto.dll

    2013-05-24 22:34 . 2013-05-24 22:34 417792 —-a-w- c:\windows\SysWow64\WMPhoto.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3928064 —-a-w- c:\windows\system32\d2d1.dll

    2013-05-24 22:34 . 2013-05-24 22:34 364544 —-a-w- c:\windows\SysWow64\XpsGdiConverter.dll

    2013-05-24 22:34 . 2013-05-24 22:34 363008 —-a-w- c:\windows\system32\dxgi.dll

    2013-05-24 22:34 . 2013-05-24 22:34 2776576 —-a-w- c:\windows\system32\msmpeg2vdec.dll

    2013-05-24 22:34 . 2013-05-24 22:34 2565120 —-a-w- c:\windows\system32\d3d10warp.dll

    2013-05-24 22:34 . 2013-05-24 22:34 249856 —-a-w- c:\windows\SysWow64\d3d10_1core.dll

    2013-05-24 22:34 . 2013-05-24 22:34 2284544 —-a-w- c:\windows\SysWow64\msmpeg2vdec.dll

    2013-05-24 22:34 . 2013-05-24 22:34 220160 —-a-w- c:\windows\SysWow64\d3d10core.dll

    2013-05-24 22:34 . 2013-05-24 22:34 207872 —-a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

    2013-05-24 22:34 . 2013-05-24 22:34 1682432 —-a-w- c:\windows\system32\XpsPrint.dll

    2013-05-24 22:34 . 2013-05-24 22:34 161792 —-a-w- c:\windows\SysWow64\d3d10_1.dll

    2013-05-24 22:34 . 2013-05-24 22:34 1175552 —-a-w- c:\windows\system32\FntCache.dll

    2013-05-24 22:34 . 2013-05-24 22:34 1158144 —-a-w- c:\windows\SysWow64\XpsPrint.dll

    2013-05-24 22:34 . 2013-05-24 22:34 1080832 —-a-w- c:\windows\SysWow64\d3d10.dll

    2013-05-24 22:34 . 2013-05-24 22:34 296960 —-a-w- c:\windows\system32\d3d10core.dll

    2013-05-24 22:34 . 2013-05-24 22:34 648192 —-a-w- c:\windows\system32\d3d10level9.dll

    2013-05-24 22:34 . 2013-05-24 22:34 3419136 —-a-w- c:\windows\SysWow64\d2d1.dll

    2013-05-24 22:34 . 2013-05-24 22:34 333312 —-a-w- c:\windows\system32\d3d10_1core.dll

    2013-05-24 22:34 . 2013-05-24 22:34 293376 —-a-w- c:\windows\SysWow64\dxgi.dll

    2013-05-24 22:34 . 2013-05-24 22:34 245248 —-a-w- c:\windows\system32\WindowsCodecsExt.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

    .

    “hpsysdrv”=“c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe”

    “IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”

    “StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

    “Easybits Recovery”=“c:\program files (x86)\EasyBits For Kids\ezRecover.exe”

    “RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”

    “AVG_UI”=“c:\program files (x86)\AVG\AVG2013\avgui.exe”

    “SwitchBoard”=“c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”

    “AdobeCS6ServiceManager”=“c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe”

    “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”

    “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\RaUI.exe -s

    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

    .

    “ConsentPromptBehaviorAdmin”= 5 (0x5)

    “ConsentPromptBehaviorUser”= 3 (0x3)

    “EnableLUA”= 0 (0x0)

    “EnableUIADesktopToggle”= 0 (0x0)

    “EnableSecureUIAPath”= 1 (0x1)

    .

    “HP Software Update”=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

    “Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”

    “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”

    .

    R1 A2DDA;A2 Direct Disk Access Support Driver;k:\emsisoftemergencykit\Run\a2ddax64.sys;k:\emsisoftemergencykit\Run\a2ddax64.sys

    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe

    R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe

    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

    R2 SessionLauncher;SessionLauncher;c:\users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe

    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

    R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

    R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys

    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys

    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys

    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys

    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys

    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys

    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys

    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys

    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys

    S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe

    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

    S2 HitachiBackupService;Hitachi Backup Service;c:\program files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe;c:\program files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe

    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

    S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys

    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys

    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys

    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

    S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys

    S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS

    .

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    ezSharedSvc

    .

    Inhoud van de ‘Gedeelde Taken’ map

    .

    2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    .

    2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe

    .

    2013-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe

    .

    2013-07-27 c:\windows\Tasks\HP Photo Creations Messager.job

    - c:\programdata\HP Photo Creations\MessageCheck.exe

    .

    2013-07-23 c:\windows\Tasks\HPCeeScheduleForFRANS-PC$.job

    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    .

    2013-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

    - c:\program files\PC-Doctor for Windows\pcdrcui.exe

    .

    .

    ——— X64 Entries ———–

    .

    .

    “SmartMenu”=“c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe”

    “PC-Doctor for Windows localizer”=“c:\program files\PC-Doctor for Windows\localizer.exe”

    “AdobeAAMUpdater-1.0”=“c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”

    “EvtMgr6”=“c:\program files\Logitech\SetPointP\SetPoint.exe”

    .

    ——- Bijkomende Scan ——-

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.0.1

    FF - ProfilePath - c:\users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.geocaching.com/

    FF - ExtSQL: 2013-06-14 14:30; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt

    .

    - - - - ORPHANS VERWIJDERD - - - -

    .

    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

    .

    .

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    .

    @Denied: (A 2) (Everyone)

    @=“FlashBroker”

    “LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101”

    .

    “Enabled”=dword:00000001

    .

    @=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    .

    @Denied: (A 2) (Everyone)

    @=“IFlashBroker5”

    .

    @=“{00020424-0000-0000-C000-000000000046}”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    “Version”=“1.0”

    .

    @Denied: (A 2) (Everyone)

    @=“FlashBroker”

    “LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101”

    .

    “Enabled”=dword:00000001

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    .

    @Denied: (A 2) (Everyone)

    @=“Shockwave Flash Object”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx”

    “ThreadingModel”=“Apartment”

    .

    @=“0”

    .

    @=“ShockwaveFlash.ShockwaveFlash.11”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1”

    .

    @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”

    .

    @=“1.0”

    .

    @=“ShockwaveFlash.ShockwaveFlash”

    .

    @Denied: (A 2) (Everyone)

    @=“Macromedia Flash Factory Object”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx”

    “ThreadingModel”=“Apartment”

    .

    @=“FlashFactory.FlashFactory.1”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1”

    .

    @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”

    .

    @=“1.0”

    .

    @=“FlashFactory.FlashFactory”

    .

    @Denied: (A 2) (Everyone)

    @=“IFlashBroker5”

    .

    @=“{00020424-0000-0000-C000-000000000046}”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    “Version”=“1.0”

    .

    @Denied: (Full) (Everyone)

    .

    Voltooingstijd: 2013-07-27 23:11:29

    ComboFix-quarantined-files.txt 2013-07-27 21:11

    .

    Pre-Run: 553.700.061.184 bytes beschikbaar

    Post-Run: 553.603.485.696 bytes beschikbaar

    .

    - - End Of File - - 7D5F2E997C58E474D27A155EBEB504DE

    D41D8CD98F00B204E9800998ECF8427E

  • fazantje

    Hoi Frans,

    Download zoek.exe naar het bureaublad.

    Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe.

    * Dubbelklik op Zoek.exe om de tool te starten.

    * Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    firefoxlook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    *Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post nu de inhoud van het geopende logje in het volgende bericht.

    Succes,

    Huib;)

  • Frans54

    Goedemorgen Huib

    hier is mijn nieuwe log.

    Ik kreeg er nog wel de melding bij dat, “reboot is needed to complete zoek.EXE tasks”

    Zoek.exe Version 4.0.0.4 Updated 26-07-2013

    Tool run by Frans on zo 28-07-2013 at 8:07:10,06.

    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Frans\Desktop\zoek.exe

    ==== System Restore Info ======================

    28-7-2013 8:07:54 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================

    ==== Deleting CLSID Registry Values ======================

    ==== Running Processes ======================

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    C:\Windows\SysWOW64\svchost.exe

    C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe

    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe

    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

    C:\Program Files (x86)\Sitecom\Common\RaUI.exe

    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

    C:\Program Files (x86)\AVG\AVG2013\avgui.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Users\Frans\Desktop\zoek.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    ==== Deleting Services ======================

    ==== FireFox Fix ======================

    ProfilePath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default

    user.js not found

    —- Lines toolbar removed from prefs.js —-

    user_pref(“avg.install.client_js_http_src”, “http://toolbar.avg.com/si.js”);

    user_pref(“avg.install.installDirPath”, “C:\\Users\\Frans Blok\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0xu9p7dp.default\\extensions\\avg@toolbar”);

    user_pref(“avg.install.istoolbarsearch”, true);

    —- Lines toolbar modified from prefs.js —-

    —- FireFox user.js and prefs.js backups —-

    prefs_06-01-2013_1148_.backup

    prefs_28-07-2013_0811_.backup

    ==== Deleting Files \ Folders ======================

    “C:\ProgramData\Package Cache” deleted

    ==== System Specs ======================

    Windows: Windows XP Home Edition Service Pack 2 (Build 2600)

    Memory (RAM): 6072 MB

    CPU Info: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz

    CPU Speed: 2997,9 MHz

    Sound Card: Luidsprekers (Realtek High Defi |

    ATI HDMI Output (ATI High Defin |

    Realtek Digital Output (Realtek |

    Display Adapters: ATI Radeon HD 5450 | ATI Radeon HD 5450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 2x; HP 2229h Wide LCD Monitor | HP 2229h Wide LCD Monitor |

    Screen Resolution: 1680 X 1050 - 32 bit

    Network: Network Present

    Network Adapters: 802.11n Wireless PCI Express Card LAN Adapter | Realtek PCIe GBE Family Controller

    CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-H653R

    Ports: COM Ports NOT Present. LPT Port NOT Present.

    Mouse: 16 Button Wheel Mouse Present

    Hard Disks: C: 918,9GB | D: 12,6GB

    Hard Disks - Free: C: 515,7GB | D: 1,7GB

    Manufacturer *: American Megatrends Inc.

    BIOS Info: AT/AT COMPATIBLE | 06/25/10 | HPQOEM - 20100625

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: MSI IONA

    Internet Explorer Version: 10.0.9200.16635

    Sun Java version: 1.7.0_25

    Country: Nederland

    Language: NLD

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    2013-07-27 20:59:02 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe

    2013-07-27 20:59:02 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe

    2013-07-27 20:59:02 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe

    2013-07-27 20:59:02 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe

    2013-07-27 20:59:02 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe

    ====== C:\Users\Frans\AppData\Local\Temp ====

    ====== C:\Windows\SysWOW64 =====

    ====== C:\Windows\SysWOW64\drivers =====

    ====== C:\Windows\Sysnative =====

    ====== C:\Windows\Sysnative\drivers =====

    2013-07-27 12:46:07 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\Sysnative\drivers\mbam.sys

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    ======= C:\Program Files (x86) =====

    2013-07-27 12:29:21 ——– d—–w- C:\Program Files (x86)\Common Files\DESIGNER

    2013-07-27 12:29:11 ——– d—–w- C:\Program Files (x86)\Microsoft Visual Studio

    2013-07-20 13:57:17 ——– d—–w- C:\Program Files (x86)\GCTool

    ======= C: =====

    2013-07-27 12:39:20 81DB9144CB960C0822559A563FE9657E 1040 —-a-w- C:\AdwCleaner.txt

    ====== C:\Users\Frans\AppData\Roaming ======

    2013-07-27 21:11:31 ——– d—–w- C:\users\Public\AppData\Local\temp

    2013-07-27 21:11:31 ——– d—–w- C:\users\Default\AppData\Local\temp

    2013-07-27 21:11:31 ——– d—–w- C:\users\Default User\AppData\Local\temp

    2013-07-25 14:38:47 ——– d—–w- C:\users\Frans\AppData\Local\kIvwoQsE

    2013-07-25 14:38:46 ——– d—–w- C:\users\Frans\AppData\Local\sPoYELNv

    2013-07-25 14:38:46 ——– d—–w- C:\users\Frans\AppData\Local\Dirty

    2013-07-20 13:58:27 ——– d—–w- C:\users\Frans\AppData\Local\By_Gpsgek

    ====== C:\Users\Frans ======

    2013-07-27 15:37:47 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Frans\Desktop\RSITx64.exe

    2013-07-27 12:44:44 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Frans\Desktop\mbam-setup-1.75.0.1300.exe

    2013-07-27 12:37:24 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Frans\Desktop\adwcleaner.exe

    2013-07-09 09:03:03 ——– d—–w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    ====== C: exe-files ==

    2013-07-27 20:59:02 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe

    2013-07-27 20:59:02 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe

    2013-07-27 20:59:02 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe

    2013-07-27 20:59:02 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe

    2013-07-27 20:59:02 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe

    2013-07-27 17:59:04 544811AE8A4931EC159B41AC7EDBF6A7 55449536 —-a-w- C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4RPBUE3\BaseCamp_422.exe

    2013-07-27 15:37:47 662C39FC1E27131551D557862CEC47F0 935175 —-a-w- C:\Users\Frans\Desktop\RSITx64.exe

    2013-07-27 12:44:44 683FDD3D773C58B262DC07CD0C6CE938 10285040 —-a-w- C:\Users\Frans\Desktop\mbam-setup-1.75.0.1300.exe

    2013-07-27 12:37:24 4C47469F47FD9F8437B62A86F6E0874F 666633 —-a-w- C:\Users\Frans\Desktop\adwcleaner.exe

    === C: other files ==

    2013-07-27 12:46:07 0BB97D43299910CBFBA59C461B99B910 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys

    2013-07-25 14:53:58 A0DF78E499DECED1D14D1C2EB2F12F33 1368170 —-a-w- C:\ProgramData\AVG2013\IDS\quarantine\070e9776-2b4e-47d3-8958-9128c0647fc5.zip

    ==== Startup Registry Enabled ======================

    “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”

    “hpsysdrv”=“c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe”

    “IAStorIcon”=“C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”

    “StartCCC”=“C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun”

    “Easybits Recovery”=“C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe”

    “RoxWatchTray”=“C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”

    “AVG_UI”=“C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY”

    “SwitchBoard”=“C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”

    “AdobeCS6ServiceManager”=“C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin”

    “SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    “Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”

    ==== Startup Registry Enabled x64 ======================

    “SmartMenu”=“C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background”

    “PC-Doctor for Windows localizer”=“C:\Program Files\PC-Doctor for Windows\localizer.exe”

    “AdobeAAMUpdater-1.0”=“C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”

    “EvtMgr6”=“C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming”

    ==== Startup Registry Disabled ======================

    “HP Software Update”=“C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe”

    “Adobe Reader Speed Launcher”=“\”C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\“”

    “Adobe ARM”=“\”C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

    “SunJavaUpdateSched”=“\”C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\“”

    ==== Startup Folders ======================

    2012-07-12 19:57:37 1997 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk

    2012-07-13 16:22:41 1345 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\HP Photo Creations Messager.job –a——

    C:\Windows\tasks\HPCeeScheduleForFRANS-PC$.job –a—— C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    C:\Windows\tasks\PCDRScheduledMaintenance.job –a—— C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default

    - Logitech - %ProfilePath%\extensions\DeviceDetection@logitech.com

    - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

    AppDir: C:\Program Files (x86)\Mozilla Firefox

    - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\3ejk19s3.default

    0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash

    2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.16

    15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx

    ==== Set IE to Default ======================

    Old Values:

    “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    No DefaultScope Set For HKCU

    New Values:

    “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR”

    {1256452D-B72C-4C17-9DA9-D3762F0E5BF5} AVG Secure Search Url=“https://isearch.avg.com/search?cid={23D001C1-298C-49A5-85B8-2C71BF34FEA3}&mid=0e463870c27f47d097579128c0647fc5-149c76dc139fda7aa54551bedf1b1dbe86d36a1f&lang=nl&ds=AVG&pr=fr&d=2012-10-14”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    {F4B96B51-14B9-4C65-A398-B4E598E277A1} Bing Url=“http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox”

    ==== HijackThis Entries ======================

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

    O4 - HKLM\..\Run: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun

    O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY

    O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe” -launchedbylogin

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\RaUI.exe

    O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

    O9 - Extra ‘Tools’ menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Hitachi Backup Service (HitachiBackupService) - Hitachi GST - C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe

    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe

    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: SessionLauncher - Unknown owner - C:\Users\Frans\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (file missing)

    O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Cache found

    ==== Empty Chrome Cache ======================

    No Chrome User Data found

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\Frans\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on zo 28-07-2013 at 8:36:45,03 ======================

  • fazantje

    Hallo Frans,

    Ik wacht even op Jos H van het hard- en software prikbord, die heb ik ff gevraagd om mee te kijken omdat de logjes er verder goed uit zien en de programma's hun werk hebben gedaan.

    Ik vermoed dan ook dat het probleem (wel door de besmettingen veroorzaakt) software matig is.

    Dus even op Jos wachten en als hij niets vind/ziet, dan gaan we nog een stukje dieper kijken.

    Groetjes Huib;)

  • Jos H

    Hoi Frans .

    Mogelijk deze oorzaak.? http://www.youtube.com/watch?v=Iw6-rkvL6zM

    http://pcsupport.about.com/od/fileextensions/f/encryptedfile.htm

  • fazantje

    Hoi Jos,

    Daar zat ik dus ook aan te denken.

    Groetjes Huib;)

  • Frans54

    Hallo Jos en Huib,

    Ik heb gedaan wat op het filmpje stond alleen krijg ik bij regedit het volgende te zien.

    In plaats van heothxoht regexpant sz

    stond er (standaard) reg_sz en sidebar reg_sz

    Ik heb op de C schijf gekeken maar daar kan ik ook niets vinden.

    Ik heb een print screen gemaakt maar het lukte mij niet om hem mee te sturen.

    Groetjes Frans

  • fazantje

    Hoi Frans,

    Ik ben net thuis van mijn werk.

    De printscreen mag je via mail naar Jos sturen.

    Groetjes Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.