Hoi Harry,
Om hier achter te kunnen komen is het raadzaam om het stappenplan uit te voeren.
Plaats na het uitvoeren de logjes even.
Mocht na onze beoordeling geen besmetting aanwezig te zijn, dan is het een hard- software probleem.
Groetjes Huib;)
rsit logje
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2014-05-14 20:13:52
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 64 GB (22%) free of 293 GB
Total RAM: 1791 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:23, on 14-5-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NewsLeecher\newsLeecher.exe
C:\Program Files\Nuria\Nuria.exe
C:\Users\Gebruiker\Desktop\ina spelletje,s\Jewel Legends Magical Kingdom\JewelLegendsMK.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Gebruiker\Downloads\RSIT.exe
C:\Program Files\trend micro\Gebruiker.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Nuria\Nuria.exe
O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe
–
End of file - 8879 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
HistoryTriggerBHO Class - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre8\bin\ssv.dll
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
PrintEco - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre8\bin\jp2ssv.dll
“AvastUI.exe”=C:\Program Files\AVAST Software\Avast\AvastUI.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“Nuria”=C:\Program Files\Nuria\Nuria.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Microsoft Office\Office14\BCSSync.exe
C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Internetbeveiliging\fshoster32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableLinkedConnections”=1
“EnableSecureUIAPath”=1
“NoDriveTypeAutoRun”=221
“NoResolveTrack”=1
“NoResolveSearch”=1
“NoInstrumentation”=1
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“msacm.siren”=sirenacm.dll
“vidc.dvsd”=mcdvd_32.dll
“vidc.DIVX”=DivX.dll
“vidc.yv12”=DivX.dll
“msacm.voxacm160”=vct3216.acm
“msacm.scg726”=scg726.acm
“msacm.alf2cd”=alf2cd.acm
“msacm.ac3acm”=AC3ACM.acm
“msacm.lame”=lame.ax
“vidc.mpg4”=mpg4c32.dll
“vidc.mp42”=mpg4c32.dll
“vidc.mp43”=mpg4c32.dll
“vidc.xvid”=xvidvfw.dll
“vidc.VP60”=vp6vfw.dll
“vidc.VP61”=vp6vfw.dll
“vidc.VP62”=vp6vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-05-14 20:13:52 —-D—- C:\rsit
2014-05-14 17:45:35 —-D—- C:\Program Files\Nuria
2014-05-03 15:45:05 —-A—- C:\Windows\system32\mshtml.dll
2014-04-30 05:51:19 —-SD—- C:\Windows\system32\CompatTel
2014-04-30 05:37:54 —-A—- C:\Windows\system32\aepdu.dll
2014-04-30 05:37:53 —-A—- C:\Windows\system32\aeinv.dll
2014-04-26 06:16:00 —-A—- C:\Windows\system32\drivers\aswHwid.sys
2014-04-26 06:15:31 —-A—- C:\Windows\avastSS.scr
2014-04-19 06:26:14 —-D—- C:\Program Files\Common Files\Java
2014-04-19 06:25:51 —-D—- C:\ProgramData\Oracle
2014-04-19 06:25:41 —-A—- C:\Windows\system32\javaws.exe
2014-04-19 06:25:29 —-A—- C:\Windows\system32\javaw.exe
2014-04-19 06:25:28 —-A—- C:\Windows\system32\java.exe
======List of files/folders modified in the last 1 month======
2014-05-14 20:14:10 —-D—- C:\Program Files\Trend Micro
2014-05-14 20:14:00 —-D—- C:\Windows\Temp
2014-05-14 19:29:03 —-SHD—- C:\Windows\Installer
2014-05-14 19:29:02 —-HD—- C:\Config.Msi
2014-05-14 19:25:13 —-D—- C:\Program Files\Common Files\Adobe
2014-05-14 19:23:58 —-D—- C:\Windows\System32
2014-05-14 17:45:35 —-RD—- C:\Program Files
2014-05-14 17:29:33 —-D—- C:\Windows\system32\drivers
2014-05-14 16:50:59 —-D—- C:\Windows
2014-05-14 16:21:48 —-D—- C:\Program Files\Emsisoft Anti-Malware
2014-05-14 07:17:38 —-D—- C:\Windows\system32\config
2014-05-12 20:15:38 —-D—- C:\Users\Gebruiker\AppData\Roaming\QuickScan
2014-05-11 13:25:53 —-SHD—- C:\System Volume Information
2014-05-11 09:01:14 —-D—- C:\Windows\Performance
2014-05-11 07:53:11 —-D—- C:\Users\Gebruiker\AppData\Roaming\Vso
2014-05-11 07:53:11 —-D—- C:\ProgramData\VSO
2014-05-10 06:46:01 —-D—- C:\Program Files\CCleaner
2014-05-07 18:10:13 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2014-05-06 05:18:25 —-D—- C:\Windows\system32\catroot2
2014-05-04 07:15:22 —-D—- C:\Windows\winsxs
2014-05-03 15:45:30 —-D—- C:\Windows\system32\catroot
2014-04-29 20:29:30 —-A—- C:\Windows\system32\PerfStringBackup.INI
2014-04-29 20:29:29 —-D—- C:\Windows\inf
2014-04-27 12:07:45 —-D—- C:\Users\Gebruiker\AppData\Roaming\vlc
2014-04-26 06:34:49 —-D—- C:\Windows\system32\Tasks
2014-04-26 06:15:31 —-A—- C:\Windows\system32\aswBoot.exe
2014-04-19 06:26:14 —-D—- C:\Program Files\Common Files
2014-04-19 06:25:51 —-D—- C:\ProgramData
2014-04-19 06:25:22 —-A—- C:\Windows\system32\WindowsAccessBridge.dll
2014-04-19 06:25:03 —-D—- C:\Program Files\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys
R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
R1 a2injectiondriver;a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
R1 a2util;a-squared Malware-IDS utility driver; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys
R3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
R3 cleanhlp;cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 andnetadb;ADB Interface DriverNet; C:\Windows\System32\Drivers\lgandnetadb.sys
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag.sys
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis.sys
S3 AVFSFilter;AVFSFilter; C:\Windows\system32\drivers\AVFSFilter.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys
S3 Synth3dVsc;Synth3dVsc; C:\Windows\system32\drivers\Synth3dVsc.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys
S3 VGPU;VGPU; C:\Windows\system32\drivers\VGPU.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
R2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 fshoster;F-Secure Dll Hoster; C:\Program Files\Internetbeveiliging\fshoster32.exe
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 WiseBootAssistant;Wise Boot Assistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe
S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
—————–EOF—————–
Hallo,
Download ComboFix van één van de onderstaande locaties naar het bureaublad.
Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ComboFix (ComboFix.exe).
Antivirus software uitschakelen
Antispy & malware software uitschakelen
ComboFix uitvoeren
Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
Klik in het venster bij het ‘Installeren van de Recovery Console’ op "Ok".
Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand in het volgende bericht als bijlage.
* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.
Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
Illegal operation attempted on a registry key that has been marked for deletion.
ComboFix Logbestand plaatsen
Voeg het logbestand met de naam "ComboFix.txt" toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\ComboFix.txt.)
ComboFix 14-05-13.01 - Gebruiker 15-05-2014 16:18:18.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.1791.479
Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gebruiker\AppData\Roaming\Gebruikerlog.dat
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-04-15 to 2014-05-15 ))))))))))))))))))))))))))))))
.
.
2014-05-15 14:40 . 2014-05-15 14:44 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
2014-05-15 14:40 . 2014-05-15 14:40 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-15 14:40 . 2014-05-15 14:40 ——– d—–w- c:\users\Public\AppData\Local\temp
2014-05-15 14:40 . 2014-05-15 14:40 ——– d—–w- c:\users\Default\AppData\Local\temp
2014-05-15 04:09 . 2014-05-06 03:07 2724864 —-a-w- c:\windows\system32\mshtml.tlb
2014-05-15 03:54 . 2014-05-09 07:06 369664 —-a-w- c:\windows\system32\aepdu.dll
2014-05-15 03:54 . 2014-05-09 07:04 302592 —-a-w- c:\windows\system32\aeinv.dll
2014-05-15 03:40 . 2014-04-17 03:32 8050496 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60C6EBD1-2C6B-40E0-BB06-8CDCDFC71BD8}\mpengine.dll
2014-05-14 18:13 . 2014-05-14 18:14 ——– d—–w- C:\rsit
2014-05-14 15:45 . 2014-05-14 15:45 ——– d—–w- c:\program files\Nuria
2014-05-10 09:06 . 2014-05-10 09:06 ——– d—–w- c:\users\Gebruiker\!RnE - 2014.05.10 11.06.03 - hColyvJnb3KV27X
2014-05-08 15:08 . 2014-05-08 15:08 ——– d-sh–w- c:\users\Gebruiker\AppData\Local\EmieUserList
2014-05-08 15:08 . 2014-05-08 15:08 ——– d-sh–w- c:\users\Gebruiker\AppData\Local\EmieSiteList
2014-05-07 16:15 . 2014-05-07 16:36 ——– d—–w- c:\users\Gebruiker\louisia grote keizer
2014-04-30 03:51 . 2014-05-15 05:06 ——– d-s—w- c:\windows\system32\CompatTel
2014-04-26 04:16 . 2014-04-26 04:15 24184 —-a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-26 04:15 . 2014-04-26 04:15 43152 —-a-w- c:\windows\avastSS.scr
2014-04-19 04:26 . 2014-04-19 04:26 ——– d—–w- c:\program files\Common Files\Java
2014-04-19 04:25 . 2014-04-19 04:25 ——– d—–w- c:\programdata\Oracle
2014-04-17 15:14 . 2014-04-17 15:14 ——– d—–w- c:\users\Gebruiker\AppData\Local\assembly
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 13:41 . 2013-06-06 19:22 411680 —-a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 13:41 . 2012-06-08 19:38 777488 —-a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 13:41 . 2013-12-21 10:12 68312 —-a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-07 16:10 . 2012-06-10 09:17 71344 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-07 16:10 . 2012-06-10 09:17 698032 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-26 04:15 . 2013-06-06 19:22 411552 —-a-w- c:\windows\system32\drivers\aswsp.sys.1400161263125
2014-04-26 04:15 . 2013-06-06 19:22 81768 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-26 04:15 . 2013-03-03 15:49 180632 —-a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-26 04:15 . 2013-03-03 15:49 49944 —-a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-26 04:15 . 2012-06-08 19:38 776976 —-a-w- c:\windows\system32\drivers\aswsnx.sys.1400161263125
2014-04-26 04:15 . 2012-06-08 19:38 67824 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-26 04:15 . 2012-06-08 19:37 271264 —-a-w- c:\windows\system32\aswBoot.exe
2014-04-19 04:25 . 2014-01-16 17:19 96680 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-15 00:34 . 2014-04-15 00:34 1070232 —-a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2012-06-08 20:55 231584 ——w- c:\windows\system32\MpSigStub.exe
2014-03-13 20:09 . 2014-03-22 09:05 82920 —-a-w- c:\windows\system32\mslvddsfilter2.ax
2014-03-06 08:31 . 2014-04-11 03:52 4096 —-a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-11 03:52 61952 —-a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-11 03:52 455168 —-a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-11 03:52 51200 —-a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-11 03:52 4254720 —-a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-11 03:52 112128 —-a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-11 03:52 108032 —-a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-11 03:52 592896 —-a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-11 03:52 646144 —-a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-11 03:52 32256 —-a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-11 03:52 1967104 —-a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-11 03:52 1789440 —-a-w- c:\windows\system32\wininet.dll
2012-05-04 07:04 . 2012-05-04 07:04 2174976 —-a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
2014-01-18 06:29 752448 —-a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
2014-03-17 13:15 526624 —-a-w- c:\program files\PrintEco\PrintEco Office\adxloader.dll
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2014-04-26 04:15 260976 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}”
2014-04-25 08:03 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”
2014-04-25 08:03 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”
2014-04-25 08:03 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}”
2014-04-25 08:03 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}”
2014-04-25 08:03 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
@=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}”
2014-04-25 08:03 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“Nuria”=“c:\program files\Nuria\Nuria.exe”
.
“AvastUI.exe”=“c:\program files\AVAST Software\Avast\AvastUI.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
“EnableLinkedConnections”= 1 (0x1)
“EnableSecureUIAPath”= 1 (0x1)
.
“NoResolveTrack”= 1 (0x1)
.
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
.
“aux”=wdmaud.drv
.
@=“”
.
path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
backup=c:\windows\pss\DesktopEarth AutoStart.lnk.Startup
backupExtension=.Startup
.
backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup
backupExtension=.Startup
.
2013-11-21 16:57 959904 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2012-05-30 18:06 59280 —-a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
2012-11-05 14:27 89184 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
2012-11-13 18:13 450560 —-a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
2012-11-30 02:06 1263512 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
2012-11-26 11:49 183864 —-a-w- c:\program files\Internetbeveiliging\fshoster32.exe
.
2012-06-07 17:33 421776 —-a-w- c:\program files\iTunes\iTunesHelper.exe
.
2013-07-22 02:19 337432 —-a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
2014-03-17 23:48 224128 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
2014-01-17 16:59 5625624 —-a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files\Wise\Wise Care 365\BootTime.exe
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys
R3 AVFSFilter;AVFSFilter;
R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys
R3 Synth3dVsc;Synth3dVsc;
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 tsusbhub;tsusbhub;
R3 VGPU;VGPU;
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 aswRvrt;avast! Revert;
S0 aswVmm;avast! VM Monitor;
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys
S2 fshoster;F-Secure Dll Hoster;c:\program files\Internetbeveiliging\fshoster32.exe
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys
S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys
.
.
HPService REG_MULTI_SZ HPSLPSVC
.
2014-05-15 03:53 1077576 —-a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2014-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2014-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2014-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.54.44.54 212.54.40.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
SafeBoot-86671254.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-IMFservice
.
.
.
“ImagePath”=“\”c:\program files\Internetbeveiliging\fshoster32.exe\“ -hosterid:0”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}”=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
“{18DF081C-E8AD-4283-A596-FA578C2EBDC3}”=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
“{9FDDE16B-836F-4806-AB1F-1455CBEFF289}”=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
“{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
“{03EB0E9C-7A91-4381-A220-9B52B641CDB1}”=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8,
07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5
.
@Denied: (2) (LocalSystem)
“Timestamp”=hex:00,bc,03,59,ce,43,ce,01
.
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,e8,26,29,b8,38,52,40,81,8a,26,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,e8,26,29,b8,38,52,40,81,8a,26,\
“027C9CB72E593A8F02C55092F385DBAC99DF56D067”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,d9,22,7c,db,a4,ec,4c,9f,4a,f8,\
.
@Denied: (2) (LocalSystem)
“Progid”=“FotoManager10Deluxe.8.alb”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.HTM”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.HTM”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.MHT”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.MHT”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.PARTIAL”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.SVG”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.URL”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.WEBSITE”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.XHT”
.
@Denied: (2) (LocalSystem)
“Progid”=“IE.AssocFile.XHT”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_95_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_95_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker6”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: ) (Everyone)
“AgentIdentifier”=“”
“AuthorizationCode”=“”
.
“OODEFRAG16.00.00.01PROFESSIONAL”=“B33C77061DD235665BDEF252C073A1BBD39E753B098E8268C35A799335B890C9ECA5A5BCA6B64B793B2EA78EB18264905BE726097F222FCDE991BCD683D52D79A97F8DA77B0C9EA7CEC2DDD0012A3043DA16C23F30A6AAE9861DE343556FBD973BF7C59E33A5D3A4A121AC6A53257B93B4A08550E6D7DA29730BE98640E6395D17CEABAA4D2C9295E05DF266AC7FBE33EF126E605349AA6BB1F88F82BBF31CF7D45B5F8DA81B0895DD23D08179997949B78ABC4A88E00A83639DD7CEA52166093385C3BA0D41643110302CA906FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CFEBC9E127BECC74C41649405FE7F0AFB0E8886169D9CEE2291DF309A5EF50C672546B6F89857FDF2EA16D7124DE4F007C2B8B005C631481495523F118A7411D7EAF4C97B95C548945668020AF46B6FD0AA7F08119A376E2B8202B2889CF9CB3A9D9EAFBC267C2D8207736B83D410B0F60CA65488502E8A8D8408DEA940A603DCED4C68DE8ADB30D3D353E236639393FB04784F5D3156F9C51D0189BDB55A30F3628EE8A596858707E527A8002BF92DC3824726A69A34CB42218F6E354E3D0017D37718F6B3E11D7A3E91F0E0488B44974BE67C9C8092C556B8D9BC2272B7D4BFF01D52E05C1D90F32E3CE5FEEBD2D4A5F431671F687D5EB6628897BA1F7943CF3B9AE7132224B39A5CD1A3225B230D806D01702DECC5447E6C48955BE0749689090E9CE0282B0DFAC3813C38708DD11B72B896EFBB02582D7D4DC1825BDDCA14821A284129A9D686B48034D0176CBAD019BC4B2F98892C230ECB9B52C7B0927BA7E6B7526EDA8092CF8584A1D2DA91DD4874F4D8D7FA8BA86AFC9492EE2A52AE489D6AD25ABCAB540D4B9A83B638D764BBCC6C00E436F167349F162D33CD24810BECD3266092306AB612D5736D2A4069843881D9BDE10E6C5E747A320560D4ABE908FB5509E596546C9F0D12B398B2D505A876C07566C6AC33C110D46CECE6473326E00A6F7F9FF6A0B78924DB2F4A78F51A7EB13070B3FCCED199E984C08FD386807018C66EBB1C19A80714C95E56816206C64F2A71A1182370CE6DFD6F38375BD510EFCF0793ECF0C1376C76D95B07A96E6B5F319F119CF3EFDA009A4E7E357B6B17AA655F7FFC18D63E60701A100202587ECB28F1B58CD9A65C613277347C8483D004F2540F3E50BE3742D85CDFCF704C872384A8784EC16E667B30495E99E7EC7EDB7783850B31D4AC8D649EE932D1D5FE95D042772CED2480561465B6826B74D3370AD0571E24F9215DDCA5834E560754F92A04015570A925A3EFB22B0D2AEB783C50E23299E9910AF39EFAB2AE8173674B44789B5B346543B4ECDA5C748F2B88B808A471019382CD”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Voltooingstijd: 2014-05-15 16:52:07 - machine werd herstart
ComboFix-quarantined-files.txt 2014-05-15 14:52
.
Pre-Run: 70.486.372.352 bytes beschikbaar
Post-Run: 70.275.448.832 bytes beschikbaar
.
- - End Of File - - BF7FE67C1A49C8B72A9A5BF17E656EEF
A36C5E4F47E84449FF07ED3517B43A31
Ja Ben het gaat goed…zie zandloper niet meer
wil je ter controle mijn logje eens bekijken
alvast bedankt en fijn weekend
groet harry
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:17:05, on 16-5-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nuria\Nuria.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Gebruiker\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Nuria\Nuria.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
–
End of file - 7525 bytes
Hallo,
Je had IObit verwijderd toch, doe dan het volgende voor de laatste restanten.
Open Kladblok, (Start > Alle programma’s > Bureau - accessoires > Kladblok) kopieer en plak het volgende (vetgedrukte, blauwe
tekst) in een leeg venster:
sc stop LiveUpdateSvc
sc delete LiveUpdateSvc
Sla dit op op je Bureaublad als service.bat, ( Klik linksboven op Bestand > Opslaan)
Bestandsnaam:“service.bat”
Type: “allebestanden”
Dubbelklik op service.bat om uit te voeren.
Verwijder daarna: C:\Program Files\IObit <– deze map
Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:
Download Delfix by Xplode naar het bureaublad.
Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:
Remove disinfection tools
Purge System Restore
Reset system settings
Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.
Mochten er nog tools of mappen overgebleven zijn dan kan je die zelf verwijderen.
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's