Shamhala

No threaths detected, dus dat heeft niet veel geholpen. Maar we gaan de comp formatteren, ben er helemaal klaar mee. Ontzettend bedankt voor alle hulp.

[ATTACH]33528[/ATTACH] Hierna kon ik niet meer op internet met de tekst: De proxyserver reageert niet. Dus moest systeemherstel doen en nu is alles alweer terug, sry EamClean.log

Je moet je aanmelden meet een gebruikersnaam en een wachtwoord, klopt dat en dan zomaar wat invullen of is het belangrijk dat je deze ook onthoud?

Dat is zo te merken nu weg, maar de linkjes zijn er nog. - - - Updated - - - Sry, wilde daarna doorgeven dat de popups er ook nog zijn toen het probleem met het script ook weer tevoorschijn kwam.

[ATTACH]33519[/ATTACH] Ziet er goed uit, maar dat had ik hiervoor ook ComboFix.txt

Er staat dan : pc-helpforum.be reageert niet vanwege een langlopend script. Door script stoppen aan te klikken kom je dan een klein stukje verder, dan moet je wel tussendoor zo een 15/20 seconden wachten.

Hoi, Reclamelinkjes zijn er nog, geen popups meer gezein, maar scrollen kan vooral op deze site niet, krijg ik de melding van een langlopend script. Dus moet ik meteen op reageren klikken anders moet ik in kleine stukjes naar beneden.

[ATTACH]33435[/ATTACH] AdwCleaner[S0].txt

Het is nog niet weg, de linkjes op woorden naar een shopsite of goksites of wat dan ook zitten zelfs al op jullie site, eigenlijk op bijna alle sites die ik tegenwoordig open, alleen nog niet op startpagina.

[ATTACH]33431[/ATTACH] zoek-results.log

Sry, virus is weer terug. Pos ups, reclame linkjes en niet kunnen scrollen. Misschien vind je nog wat in die log. Grtjs

[ATTACH]33425[/ATTACH] - - - Updated - - - Ziet er tot nu toe nog steeds goed uit moet ik zeggen log.txt

Heb de scan nog een keer gedaan, moest ook kiezen voor enable of disable, en heb voor disable gekozen en hoop dat dat de goede was, maar daarna kon ik weer niet op internet en kreeg de melding: De proxyserver reageert niet, dus weer systeemherstel, maar nu lijkt alles wel weg, maar ik juich nog niet. Heb nu een programma eDealsPop version 1.0 ontdekt die ik niet wegkrijg, is dit erg of maar gewoon laten zitten. Nogmaals ontzettend bedankt voor alle hulp. - - - Updated - - - sry, heb voor enable gekozen, lol, sry

[ATTACH]33407[/ATTACH] Hoop dat ik het goed gedaan heb, want er waren 13 infected files, die heeft het programma gecleared, daarna comp opnieuw opgestart en kon met geen mogelijheid meer op internet komen, dus moest uiteindelijk systeemherstel doen en raad eens? Virus is terug, sry log.txt

[ATTACH]33393[/ATTACH] Heb de adwcleaner gedaan, maar virus is er nog. Ideeën? toch de link: AdwCleaner[S0].txt

Sorry, maar het is alweer terug, zal ik eerst die adwcleaner doen, of weet je nog iets om te proberen?

[ATTACH]33352[/ATTACH] ok, ook gedaan, virus leek eerst terug, lijkt nu weer weg, maar hier de bijlage: - - - Updated - - - Wel alvast ontzettend bedankt voor alle hulp, dit had ik zelf nooit gekund. zoek-results.log

[ATTACH]33337[/ATTACH] zoek-results.txt

Krijg nu ook steeds het bericht: langlopend script, heel lastig. Maar is dit nu goed?

Sorry, hier is het Logfile of random's system information tool 1.10 (written by random/random) Run by Jolanda at 2014-06-26 08:51:14 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 840 GB (89%) free of 943 GB Total RAM: 4023 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:51:31, on 26-6-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Users\Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\8e91ec146fa687b.exe C:\Program Files (x86)\DownBooster\DownBooster.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Jolanda.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl | Jouw startpagina voor weer, verkeer en meer R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:23460 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: 216.239.32.20 google.com O1 - Hosts: 216.239.32.20 google.com www.google.ad O1 - Hosts: 216.239.32.20 google.com www.google.ae O1 - Hosts: 216.239.32.20 google.com www.google.com.af O1 - Hosts: 216.239.32.20 google.com www.google.com.ag O1 - Hosts: 216.239.32.20 google.com www.google.com.ai O1 - Hosts: 216.239.32.20 google.com www.google.al O1 - Hosts: 216.239.32.20 google.com www.google.am O1 - Hosts: 216.239.32.20 google.com www.google.co.ao O1 - Hosts: 216.239.32.20 google.com www.google.com.ar O1 - Hosts: 216.239.32.20 google.com www.google.as O1 - Hosts: 216.239.32.20 google.com www.google.at O1 - Hosts: 216.239.32.20 google.com www.google.com.au O1 - Hosts: 216.239.32.20 google.com www.google.az O1 - Hosts: 216.239.32.20 google.com www.google.ba O1 - Hosts: 216.239.32.20 google.com www.google.com.bd O1 - Hosts: 216.239.32.20 google.com www.google.be O1 - Hosts: 216.239.32.20 google.com www.google.bf O1 - Hosts: 216.239.32.20 google.com www.google.bg O1 - Hosts: 216.239.32.20 google.com www.google.com.bh O1 - Hosts: 216.239.32.20 google.com www.google.bi O1 - Hosts: 216.239.32.20 google.com www.google.bj O1 - Hosts: 216.239.32.20 google.com www.google.com.bn O1 - Hosts: 216.239.32.20 google.com www.google.com.bo O1 - Hosts: 216.239.32.20 google.com www.google.com.br O1 - Hosts: 216.239.32.20 google.com www.google.bs O1 - Hosts: 216.239.32.20 google.com www.google.bt O1 - Hosts: 216.239.32.20 google.com www.google.co.bw O1 - Hosts: 216.239.32.20 google.com www.google.by O1 - Hosts: 216.239.32.20 google.com www.google.com.bz O1 - Hosts: 216.239.32.20 google.com www.google.ca O1 - Hosts: 216.239.32.20 google.com www.google.cd O1 - Hosts: 216.239.32.20 google.com www.google.cf O1 - Hosts: 216.239.32.20 google.com www.google.cg O1 - Hosts: 216.239.32.20 google.com www.google.ch O1 - Hosts: 216.239.32.20 google.com www.google.ci O1 - Hosts: 216.239.32.20 google.com www.google.co.ck O1 - Hosts: 216.239.32.20 google.com www.google.cl O1 - Hosts: 216.239.32.20 google.com www.google.cm O1 - Hosts: 216.239.32.20 google.com www.google.cn O1 - Hosts: 216.239.32.20 google.com www.google.com.co O1 - Hosts: 216.239.32.20 google.com www.google.co.cr O1 - Hosts: 216.239.32.20 google.com www.google.com.cu O1 - Hosts: 216.239.32.20 google.com www.google.cv O1 - Hosts: 216.239.32.20 google.com www.google.com.cy O1 - Hosts: 216.239.32.20 google.com www.google.cz O1 - Hosts: 216.239.32.20 google.com www.google.de O1 - Hosts: 216.239.32.20 google.com www.google.dj O1 - Hosts: 216.239.32.20 google.com www.google.dk O1 - Hosts: 216.239.32.20 google.com www.google.dm O1 - Hosts: 216.239.32.20 google.com www.google.com.do O1 - Hosts: 216.239.32.20 google.com www.google.dz O1 - Hosts: 216.239.32.20 google.com www.google.com.ec O1 - Hosts: 216.239.32.20 google.com www.google.ee O1 - Hosts: 216.239.32.20 google.com www.google.com.eg O1 - Hosts: 216.239.32.20 google.com www.google.es O1 - Hosts: 216.239.32.20 google.com www.google.com.et O1 - Hosts: 216.239.32.20 google.com www.google.fi O1 - Hosts: 216.239.32.20 google.com www.google.com.fj O1 - Hosts: 216.239.32.20 google.com www.google.fm O1 - Hosts: 216.239.32.20 google.com www.google.fr O1 - Hosts: 216.239.32.20 google.com www.google.ga O1 - Hosts: 216.239.32.20 google.com www.google.ge O1 - Hosts: 216.239.32.20 google.com www.google.gg O1 - Hosts: 216.239.32.20 google.com www.google.com.gh O1 - Hosts: 216.239.32.20 google.com www.google.com.gi O1 - Hosts: 216.239.32.20 google.com www.google.gl O1 - Hosts: 216.239.32.20 google.com www.google.gm O1 - Hosts: 216.239.32.20 google.com www.google.gp O1 - Hosts: 216.239.32.20 google.com www.google.gr O1 - Hosts: 216.239.32.20 google.com www.google.com.gt O1 - Hosts: 216.239.32.20 google.com www.google.gy O1 - Hosts: 216.239.32.20 google.com www.google.com.hk O1 - Hosts: 216.239.32.20 google.com www.google.hn O1 - Hosts: 216.239.32.20 google.com www.google.hr O1 - Hosts: 216.239.32.20 google.com www.google.ht O1 - Hosts: 216.239.32.20 google.com www.google.hu O1 - Hosts: 216.239.32.20 google.com www.google.co.id O1 - Hosts: 216.239.32.20 google.com www.google.ie O1 - Hosts: 216.239.32.20 google.com www.google.co.il O1 - Hosts: 216.239.32.20 google.com www.google.im O1 - Hosts: 216.239.32.20 google.com www.google.co.in O1 - Hosts: 216.239.32.20 google.com www.google.iq O1 - Hosts: 216.239.32.20 google.com www.google.is O1 - Hosts: 216.239.32.20 google.com www.google.it O1 - Hosts: 216.239.32.20 google.com www.google.je O1 - Hosts: 216.239.32.20 google.com www.google.com.jm O1 - Hosts: 216.239.32.20 google.com www.google.jo O1 - Hosts: 216.239.32.20 google.com www.google.co.jp O1 - Hosts: 216.239.32.20 google.com www.google.co.ke O1 - Hosts: 216.239.32.20 google.com www.google.com.kh O1 - Hosts: 216.239.32.20 google.com www.google.ki O1 - Hosts: 216.239.32.20 google.com www.google.kg O1 - Hosts: 216.239.32.20 google.com www.google.co.kr O1 - Hosts: 216.239.32.20 google.com www.google.com.kw O1 - Hosts: 216.239.32.20 google.com www.google.kz O1 - Hosts: 216.239.32.20 google.com www.google.la O1 - Hosts: 216.239.32.20 google.com www.google.com.lb O1 - Hosts: 216.239.32.20 google.com www.google.li O1 - Hosts: 216.239.32.20 google.com www.google.lk O1 - Hosts: 216.239.32.20 google.com www.google.co.ls O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jolanda\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Facebook Messenger.lnk = Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jolanda\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing) O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: 242909a264524de.exe - Unknown owner - C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\242909a264524de.exe O23 - Service: 30ebdf09de6824e.exe - Unknown owner - C:\Users\Jolanda\AppData\Local\8a96c2807ddc45c8161e296b6f20db05\30ebdf09de6824e.exe (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Trend Micro Solution Platform (Amsp) - Unknown owner - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing) O23 - Service: MBAMService - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinUpd - Unknown owner - C:\Program Files (x86)\WinUpd\WinUpd.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17902 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService atieclxx C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\242909a264524de.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe" "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2456 "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Users\Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Users\Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe" "C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" "C:\Program Files (x86)\CyberLink\Shared files\brs.exe" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:/Users/Jolanda/AppData/Local/e0241ff46e59c0cd941aaac908f135c2\8e91ec146fa687b.exe "c:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-28faa834-a1c0-461a-b372-1a5d7cd5784b -SystemEventPortName:HostProcess-8ba54b15-e0ee-4347-87fd-550d39b6c6ba -IoCancelEventPortName:HostProcess-9dd47490-d3f5-4ea9-9408-08d476081c94 -NonStateChangingEventPortName:HostProcess-ec90fbc6-88df-4048-8bfb-c552112cce0d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:439d1464-0baa-4c8d-b7e1-f815ef434d2a -DeviceGroupId:WpdFsGroup "C:\Program Files (x86)\WinUpd\WinUpd.exe" "C:\Program Files (x86)\DownBooster\DownBooster.exe" C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pc-helpforum.be/register.php?a=act&u=49443&i=981c481c8e79b3f9cd1797717b45684b5092df1b "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6724 CREDAT:267521 /prefetch:2 "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6724 CREDAT:595326 /prefetch:2 C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe "C:\Users\Jolanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT6S9331\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2222692359-2605595293-2164721788-1000Core.job - C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2222692359-2605595293-2164721788-1000UA.job - C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}] TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-06-26 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}] TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}] TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-30 329712] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}] Rich Media Downloader - C:\Users\Jolanda\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-06-26 194504] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}] TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-30 59376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-06-26 256456] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-06-26 194504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-06-02 7834656] "Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-06-02 1833504] "VizorHtmlDialog.exe"=C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe DEF EULA C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html DEF DEF DEF [] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-19 138096] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 336384] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040] "RemoteControl9"=C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336] "PDVD9LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472] "BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2009-11-19 75048] "NCUpdateHelper"=C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] C:\Users\Jolanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe Facebook Messenger.lnk - C:\Users\Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-06-26 08:51:14 ----D---- C:\rsit 2014-06-26 08:51:14 ----D---- C:\Program Files\trend micro 2014-06-26 08:22:10 ----D---- C:\Program Files (x86)\WinUpd 2014-06-26 08:22:10 ----D---- C:\Program Files (x86)\DownBooster 2014-06-26 08:19:02 ----D---- C:\ProgramData\HitmanPro 2014-06-26 07:50:03 ----D---- C:\Program Files\Google 2014-06-11 20:06:19 ----A---- C:\Windows\SYSWOW64\usp10.dll 2014-06-11 20:06:19 ----A---- C:\Windows\system32\usp10.dll 2014-06-11 20:06:18 ----A---- C:\Windows\system32\drivers\tcpip.sys 2014-06-11 20:06:18 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS 2014-06-11 20:06:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll 2014-06-11 20:06:17 ----A---- C:\Windows\system32\msxml6.dll 2014-06-11 20:06:17 ----A---- C:\Windows\system32\msxml3.dll 2014-06-11 20:06:16 ----A---- C:\Windows\SYSWOW64\msxml6r.dll 2014-06-11 20:06:16 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2014-06-11 20:06:16 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2014-06-11 20:06:16 ----A---- C:\Windows\system32\msxml6r.dll 2014-06-11 20:06:16 ----A---- C:\Windows\system32\msxml3r.dll 2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-06-11 20:06:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-06-11 20:06:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-06-11 20:06:13 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2014-06-11 20:06:13 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 20:06:13 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-06-11 20:06:12 ----A---- C:\Windows\system32\urlmon.dll 2014-06-11 20:06:12 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 20:06:11 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-06-11 20:06:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-06-11 20:06:11 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2014-06-11 20:06:11 ----A---- C:\Windows\system32\msfeeds.dll 2014-06-11 20:06:11 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-06-11 20:06:11 ----A---- C:\Windows\system32\dxtmsft.dll 2014-06-11 20:06:10 ----A---- C:\Windows\system32\iesetup.dll 2014-06-11 20:06:10 ----A---- C:\Windows\system32\iertutil.dll 2014-06-11 20:06:10 ----A---- C:\Windows\system32\ie4uinit.exe 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-06-11 20:06:09 ----A---- C:\Windows\system32\jsproxy.dll 2014-06-11 20:06:09 ----A---- C:\Windows\system32\iernonce.dll 2014-06-11 20:06:08 ----A---- C:\Windows\system32\ieui.dll 2014-06-11 20:06:08 ----A---- C:\Windows\system32\ieframe.dll 2014-06-11 20:06:08 ----A---- C:\Windows\system32\dxtrans.dll 2014-06-11 20:06:07 ----A---- C:\Windows\system32\vbscript.dll 2014-06-11 20:06:07 ----A---- C:\Windows\system32\mshtmlmedia.dll 2014-06-11 20:06:07 ----A---- C:\Windows\system32\mshtmled.dll 2014-06-11 20:06:07 ----A---- C:\Windows\system32\jscript9diag.dll 2014-06-11 20:06:07 ----A---- C:\Windows\system32\jscript9.dll 2014-06-11 20:06:07 ----A---- C:\Windows\system32\ieUnatt.exe 2014-06-11 20:06:06 ----A---- C:\Windows\system32\wininet.dll 2014-06-11 20:06:06 ----A---- C:\Windows\system32\msrating.dll 2014-06-11 20:06:06 ----A---- C:\Windows\system32\ieapfltr.dll 2014-06-11 20:06:05 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 20:06:05 ----A---- C:\Windows\system32\mshtml.dll 2014-06-11 20:05:55 ----A---- C:\Windows\system32\aepdu.dll 2014-06-11 20:05:54 ----A---- C:\Windows\system32\aeinv.dll 2014-06-02 12:45:13 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-01 20:43:38 ----D---- C:\ProgramData\Malwarebytes ======List of files/folders modified in the last 1 month====== 2014-06-26 08:51:14 ----RD---- C:\Program Files 2014-06-26 08:51:05 ----D---- C:\Windows\Temp 2014-06-26 08:31:32 ----D---- C:\Windows\system32\config 2014-06-26 08:22:10 ----RD---- C:\Program Files (x86) 2014-06-26 08:19:02 ----HD---- C:\ProgramData 2014-06-26 08:13:50 ----D---- C:\Windows\system32\Tasks 2014-06-26 07:59:01 ----SHD---- C:\Windows\Installer 2014-06-26 07:52:14 ----D---- C:\Windows\inf 2014-06-26 07:52:10 ----D---- C:\Windows\debug 2014-06-26 07:52:10 ----D---- C:\Windows 2014-06-26 07:50:53 ----D---- C:\Program Files (x86)\Google 2014-06-26 07:50:07 ----D---- C:\ProgramData\Google 2014-06-26 07:49:29 ----D---- C:\Windows\Tasks 2014-06-26 07:49:23 ----D---- C:\Windows\Prefetch 2014-06-26 07:30:38 ----D---- C:\Windows\system32\drivers 2014-06-26 07:14:51 ----D---- C:\Users\Jolanda\AppData\Roaming\Dropbox 2014-06-25 22:50:52 ----SHD---- C:\System Volume Information 2014-06-25 22:38:57 ----D---- C:\Windows\ServiceProfiles 2014-06-25 10:51:40 ----D---- C:\Windows\system32\wfp 2014-06-25 10:51:38 ----D---- C:\Windows\system32\wbem 2014-06-25 10:50:58 ----D---- C:\Windows\system32\NDF 2014-06-25 10:50:58 ----D---- C:\Windows\system32\DriverStore 2014-06-25 10:50:58 ----D---- C:\Windows\system32\catroot2 2014-06-25 10:50:58 ----D---- C:\Windows\System32 2014-06-25 10:50:58 ----D---- C:\Windows\AppCompat 2014-06-25 10:50:58 ----D---- C:\Users\Jolanda\AppData\Roaming\Tibia 2014-06-25 10:50:43 ----D---- C:\Windows\registration 2014-06-16 18:10:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-06-12 10:21:08 ----D---- C:\Windows\rescache 2014-06-12 09:26:53 ----D---- C:\Windows\winsxs 2014-06-12 09:23:22 ----D---- C:\Windows\SysWOW64 2014-06-12 09:23:19 ----D---- C:\Program Files\Internet Explorer 2014-06-12 09:23:18 ----D---- C:\Windows\SYSWOW64\en-US 2014-06-12 09:23:16 ----D---- C:\Windows\system32\en-US 2014-06-12 09:23:16 ----D---- C:\Program Files (x86)\Internet Explorer 2014-06-11 22:46:35 ----D---- C:\Windows\system32\MRT 2014-06-11 22:45:16 ----A---- C:\Windows\system32\MRT.exe 2014-06-11 22:45:07 ----D---- C:\ProgramData\Microsoft Help 2014-06-11 22:43:27 ----SD---- C:\Windows\system32\CompatTel 2014-06-11 20:05:49 ----D---- C:\Windows\system32\catroot 2014-06-01 21:33:51 ----D---- C:\ProgramData\Trymedia 2014-06-01 20:55:49 ----D---- C:\Windows\fr-FR 2014-06-01 20:54:56 ----D---- C:\ProgramData\Windows 2014-05-27 16:55:43 ----D---- C:\Program Files (x86)\Tibia ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2010-09-17 105552] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/31 19:26:11]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 146928] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928] R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2010-09-17 90704] R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2010-09-17 144464] R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-03-09 300544] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-06-02 1766944] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [] R3 RegFltrX64;RegFltrX64; \??\C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\RegFltrX64.sys [2014-05-27 18064] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800] R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496] R4 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [] S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [] S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496] S3 FIXUSTOR;FIXUSTOR; C:\Windows\system32\DRIVERS\fixustor.sys [2007-06-11 14592] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488] S3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 242909a264524de.exe;242909a264524de.exe; C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\242909a264524de.exe [2014-05-27 93696] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-03-09 203776] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760] R2 WinUpd;WinUpd; C:\Program Files (x86)\WinUpd\WinUpd.exe [2014-05-14 59904] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872] S2 30ebdf09de6824e.exe;30ebdf09de6824e.exe; C:\Users\Jolanda\AppData\Local\8a96c2807ddc45c8161e296b6f20db05\30ebdf09de6824e.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26 116648] S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712] S3 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -m=rb -dt=60000 [] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26 116648] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-06-26 194032] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736] S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF----------------- - - - Updated - - - sorry, dat lukt me niet, krijg steeds dit bericht: Fatal error: Maximum execution time of 30 seconds exceeded in /home/pchelpfor/domains/pc-helpforum.be/public_html/includes/functions.php on line 2351

OK, volgens mij gelukt en nu?

Hoe verwijder ik het pirritsuggestor virus. Heb al meerdere dingen geprobeerd maar dat schijnt het alleen maar erger te maken en dan is het evengoed nog niet weg. Na een tijdje (paar weken, dacht nl eerste negeer het gewoon) kon ik zelfs niet meer op internet. dat heb ik weten te herstellen, malwarescan gedaan, pcclean gedaan, maar zoals ik zei schijnt het dat alleen maar erger te maken, dus voordat ik nog iets stoms doe, graag hulp